[heipei]

Yes! I mean, I understand that few websites have the expertise, personnel and incentive to come up with a working CSP and maybe even SRI tags. But then you see these incidents where CC data is exfiltrated from the payment pages of major airlines (British Airways) and all that other MageCart shit and you start to wonder: These pages don't need ads on them, any code that goes out should be reviewed so there would be resources for CSP/SRI, and the economic incentive is somewhat given (bad press). Still nothing happens :/