@Teemberland no problems. I've just approved the registration.
Helmet - Express Middleware
Found a nice article on a module I hadn't seen before called Helmet. It's an express middleware that makes adding content security policy to your express app pretty straightforward. Thought I'd put it up here and suggest looking into adding it to the nodebb core.
Yes, we fully intend on utilising this with nodebb, assuming the overhead is minimal.