Best approach is client fakey. You gain client responsiveness and still maintain server authority.
Client spawns local fired projectile with collision -> RPC’s server to fire. Servers projectile is authority on hits, dmg calc, dmg apply etc. Server replicates to all other clients.
Server hits (auth confirmed) execute blood splatter. This alleviates some of the high ping variance frustration. Players can only really assume a hit if they see blood splatter. Just to be clear you’ll have LP vs HP misses and vice versa with any server auth setup. You can mitigate some of the low ping shot misses using a frame history time buffer, but it’s a very complex process (refer to Rewind Time hit detection).
For projectile lag comp you’ll want to use delta and predict projectile path to sync proxy projectile positions. On all other clients (non firing) you’ll spawn the projectile at the original transform, but maintain Fx/sound on the muzzle…where ever it may be at the given time.
Battlefield 4/1/V (EA/DICE) use this approach.