Requirements 6.4.3 and 11.6.1 of PCI DSS mandate scripts and HTTP headers to be monitored for changes. A Content Security Policy can only control the sources from where scripts are fetched. It has no view inside the script payload, hence it cannot spot changes that are required to meet PCI DSS demands.
CSP is a great base-layer for client-side security, but it cannot see script contents. Depending on your needs and risk profile, it may or may not be sufficient.
We fundamentally believe every individual and operation should be able to secure themselves, regardless of resources.
Because client-side security monitors an entirely different dimension of the application stack, there is no interference.
cside only adds 8-20 milliseconds (the blink of an eye typically lasts between 100 and 400 milliseconds) of latency to the specific, highly dynamic JavaScript files we proxy.