How I Gave CloudFront a Content-Security-Policy Without Blanking My Own Site
A strict Content-Security-Policy on a static site allowlists inline scripts by hash. Change one script, forget to update the hash, and every page renders blank. The incident that taught me, and the deploy guard that ends it.