Tips to build a Content Security Policy (CSP) without breaking your site

I'm wary of #4, involving managing CSP dynamically. It feels like another moving part in an already complex ecosystem, another potential thing that could go wrong. Anyone else doing it the way shown there, unfounded concerns?

Article is sploggy but the topic is worth knowing about. Maybe there is something better out there.