Content Security Policy makes sure that the assets in your web application are trusted. It’s a critical part of security in an internet where a breach can happen seconds after launch.

But does it get complicated really quickly. CSP adds a bunch of overhead to any coding task.

————-

Complex CSP rules are making traditional templating languages infeasible.

————-

We’re Django people, which is why our company is called Django Web Studio. Backend is our core competency: our clients choose us because they have the complex requirements that Django can handle.

Django is full stack but it’s been a while since we’ve used it for interface. For that we use modern frontend frameworks.

But sometimes the built-in templating system makes more sense. It’s just so much easier to use.

Building with Agentic AI speeds up coding big time. But traditional templating systems don’t include CSP support. So, the time you gain using coding agents is washed away fixing security issues.

————-

Using modern frontend frameworks for simple interfaces might feel like overkill, but they handle CSP gracefully.

————-

Modern frameworks like React, Angular, or Vue come with built-in protections: CSP, XSS sanitization, and secure defaults.

But frontend frameworks are huge. Gigabytes. And we’re locked into their ecosystems and their rules.

————-

Frameworks are key to navigating the evermore complex rules and constraints. Building your own is infeasible. But there’s a third path.

————-

The solution could lie in having Agentic AI create global rules based on these frameworks, then write your lo-tech solution using that.

The idea is this:

➡️ Analyse modern frameworks to extract their implicit security rules,

➡️ Generalise these rules into a global policy,

➡️ Apply these rules to low-tech solutions (vanilla JS, Django Templates, static HTML) via Agentic AI, so you get the security benefits without the framework overhead.

How feasible would that be?

I asked My AI.

✅ Rule Extraction: Possible. Modern frameworks are open source.

✅ Rule Generalisation: Possible. Agentic AI can summarise and abstract security rules from framework docs/code.

⚠️ Rule Application: Partial. Agentic AI could generate CSP headers, sanitise inputs, or refactor code to comply with the rules.

⚠️ Low-Tech Integration: Partial. Works for static sites or simple apps, but dynamic legacy apps are tricky.

⚠️ Agentic Workflows: Emerging. Tools like GitHub Copilot, Warp, or custom agents can automate parts of this.

✅ Validation: Possible. Dev tools + Report-Only CSP can catch issues.

————-

Global rules in Agentic AI are quickly becoming the most important part of our workflow. And could become a crucial part of our coding practice.

————-

Rules are at the heart of any enterprise. Read Sun Tzu’s “The Art of War”. In thirteen chapters his rules describe when to fight, when not, and how if you have to.

Traditionally, and with much effort, rules have been encapsulated into the code that powers our applications.

Now, with Agentic AI, we can release the rules from their huge frameworks and use them exactly as we need.