When the browser loads a web page and encounters a script with a nonce attribute, it compares the nonce value of the script with the value specified in the CSP.

A nonce is an arbitrary value used to help make the security policy more dynamic. For example, a nonce-based CSP will only enable the execution of scripts with the correct nonce attribute.

Google also announced the release of the CSP Mitigator – a Chrome extension designed to help developers review an application for compatibility with nonce-based CSP. CSP adoption will be in its Patch ...

The second tool Google has now released is the CSP Mitigator, a Chrome extension which helps developers review compatibility applications with nonce-based CSP.

Web-Security: With Content Security Policy against Cross-Site Scripting, Part 2 Extended CSP directives help to protect applications efficiently against cross-site scripting.

The second developer tool CSP Mitigator is a Chrome extension which checks the application’s compatibility with nonce-based security policies.