diff --git a/README.md b/README.md
index ea4a67a..f585ac8 100644
--- a/README.md
+++ b/README.md
@@ -103,10 +103,10 @@ app.use(
 
 ```js
 // Sets the `script-src` directive to
-// "'self' 'nonce-e33ccde670f149c1789b1e1e113b0916'"
+// "'self' 'nonce-e33cc...'"
 // (or similar)
 app.use((req, res, next) => {
-  res.locals.cspNonce = crypto.randomBytes(16).toString("hex");
+  res.locals.cspNonce = crypto.randomBytes(32).toString("hex");
   next();
 });
 app.use(
diff --git a/middlewares/content-security-policy/README.md b/middlewares/content-security-policy/README.md
index b66178c..c1fc215 100644
--- a/middlewares/content-security-policy/README.md
+++ b/middlewares/content-security-policy/README.md
@@ -58,7 +58,7 @@ const crypto = require("crypto");
 const contentSecurityPolicy = require("helmet-csp");
 
 app.use((req, res, next) => {
-  res.locals.nonce = crypto.randomBytes(16).toString("hex");
+  res.locals.nonce = crypto.randomBytes(32).toString("hex");
   next();
 });