What feature do you want to see added?

Related to #23887: It should be possible to entirely remove CSP headers (rather than merely switch to …-Report-Only) if absolutely necessary, to resume operation when there are issues with excessive length from extension contributions.

In some local testing, Jetty fell over after 14.5KB in the Content-Security-Policy header, indicating perhaps a total response header length of 16 KB. That's about 14KB of space for non-core extension content; which should be plenty, but could be not enough in extreme situations (e.g., jenkinsci/customizable-header-plugin#288 in an instance with tons of jobs, all with custom header links and different icons).

Upstream changes

No response

Are you interested in contributing this feature?

No response