A nonce is an arbitrary value used to help make the security policy more dynamic. For example, a nonce-based CSP will only enable the execution of scripts with the correct nonce attribute.

Google also announced that it has rolled CSP-related research into its Patch Reward Program, which will reward research that helps open source web frameworks gain compatibility with nonce-based CSP.

The second developer tool CSP Mitigator is a Chrome extension which checks the application’s compatibility with nonce-based security policies.

When the browser loads a web page and encounters a script with a nonce attribute, it compares the nonce value of the script with the value specified in the CSP.

The second tool Google has now released is the CSP Mitigator, a Chrome extension which helps developers review compatibility applications with nonce-based CSP.

Extended CSP directives help to protect applications efficiently against cross-site scripting.

Google also announced the release of the CSP Mitigator – a Chrome extension designed to help developers review an application for compatibility with nonce-based CSP. CSP adoption will be in its Patch ...