This generates the value that can be put into the identity attribute of external resources.
It will not check for proper CORS headers.
This means you are free to generate the proper tag for any css or js resource.
If the destination doesn't sets a proper CORS header your browser might ignore the crossorigin attribute.