Seeing console errors following the CSP implementation on various sites.

Below is the error message we can see in browser for AXA JS

en/:1 Loading the script 'https://<host>/<url>/scripts/BAExt-<name>.js?agent=browser' violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'strict-dynamic' http: https: 'nonce-<id>'". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked.

set nounce dynamically <script nonce="<nonce_value>">...</script>