We fundamentally believe every individual and operation should be able to secure themselves. We understand that not every business has the resources to get the right security measures in place. Therefore, we want to contribute to this belief by offering this base level of security for free.
CSP is a great base-layer for client-side security, but it cannot see script contents. Depending on your needs and risk profile, it may or may not be sufficient.
PCI DSS requires monitoring scripts for changes. CSP can only control sources, not inspect payloads, so it cannot meet PCI DSS requirements.
Because client-side security monitors an entirely different dimension of the application stack, there is no interference.
cside only adds 8-20 milliseconds (the blink of an eye typically lasts between 100 and 400 milliseconds) of latency to the specific, highly dynamic JavaScript files we proxy.