We apologize for the instability of composr.app and appreciate your patience. We are working on the statistics addon and trying to find an optimal way to store and render data. Unfortunately, we have yet to find a solution that can handle the traffic (and therefore, tens of millions of statistical records) of composr.app. We're working hard on one.
#5121 - More granularity for trusted site lists (CSP)
Here is an issue discussing CSP supporting 'inheritance' from default-src, which would also help reduce header length: https://github.com/w3c/webappsec-csp/issues/321
Hopefully it gets implemented.
Hopefully it gets implemented.