diff --git a/pkg/api/openapi3.go b/pkg/api/openapi3.go
index a5f3eb483a4..4c0abf44de7 100644
--- a/pkg/api/openapi3.go
+++ b/pkg/api/openapi3.go
@@ -2,10 +2,21 @@ package api
 
 import (
 	"net/http"
+	"strings"
 
 	contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
 )
 
 func openapi3(c *contextmodel.ReqContext) {
-	c.HTML(http.StatusOK, "openapi3", nil)
+	data := map[string]interface{}{
+		"Nonce": c.RequestNonce,
+	}
+
+	// Add CSP for unpkg.com to allow loading of Swagger UI assets
+	if existingCSP := c.Resp.Header().Get("Content-Security-Policy"); existingCSP != "" {
+		newCSP := strings.Replace(existingCSP, "style-src", "style-src https://unpkg.com/", 1)
+		c.Resp.Header().Set("Content-Security-Policy", newCSP)
+	}
+
+	c.HTML(http.StatusOK, "openapi3", data)
 }
diff --git a/pkg/api/swagger.go b/pkg/api/swagger.go
index 667871fbe1b..9bc46c9fec5 100644
--- a/pkg/api/swagger.go
+++ b/pkg/api/swagger.go
@@ -2,10 +2,21 @@ package api
 
 import (
 	"net/http"
+	"strings"
 
 	contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
 )
 
 func swaggerUI(c *contextmodel.ReqContext) {
-	c.HTML(http.StatusOK, "swagger", nil)
+	data := map[string]interface{}{
+		"Nonce": c.RequestNonce,
+	}
+
+	// Add CSP for unpkg.com to allow loading of Swagger UI assets
+	if existingCSP := c.Resp.Header().Get("Content-Security-Policy"); existingCSP != "" {
+		newCSP := strings.Replace(existingCSP, "style-src", "style-src https://unpkg.com/", 1)
+		c.Resp.Header().Set("Content-Security-Policy", newCSP)
+	}
+
+	c.HTML(http.StatusOK, "swagger", data)
 }
diff --git a/public/views/openapi3.html b/public/views/openapi3.html
index 3825608b378..87c1fae1a19 100644
--- a/public/views/openapi3.html
+++ b/public/views/openapi3.html
@@ -33,9 +33,9 @@
   <body>
     <div id="swagger-ui"></div>
 
-    <script src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-bundle.js" charset="UTF-8" integrity="sha384-BGJ5JzR5LEl4ETmxXXlZtXtMWj3uQ9jj9/OHe3yrn5rrtAyLOz1SyyzwMfuwZgPc" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
-    <script src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-standalone-preset.js" charset="UTF-8" integrity="sha384-AWSfISmlS8fS336GXRkpL0Uv6EbCpsFfXDUwmklhbb3SctGSuvXWBcbjERjgf/e4" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
-    <script>
+    <script nonce="[[.Nonce]]" src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-bundle.js" charset="UTF-8" integrity="sha384-BGJ5JzR5LEl4ETmxXXlZtXtMWj3uQ9jj9/OHe3yrn5rrtAyLOz1SyyzwMfuwZgPc" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+    <script nonce="[[.Nonce]]" src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-standalone-preset.js" charset="UTF-8" integrity="sha384-AWSfISmlS8fS336GXRkpL0Uv6EbCpsFfXDUwmklhbb3SctGSuvXWBcbjERjgf/e4" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+    <script nonce="[[.Nonce]]">
     window.onload = function() {
       // Begin Swagger UI call region
       const ui = SwaggerUIBundle({
diff --git a/public/views/swagger.html b/public/views/swagger.html
index 4481f72a4aa..a4ebd4036e3 100644
--- a/public/views/swagger.html
+++ b/public/views/swagger.html
@@ -33,9 +33,9 @@
   <body>
     <div id="swagger-ui"></div>
 
-    <script src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-bundle.js" charset="UTF-8" integrity="sha384-BGJ5JzR5LEl4ETmxXXlZtXtMWj3uQ9jj9/OHe3yrn5rrtAyLOz1SyyzwMfuwZgPc" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
-    <script src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-standalone-preset.js" charset="UTF-8" integrity="sha384-AWSfISmlS8fS336GXRkpL0Uv6EbCpsFfXDUwmklhbb3SctGSuvXWBcbjERjgf/e4" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
-    <script>
+    <script nonce="[[.Nonce]]" src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-bundle.js" charset="UTF-8" integrity="sha384-BGJ5JzR5LEl4ETmxXXlZtXtMWj3uQ9jj9/OHe3yrn5rrtAyLOz1SyyzwMfuwZgPc" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+    <script nonce="[[.Nonce]]" src="https://unpkg.com/swagger-ui-dist@4.3.0/swagger-ui-standalone-preset.js" charset="UTF-8" integrity="sha384-AWSfISmlS8fS336GXRkpL0Uv6EbCpsFfXDUwmklhbb3SctGSuvXWBcbjERjgf/e4" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+    <script nonce="[[.Nonce]]">
     window.onload = function() {
       // Begin Swagger UI call region
       const ui = SwaggerUIBundle({