Skip to main content
Infrastructure you can verify. Ryzen KVM, NVMe tiers, INR checkout with GST invoices. View plans & pricing

CSP go-live playbook

Pair with inventory: Third-party scripts. Flat file: docs/csp-go-live-playbook.md.

  1. Staging Report-Only — deploy header with widest practical script-src / connect-src; collect violations 7 calendar days minimum.
  2. Triage — tag each violating URL to owner team (marketing, platform, billing deep links).
  3. Narrow allowlists — collapse wildcards host-by-host; document rationale in changelog with security tag.
  4. Canary enforce — enable enforcing CSP on staging only; rerun Playwright critical paths plus manual chat/widget smoke.
  5. Production — ship Report-Only 48h ahead of enforced header; rollback via CDN/server toggle without git revert.
  6. Post-go-live — archive violation dashboards; schedule quarterly recap against new embeds.