I run a website with inline javascript.
I created a security policy so javascript can run inline. Then Pagespeed insights shows this issue:
When I read about CSP nonces and hashes, it means generating a unique value both in the HTTP header (where the policy is defined) and in the HTML.
The thing is, my HTML pages are generated with PHP once then saved as cached HTML files so they load faster on subsequent requests. but if I have to assign unique values to satisfy CSP and google, then I would need to break my cache every time.
How do I go about satisfying google here without destroying the cache?
