Make Umbraco "Nonce-ready" for Content Security Policy headers

[craigs100]

As I'm just going through the pain of retro-fitting a nonce-based Content Security Policy, it occurred to me that it could be a nice selling point for the security credentials of Umbraco if we had the ability to switch on a Nonce generator that could either (or both!) add nonces to script tags that Umbraco generates and have an property of a commonly available method to allow devs (and maybe editors) to add a nonce to a manually coded script tag. It should be possible for any script tags in textareas, RTEs, Grids, etc. to have the nonce added in automatically. It could also generate a bare bones CSP header as well in whatever Umbraco uses as an httpmodule/reponse.filter. Google Lighthouse seems to mark you down if you don't use Nonces or Hashes. I personally think nonces are easier to use but others may disagree. The noncing could be switched on/off in config, probably defaulting to "off".

Anyone else of a similar mind?