How to set CSP (Content-Security-Policy) in .htaccess

Question

If i set the CSP, my Website won't load. I am trying to avoid unsafe-inline/-eval I use the following file structure

• .htaccess
• index.php
• markup.html
• scripts/main.js
• scripts/jquery.js
• styles/style.css
• and some other images and text files for content

I just get a white page, nevertheless if I open the source code in the browser, it is loaded but misses some of it.

<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Content-Type-Options "nosniff"
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
    # Header set Content-Security-Policy "default-src 'self' data:; style-src 'self'; script-src 'self' 'nonce-%{UNIQUE_ID}e' /scripts; frame-src https:;"
    Header set Referrer-Policy "same-origin"
    Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
</IfModule>

I tried in to use different codes in .htaccess like:

Header set Content-Security-Policy "default-src 'self' data:; style-src 'self'; script-src 'self' '/scripts/main.js' '/scripts/jquery.js'; frame-src https:;"

and

Header set Content-Security-Policy "default-src 'self' data:; style-src 'self'; script-src 'self' 'nonce-%{UNIQUE_ID}e' /scripts; frame-src https:;"

for the second code I set in HTML:

<script src="scripts/main.js" nonce="<random-nonce>"></script>    

and in PHP

 $html= file_get_contents("markup.html");
 $html = str_replace("<random-nonce>", $_SERVER['UNIQUE_ID'], $html);
 print $html;

I am trying since 5 hours without success :/ It only works if I comment out the CSP in .htaccess with a #, bit of course then without CSP!