The frame is served with Content-Security-Policy: script-src 'none', so the extension's injected main-world script cannot run — only the isolated-world XPath fallback applies. The target element (#csp-late-target) is streamed in after 1500ms, so the fallback must keep looking past its first polls. This is the realistic production trigger for the fallback's early-bail behavior.