/Knowledge/sources/honojs__hono/llms-full/secure-headers-middleware-setting-content-security-policy-nonce-attribute--part-02--cfb8e0811cde.md

Secure Headers Middleware: Setting Content-Security-Policy > nonce at...

Secure Headers Middleware: Setting Content Security Policy nonce attribute (part 02) Source evidence: /Sources/honojs hono/provenance.md Canonical citation:...

Secure Headers Middleware: Setting Content-Security-Policy > nonce attribute (part 02)

Source evidence: /Sources/honojs__hono/provenance.md Canonical citation: https://hono.dev/llms-full.txt#nonce-attribute

Summary

```tsx import { secureHeaders, NONCE } from 'hono/secure-headers' import type { SecureHeadersVariables } from 'hono/secure-headers' // Specify the variable types to infer the c.get('secureHeadersNonce'): type Variables = SecureHeadersV...

Content

import { secureHeaders, NONCE } from 'hono/secure-headers'
import type { SecureHeadersVariables } from 'hono/secure-headers'

// Specify the variable types to infer the `c.get('secureHeadersNonce')`:
type Variables = SecureHeadersVariables

const app = new Hono<{ Variables: Variables }>()

// Set the pre-defined nonce value to `scriptSrc`:
app.get(
  '*',
  secureHeaders({
    contentSecurityPolicy: {
      scriptSrc: [NONCE, 'https://allowed1.example.com'],
    },
  })
)

// Get the value from `c.get('secureHeadersNonce')`:
app.get('/', (c) => {
  return c.html(
    <html>
      <body>
        {/** contents */}
        <script
          src='/js/client.js'
          nonce={c.get('secureHeadersNonce')}
        />
      </body>
    </html>
  )
})

Metadata

{
  "chunk_index": 1,
  "citation": "https://hono.dev/llms-full.txt#nonce-attribute",
  "coverage_role": "overview",
  "qualified_title": "Hono / llms-full / Secure Headers Middleware > Setting Content-Security-Policy > `nonce` attribute (2)",
  "retrieved_at": "2026-07-02T05:51:01Z",
  "section_index": 232,
  "source_id": "/honojs/hono",
  "source_type": "llms_full",
  "target_label": "llms-full",
  "title": "Secure Headers Middleware: Setting Content-Security-Policy > nonce attribute (part 02)",
  "upstream_url": "https://hono.dev/llms-full.txt",
  "version": "2026"
}
Kinic Wiki
Loading knowledge node
Details

Identity

database
db_23dhmsxlhukv
database_id
db_23dhmsxlhukv
path
/Knowledge/sources/honojs__hono/llms-full/secure-headers-middleware-setting-content-security-policy-nonce-attribute--part-02--cfb8e0811cde.md
kind
directory
role
markdown_note
children
0

Metadata

created_at
virtual
updated_at
virtual
etag
virtual
metadata_json
{}

Lint Hints

No lightweight warnings.

Outgoing Links

No outgoing links indexed.

Incoming Links

Select a file node to inspect backlinks.

Raw Source

No raw source path inferred.