diff --git a/variants/backend-base/config/initializers/content_security_policy.rb b/variants/backend-base/config/initializers/content_security_policy.rb
index 2d1640a2..360d781b 100644
--- a/variants/backend-base/config/initializers/content_security_policy.rb
+++ b/variants/backend-base/config/initializers/content_security_policy.rb
@@ -124,7 +124,7 @@
     # ###############
 
     # If you are using UJS then enable automatic nonce generation
-    config.content_security_policy_nonce_generator = ->(_request) { SecureRandom.base64(16) }
+    config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
 
     # Set the nonce only to specific directives
     # config.content_security_policy_nonce_directives = %w(script-src)