why - Today CSD (Client Side Defense) mitigates on a per JavaScript/domain combo which means each time a new script or a new domain shows up we have to act to mitigate. It would be more efficient to define an allowed list of domains, domains JS is allowed to egress to and let CSD block everything else only reporting on what it blocked.

who - security engineers would like this feature as it would save them time.

how - allow the CSD function to operate in one of two modes, following an allowed list or a block list.