4/2/2026 at 11:24:45 AM
CSP headers are one of those things that look simple until you actually audit them. The bypass detection is the useful part — I've seen plenty of Laravel apps with a CSP that looks reasonable until you notice it allows unsafe-inline because someone needed a quick fix three years ago and nobody noticed. Does it handle report-uri vs report-to differences? The migration between those two has caught a few teams I've worked with off guard.by thitami
4/4/2026 at 9:31:55 PM
[dead]by Serberus