Content-Security-Policy: Refused to execute inline script

I’m trying to implement a Content-Security-Policy.

My HTML File does not include any JavaScript code except for including external js files. But still the console says:

Refused to execute inline script because it violates the following Content Security Policy directive:

So my questions are:

  1. Is including an external JavaScript file like
    seen as an “inline-script” ?

  2. If so, what can I do to allow these scripts via CSP? I already tried to use the nonce within my scripts but it always says:

    Undefined attribute name (nonce)

  3. Do dev tools (e.g. Google Chrome) provide a function to see which inline script procudes the error?