diff --git a/app/Config/ContentSecurityPolicy.php b/app/Config/ContentSecurityPolicy.php
index 0be616301fb9..5500f74a0646 100644
--- a/app/Config/ContentSecurityPolicy.php
+++ b/app/Config/ContentSecurityPolicy.php
@@ -185,4 +185,12 @@ class ContentSecurityPolicy extends BaseConfig
      * @var bool
      */
     public $autoNonce = true;
+    
+    /**
+     * When enabled will add nonce to script, style and headers.
+     *
+     * @var bool
+     */
+    public $nonceEnabled = true;
+    
 }
diff --git a/system/HTTP/ContentSecurityPolicy.php b/system/HTTP/ContentSecurityPolicy.php
index 4f912a8ea011..cb39865ba200 100644
--- a/system/HTTP/ContentSecurityPolicy.php
+++ b/system/HTTP/ContentSecurityPolicy.php
@@ -210,6 +210,13 @@ class ContentSecurityPolicy
      * @var bool
      */
     protected $autoNonce = true;
+    
+    /**
+     * When enabled will add nonce to script, style and headers otherwise nonces will be disabled.
+     *
+     * @var boolean
+     */
+    protected $nonceEnabled = false;
 
     /**
      * An array of header info since we have
@@ -677,7 +684,7 @@ protected function generateNonces(ResponseInterface $response)
         $body = preg_replace_callback($pattern, function ($match) {
             $nonce = $match[0] === $this->styleNonceTag ? $this->getStyleNonce() : $this->getScriptNonce();
 
-            return "nonce=\"{$nonce}\"";
+            return $this->nonceEnabled === false ? "" : "nonce=\"{$nonce}\"";
         }, $body);
 
         $response->setBody($body);
@@ -788,7 +795,11 @@ protected function addToHeader(string $name, $values = null)
             }
 
             if (strpos($value, 'nonce-') === 0) {
-                $value = "'{$value}'";
+                if ($this->nonceEnabled === false) {
+                    $value = str_replace('nonce-', '', $value);
+                } else {
+                    $value = "'{$value}'";
+                }
             }
 
             if ($reportOnly === true) {