CSP is a great base-layer when it comes to client-side security. Depending on your needs, it can provide enough security, but it's not the highest level achievable. A CSP cannot see the contents of the script. Thus, should they turn malicious, you will be susceptible to an attack. If you run a limited level of considered safe scripts, and depending on your internal risk evaluation, a CSP is a great way to start. Especially with free offerings like ours.
PCI DSS requires monitoring scripts for changes. CSP can only control sources, not inspect payloads, so it cannot meet PCI DSS requirements.
We fundamentally believe every individual and operation should be able to secure themselves, regardless of resources.
Because client-side security monitors an entirely different dimension of the application stack, there is no interference.
cside only adds 8-20 milliseconds (the blink of an eye typically lasts between 100 and 400 milliseconds) of latency to the specific, highly dynamic JavaScript files we proxy.