
You see, if I try to send data out from a site that has a CSP, it can alert the site owner of the failed attempt (if they’ve specified a report-uri). They would eventually track this down to my code and probably call my mother and then I would be in big trouble.