With crossorigin="anonymous", a CORS-enabled image can be drawn to <canvas> and read with JavaScript. Without CORS, the canvas becomes tainted.
crossorigin="anonymous"
<canvas>
Lines: 0 | Characters: 0