CSP is leaking....

Content Security Policy (CSP) is a great way to restrict client-side activities on most browsers, especially network activities. The maintenance is a bit of a hassle, but there some good tools out there to assist with the task. The problem is that CSP provides a false sense of security. There are several open attack vectors when relaying on CSP and in this short talk, we will discuss some, ways to gain visibility and ideas for mitigation.