<meta http-equiv="Content-Security-Policy" content="default-src 'self'
From your comment:
I think I figured out the problem The CDN files use HTTP protocol while the server is a HTTPS server. The console says: Mixed content: The page was loaded over HTTPS, but requested an insecure stylesheet This request has been blocked; the content must be served over HTTPS.
Then request and whitelist from https:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"/>