diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 8de56d2622a..7be04964336 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -66,9 +66,7 @@ module ApplicationHelper
   end
 
   def csp_nonce_placeholder
-    response.headers[
-      ::Middleware::CspScriptNonceInjector::PLACEHOLDER_HEADER
-    ] ||= "[[csp_nonce_placeholder_#{SecureRandom.hex}]]"
+    ContentSecurityPolicy.nonce_placeholder(response.headers)
   end
 
   def shared_session_key
diff --git a/lib/content_security_policy.rb b/lib/content_security_policy.rb
index 107dc0437df..7f760c3b79d 100644
--- a/lib/content_security_policy.rb
+++ b/lib/content_security_policy.rb
@@ -7,6 +7,12 @@ class ContentSecurityPolicy
     def policy(theme_id = nil, base_url: Discourse.base_url, path_info: "/")
       new.build(theme_id, base_url: base_url, path_info: path_info)
     end
+
+    def nonce_placeholder(response_headers)
+      response_headers[
+        ::Middleware::CspScriptNonceInjector::PLACEHOLDER_HEADER
+      ] ||= "[[csp_nonce_placeholder_#{SecureRandom.hex}]]"
+    end
   end
 
   def build(theme_id, base_url:, path_info: "/")