Is there a way to set a Content-Security-Policy header to say don't run javascript from any URL that has a hostname

Question

Our web application serves pages and pages of javascript files among other things. We are going through a security scanner and it recommended a Content-Security-Policy header, w