This documentation is not using the current rendering mechanism and is probably outdated. The extension maintainer should switch to the new system. Details on how to use the rendering mechanism can be found here.
You only need to install the extension and include the extension TypoScript template in your site template where you want to use the content security policy header feature.
The extension can be disabled setting the config.csp.enabled constants to 0. This value is 1 by default, so the extension is enabled.