scotthelme.co.uk
Using security features to do bad things
Looking at the benefits of CSP like XSS and mixed-content mitigation, enforcing HTTPS with HSTS and reducing the risk of rogue certificate issuance with HPKP, we’re definitely better off with these things than we are without them.