Content Security Policy Level 2
CSP Level 2 bring with it the ability the whitelist inline script tags using the `script-src: nonce-<nonce>` directive.
This allows applications that rely on a small set of inline scripts to still reap the xss-fighting benefits of disallowing all other inline scripts and inline event handlers.
CSP 2 landed in Windows Insider Preview build 15002. You can follow the progress at https://developer.microsoft.com/en-us/microsoft-edge/platform/status/contentsecuritypolicylevel2/