Comparison to Content Security Policy

Content Security Policy module is an exact implementation of Mozilla's CSP, while Security Kit has CSP as the one feature among many others. Security Kit also implements:

X-XSS-Protection HTTP header (which is as far as I know not implemented by other modules)

Fix for IE MIME-sniffer HTML-injection issue, which can be exploited with Drupal 6 Upload module

Implementation of HTTP Origin anti-CSRF concept

Several Clickjacking protection methods (via X-Frame-Options HTTP header, via JavaScript + CSS + Noscript

Implementation of HTTP Strict Transport Security (which is implemented in http://drupal.org/sandbox/minorOffense/1089168 but in sandbox)

AFAIK there are few differences between Security Kit implementation of CSP and the one in Content Security Policy module:
1. SecKit do not support policy-uri directive (which is currently seems to useless for me, but maybe I'll add it)
2. Content Security Policy is for D7, while SecKit is for D6 (I plan to make port to D7)

In general, it looks like we were working on this together. Security Kit is planned to be a meta-module and include every new security feature released, while Content Security Policy is focused on CSP only.

In most cases yes.

For example, I plan to add support of X-Content-Type-Options HTTP header (when I get into private filesystem handling) and DNT HTTP header.