Module development and code questions

I am building a custom multi-step form with back/forward buttons. 

When a user clicks 'next' it saves the current steps values in form storage like this:
 

$storage['values'][$this->step] = $form_state->getValues();
$form_state->setStorage($storage);

When the user clicks 'Back', I am pulling the values out of storage and setting them to $form_state->setUserInput(); like this:
 

I am developping a custom module  that sends notifications.

The sending  service is more or less as follows

I am creating a form that uses an ajax modal confirm form. The confirm form is displayed, but pressing the "Confirm" button just disappears the panel, but the submitform() never runs. If I call the confirm form separately without ajax OpenModalDialog, it works, formsubmit() runs. How could this be implemented?

original form delete button:

I have my own form that shows a list of products. It can be scrolled, but I would like a "Load More" button. My problem is that I can't store the current position, because in the ajax callback I can't use the $form_state->set, get functions. How can I increase the position in the ajax callback function called when the "load more" button is pressed?

Hi,

I have developed a Drupal 10 website & it is hosted on xampp & it is not connected with any network. And it is scanned with ZAP Scan application, the result shows content Security Policy, for that i have installed CSP Module and set the CSP Header as Content-Security-Policy "default-src 'self'; script-src 'self' ; style-src 'self'; img-src 'self'; frame-ancestors 'self'; form-action 'self'" in .htaccess file. still the vulnerability is persisting while scanning in ZAP. please help me to resolve this vulnerability.

Hello,