When implementing a Content Security Policy, you might include the nonce global attribute in your HTML. You can add nonce to the adrum.js script tag, but you cannot add the nonce value to adrum-ext.js. This is because adrum.js loads adrum-ext.js at runtime. If the nonce value is not included in adrum-ext.js, then the browser will ignore that file and it will not execute adrum-ext.js. 

To add nonce to adrum-ext.js, you have two options:

1. (Preferred) Add the nonce value to the adrum.js script tag, and add the config variable elementIdWithNonce, where the value of elementIdWithNonce is the ID of the script element, which holds the nonce element. In the example below, elementIdWithNonce points to the "adrumScript" ID in the adrum.js script, which includes the nonce element.

   <head> <script type='text/javascript' charset='UTF-8'> (function (config) { config.elementIdWithNonce = "adrumScript"; })(window['adrum-config'] || (window['adrum-config'] = {})); </script> <script src='//cdn.appdynamics.com/adrum/adrum-latest.js' nonce="EDNnf03nceIOfn39fn3e9h3sdfa" id="adrumScript" type='text/javascript' charset='UTF-8'></script> ... </head>

2. Add the nonce value to any script tag, and add the config variable elementIdWithNonce, where the value of elementIdWithNonce is the ID of the script element, which holds the nonce element. In the example below, elementIdWithNonce points to the "userScript1" ID in the userscript.js script, which includes the nonce element.

   <head> <script type='text/javascript' charset='UTF-8'> (function (config) { config.elementIdWithNonce = "userScript1"; })(window['adrum-config'] || (window['adrum-config'] = {})); </script> <script src='//cdn.appdynamics.com/adrum/adrum-latest.js' nonce="EDNnf03nceIOfn39fn3e9h3sdfa" id="adrumScript" type='text/javascript' charset='UTF-8'></script> <script src='userscript.js' nonce="EDNnf03nceIOfn39fn3e9h3sdfa" id="userScript1" type='text/javascript' charset='UTF-8'></script> ... </head>