They can lead to cross-site scripting vulnerabilities.

They are not supported by all browsers.

They are difficult to maintain.

They increase the website's loading time.

To uniquely identify and whitelist a specific inline script.

To provide a fallback for unsupported browsers.

To improve the script's performance.

To specify the script's execution order.

By using the same ID for all responses.

By using a secure random ID that changes with each response.

By using a timestamp.

By using a hardcoded value.

Using a script tag.

Using a script URL.

Using a script ID.

Using a script hash.

The script tag must be removed.

The nonce must be updated.

The hash must be regenerated.

Nothing, the hash remains the same.

By using a third-party tool.

By manually calculating the hash.

By running the script with the content security policy header set.

By inspecting the script tag in the HTML.

To disable content security policy.

To report violations without enforcing restrictions.

To allow all scripts by default.

To enforce restrictions immediately.