Thanks, I managed to get hold of it after realizing this just a manual helper, I used to use secure-header in laravel with bepsvpt/secure-headers. it uses true/false for self / eval / inline, while site list use array
but there were case like upgrade-insecure where its basically just on and off, but here it has a box or several policies where it has no site input and could be replaced with check/dropdown
