Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes

Netsparker detected that the nonce value declared in CSP is not within single quotes.

When nonce value is not used within single quotes, it will be considered as a part of the resource URL. This will cause relevant script block to not run.

Use nonce values within single quotes, i.e.

Content-Security-Policy: script-src 'nonce-EDNnf03nceIOfn39fn3e9h3sdfa';

• Content Security Policy (CSP) Explained

• Remote Hardware Takeover via Vulnerable Admin Software
• Negative Impact of Incorrect CSP Implementations
• Leverage Browser Security Features to Secure Your Website
• Content Security Policy (CSP) Explained