Disable Content-Security-Policy

Download / Install How to install an extension

CRX id

ieelmcmcagommplceebfedjlakkhpden

Description from extension meta

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Image from store Disable Content-Security-Policy

Description from store Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page. Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header. Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

Latest reviews

(2025-05-04) Tyler Thomas: Doesn't work
(2024-11-21) Ryan Hatfield: I've been using this one for probably 5 years for work and never had an issue.
(2024-11-19) Patrick Ledbetter: Did not work in Chrome. "Refused to frame ______________ because an ancestor violates the following Content Security Policy directive" Works in Edge though..
(2024-07-29) hailong hu: Very effective
(2024-07-29) en1ight: 29 Jul 2024: its working. For those who messaged its not working: make sure you are using it correctly (you see "blocked:csp" agaist your request in network tab)
(2024-07-10) Linh Ngọc: Not working for some telegram web bot
(2024-07-04) Phat Pham: it work like a charm
(2024-06-14) Colin Brown: Doesn't work
(2024-04-11) egg: It works
(2024-03-22) Jack: awesome
(2024-02-27) Kostis Anagnostopoulos: Don't bother, it didn't work, at least in Brave Version 1.62.156 Chromium: 121.0.6167.139 (Official Build) (64-bit) From DevTools override headers and delete/modify the response CSP to your liking: https://developer.chrome.com/docs/devtools/overrides
(2024-01-31) Martin Mudaliar: Worked like a charm!
(2023-11-06) DEV: did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
(2023-11-06) DEV: did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
(2023-07-17) Julián Andrés Núñez: Works fine after refresh
(2023-07-17) Julián Andrés Núñez: Works fine after refresh
(2023-07-04) Alex Kubica: Works if you hard refresh 😁
(2023-06-09) SpamBox: Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
(2023-06-09) SpamBox: Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
(2023-05-31) Kyle Keating: Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
(2023-05-31) Kyle Keating: Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
(2023-05-18) Brian Coale: Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
(2023-05-18) Brian Coale: Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
(2023-05-06) RJ Deng: 非常有用，可以在 Github上运行翻译脚本了
(2023-02-14) Cees Timmerman: I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
(2023-02-14) Cees Timmerman: I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
(2022-12-19) Vaibhav Nigam: It does not work on a website which adds CSP using HTML meta tag.
(2022-11-28) Horia Cristescu: There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
(2022-11-28) Horia Cristescu: There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
(2022-10-29) Stefanus Diptya: works like a charm!
(2022-10-29) Stefanus Diptya: works like a charm!
(2022-09-14) Efecan Yilmaz: Works good
(2022-09-14) Efecan Yilmaz: Works good
(2022-08-20) PossessWithin: Works perfectly. Thank you very much!
(2022-08-20) PossessWithin: Works perfectly. Thank you very much!
(2022-08-09) Pontus Frödén: Don't work
(2022-08-09) Pontus Frödén: Don't work
(2022-05-09) Valdek Ingmar: It has no effect on the CSP headers when enabled and active for given tab.
(2022-05-09) Valdek Ingmar: It has no effect on the CSP headers when enabled and active for given tab.
(2021-12-01) Logan: Doesn't work, or no longer works.
(2021-12-01) Logan: Doesn't work, or no longer works.
(2021-08-23) Vladimir Panteleev: I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
(2021-08-23) Vladimir Panteleev: I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
(2021-07-06) Oskar Mothander: Doesn't work with latest Chrome
(2021-07-06) Oskar Mothander: Doesn't work with latest Chrome
(2021-06-23) william dutton: Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
(2021-06-23) william dutton: Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
(2021-04-14) Qingyu Yan: works very well 非常好用
(2021-04-13) Ron Moses: Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.
(2021-04-13) Ron Moses: Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.

Statistics

Installs

60,000

Links

Extension in store

Developer e-mail