Netsparker detected that the nonce value declared in CSP is not within single quotes.
When nonce value is not used within single quotes, it will be considered as a part of the resource URL. This will cause relevant script block to not run.
Use nonce values within single quotes, i.e.
Content-Security-Policy: script-src 'nonce-EDNnf03nceIOfn39fn3e9h3sdfa';