Support

Absolutely and categorically not.

Writing an effective set of Content-Security-Policy headers requires deep knowledge of every aspect of your site. You need to know for each and every page of your site and each and every application state which inline script, script file, embedded script in included HTML / SVG / etc, static media files, fonts, IFrames, manifests, embedded objects, prefetch URIs etc are used.

This very nature of CSP makes it impossible to provide reasonable support. Had the client already collected the information we need to support them they wouldn't need us to provide support. Having us collect that information costs two orders of magnitude the net profit of a subscription. We've had software with this kind of loss leader support once (Akeeba Subscriptions); we discontinued it within a few short months after it almost destroyed the company. I am not doing that mistake twice.

What we do is allow you to provide whatever custom .htaccess code you want in the .htaccess Maker. You want to add Content-Security-Policy headers? Go ahead and put them there, but it's up to you to write and maintain them.

If you don't think you can do that yourself you shouldn't be using CSP — manually or automatically generated alike — because by definition you will not understand how it works, how it will break your site and what you will need to do to fix it. This is okay and expected. Writing and maintaining effective CSP requires deep understanding of how your site works and how servers and browsers work, including some arcane details. It's a tool for systems administrators, not end users. It's not even necessary for the vast majority of sites. The sites which need CSP also have the budget for a full time systems administration team which can maintain it.