Yes, that's why we call it a hybrid proxy. We designed cside as a hybrid proxy, meaning you have granular control over which scripts get proxied and which don't. Critical scripts like Stripe, PayPal, Google Pay, or Intercom can be set to bypass our proxy entirely with capture-only mode, while newer or less trusted scripts get the full proxy treatment. This flexibility means you can allow the scripts you trust and proxy the scripts you're most concerned about or have not seen before and expand coverage as you become more comfortable.
CSP is a great base-layer for client-side security, but it cannot see script contents. Depending on your needs and risk profile, it may or may not be sufficient.
PCI DSS requires monitoring scripts for changes. CSP can only control sources, not inspect payloads, so it cannot meet PCI DSS requirements.
We fundamentally believe every individual and operation should be able to secure themselves, regardless of resources.
Because client-side security monitors an entirely different dimension of the application stack, there is no interference.