diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs
index 0c71f526a0e..ad95b9b9a94 100644
--- a/components/script/dom/document.rs
+++ b/components/script/dom/document.rs
@@ -4313,9 +4313,7 @@ impl Document {
             },
             Some(csp_list) => {
                 let element = csp::Element {
-                    nonce: el
-                        .get_attribute(&ns!(), &local_name!("nonce"))
-                        .map(|attr| Cow::Owned(attr.value().to_string())),
+                    nonce: el.nonce_attribute_if_nonceable().map(Cow::Owned),
                 };
                 csp_list.should_elements_inline_type_behavior_be_blocked(&element, type_, source)
             },
diff --git a/components/script/dom/element.rs b/components/script/dom/element.rs
index 7770d0c8fa5..5c79dbc0a5b 100644
--- a/components/script/dom/element.rs
+++ b/components/script/dom/element.rs
@@ -125,6 +125,7 @@ use crate::dom::htmllinkelement::HTMLLinkElement;
 use crate::dom::htmlobjectelement::HTMLObjectElement;
 use crate::dom::htmloptgroupelement::HTMLOptGroupElement;
 use crate::dom::htmloutputelement::HTMLOutputElement;
+use crate::dom::htmlscriptelement::HTMLScriptElement;
 use crate::dom::htmlselectelement::HTMLSelectElement;
 use crate::dom::htmlslotelement::{HTMLSlotElement, Slottable};
 use crate::dom::htmlstyleelement::HTMLStyleElement;
@@ -2174,6 +2175,34 @@ impl Element {
         };
     }
 
+    /// <https://www.w3.org/TR/CSP/#is-element-nonceable>
+    pub(crate) fn nonce_attribute_if_nonceable(&self) -> Option<String> {
+        // Step 1: If element does not have an attribute named "nonce", return "Not Nonceable".
+        let nonce_attribute = self.get_attribute(&ns!(), &local_name!("nonce"))?;
+        // Step 2: If element is a script element, then for each attribute of element’s attribute list:
+        if self.downcast::<HTMLScriptElement>().is_some() {
+            for attr in self.attrs().iter() {
+                // Step 2.1: If attribute’s name contains an ASCII case-insensitive match
+                // for "<script" or "<style", return "Not Nonceable".
+                let attr_name = attr.name().to_ascii_lowercase();
+                if attr_name.contains("<script") || attr_name.contains("<style") {
+                    return None;
+                }
+                // Step 2.2: If attribute’s value contains an ASCII case-insensitive match
+                // for "<script" or "<style", return "Not Nonceable".
+                let attr_value = attr.value().to_ascii_lowercase();
+                if attr_value.contains("<script") || attr_value.contains("<style") {
+                    return None;
+                }
+            }
+        }
+        // Step 3: If element had a duplicate-attribute parse error during tokenization, return "Not Nonceable".
+        // TODO(https://github.com/servo/servo/issues/4577 and https://github.com/whatwg/html/issues/3257):
+        // Figure out how to retrieve this information from the parser
+        // Step 4: Return "Nonceable".
+        Some(nonce_attribute.value().to_string().trim().to_owned())
+    }
+
     // https://dom.spec.whatwg.org/#insert-adjacent
     pub(crate) fn insert_adjacent(
         &self,
diff --git a/tests/wpt/meta/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html.ini
deleted file mode 100644
index dc8de328080..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[scriptnonce-basic-blocked.sub.html]
-  [Expecting alerts: ["PASS (closely-quoted nonce)","PASS (nonce w/whitespace)", "violated-directive=script-src-elem", "violated-directive=script-src-elem", "violated-directive=script-src-elem"\]]
-    expected: FAIL