why - Today CSD only provides the option to "Add Justification". For those scripts that do NOT have a justification it makes sense to have an option to do the opposite, block.

who - Security engineers would use this to mitigate maliciously injected egress scripts or accidental egress of sensitive data via tag analytics.

how - add a second option to the action drop down list on CSD Script List page to allow the user to select "block". When the console propagates this change, the JavaScript inserted into the stream from that point forward could block that specific script. Alternatively, the JS could be re-designed to be in flag vs block mode. Similar to Bot Defense. Application owners can start in flag mode, add justifications to all the known scripts, then switch to block mode such that any scripts still showing in the List are blocked until a Justification is added.