Hello,
I am glad you are enjoying the plugin and I would be happy to answer your questions.
You are correct in saying that if you leave error collection on each visitor will contribute to the current violations gathering. To add to that we only store new violations so that your violations database will not contain duplicate information. Also, some time in the near future we are planning to release a paid version of the plugin that will automate visiting each page to collect violations.
Having error collection on for a few weeks does sound reasonable for your size site. in the next release we are adding notifications for violations that happen while error collection is off
You are also correct when you say we do not modify the .htaccess file. Your CSP that is generated from SeaSP is loaded directly to the security headers of your website. The CSP is stored in the database and a query is used to send it to your websites security headers. We do it this way because we have found that loading the CSP directly to the security headers is the best more secure implementation.
Blue Triangles main business is website performance and speed so we know how speed impacts revenue. We pride ourselves on being a light weight plugin when it comes to the front end speed of your site.
Thank you for using our plugin and dont hesitate to ask any more questions. If you have time please leave a review either here or on our website seasp.bluetriangle.com
