extension ExtPose

Disable Content-Security-Policy

CRX id


Description from extension meta

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Image from store Disable Content-Security-Policy
Description from store Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page. Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header. Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

Latest reviews

  • (2021-04-14) Qingyu Yan: works very well 非常好用
  • (2021-04-13) Ron Moses: Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.
  • (2021-04-07) Gabriel Karády: Doesn't work on latest Chromium.
  • (2021-04-07) Adam Takvam: Failed to eliminate CSP policy 'worker-src: none' restriction.
  • (2021-02-17) Google用户: 暂时没有问题
  • (2021-01-14) UnitedWeStand.: Very good!
  • (2021-01-12) Stewart Cossey: This doesn't work in Chrome 87. It may have at somepoint in the past, but not now :-(
  • (2021-01-05) Klemen Nagode: I would like that whitelisting would be enabled! (I only want this for single domain) UPDATE: it stopped working for me in late 2020 :(
  • (2020-09-28) Qi Zhiyu: Solves the problem. It won’t automatically activate which is a plus on security.
  • (2020-09-24) Mohammad Madahian: Saved my life, great for development testing.
  • (2020-07-20) Alvin Gamboa: Doesn't work. I tried this on JIRA Tempo TImesheets and didn't work. CSP from app.tempo.io as still blocked.
  • (2020-01-29) Etienne Rocheleau: Don't know if it's just me, but it seems it stopped working recently... It was working perfectly before.
  • (2019-12-05) Yihong Chen: It doesn't work anymore on Chrome 80.0.3983.2. It shows "Provisional headers are shown" for external network call.
  • (2019-09-25) Mike Hill: Thanks for uploading this! Simple. Does what it says. Registers a webRequest.onHeadersReceived listeners to clear the value of the CSP header. Exactly what I needed for development.
  • (2019-09-24) Rio Aditiyono: Working great for my office web.
  • (2019-06-26) Andrew Shawn: 牛逼!
  • (2019-05-31) Insta Follows: Works! You have to click the button to activate it. I wish it had more options, like turn on, on a tab by tab basis, on a domain by domain basis, or just globally. currently only turns on/off globally, for all domains and tabs.
  • (2019-04-08) Maximilian: Working fine in April/2019. Had issues while logging into an account. It says I have to verify captcha, but didn't show me anything to click on, it was a blank field. So I jumped on google, found this extension, was little worried if it's scam and not doing what it's should do but wow! that's why I wrote this review. Super happy. I installed it, gave it a try. Had to click on its symbol in the plugin toolbar next to the url field. Refreshed the tap and there we go! Super happy, big thanks!
  • (2019-01-21) 布丁: Not work.
  • (2019-01-19) Tan: It works fine for importing custom JS (Custom Javascript for Websites 2 is limited to 10KB script sizes so importing from a local server is often a requirement). Also, YOU NEED TO CLICK ON THE EXTENSION TO ENABLE. It's not on by default and I thought it wasn't working -_-
  • (2018-11-27) Константин Рябинин: не работает
  • (2018-11-07) Ke Vin: Doesn't work at all....
  • (2018-10-23) Ben Steed: Intermittent success when using this extension but was a life saver for enabling me to pull data from a 3rd-party URL via a bookmarklet.
  • (2018-09-27) C2000: Did not find better way to bypass CSP set by HTML publisher in Jenkins.
  • (2018-09-12) frono: fat
  • (2018-09-01) TAO DENGJUN: good job! THX
  • (2018-07-08) Thomas Orlita: Didn't work for me (Cordova)
  • (2018-07-04) 凯李: 太有用了,Diigo终于可以在zhihu这样的网站上面用了,👍
  • (2018-05-09) Ismael Reis: Worked
  • (2017-11-15) Артур Петуховский: it doesn't work
  • (2017-10-06) D. Prisikar: Great plugin, saved my day, using for Rapportive
  • (2017-08-17) Md. Ashifur Rahman: Recently I had a problem with loading information of a plugin and this plugin instantly fixed that problem!
  • (2017-07-26) G W: Useful widget for testing. Would like to see a more in your face icon or a tab specific/whitelist feature, so it's only enabled on localhost or certain tabs. (Leaving it enabled is not a good thing!)
  • (2017-04-27) Luis Rebollo: Useful for a problem with reading robot framework logs in browser.
  • (2016-06-21) Pramod dutta: works for me
  • (2016-01-04) Did what it says - and saved the day for me!
  • (2015-08-24) Daniel Shumway: Does what it says in the title.
  • (2015-07-09) Giuseppe Pagano: Doesn't work on Chrome 43.0.2357.81 (Ubuntu 15.04)

Latest issues

  • (2021-02-04, v:3.0.0) Pratibha Ramteke: how to disable using Java
    I want to disable this plugin at run time. Ho w to do it?
  • (2020-11-05, v:3.0.0) Jody Anthony Roberts: Seems to have stopped working
    Was working fine and just stopped. Maybe an issue with the chrome version updates?
  • (2020-09-02, v:3.0.0) Rudie Dirkx: Doesn't work for f95zone.to
    Works for Github, which definitely has CSP on. Buttt doesn't work for https://f95zone.to/ which must have CSP on, because my bookmarklet doesn't work, and Chrome complains about a very specific f95zone CSP header. Why?
  • (2020-05-26, v:3.0.0) Aswin C: Not working in Canary
    Disable CSP not working in Canary. I use it for my development activities. I think, it might be issue with Canary build. Canary - 85.0.4156.0 Build OS - Max
  • (2020-05-13, v:3.0.0) Gregory Rhoulhac: Does this work for you on versions higher than Chrome 78.x? Specifically, the latest chrome version.
    I have been seeing issues using this with Chrome 81.x and was wondering if you are seeing the same issues?
  • (2020-05-04, v:2.0.0) Yuda Forcepoint: Enable on every new page
    Until recently once I have enable the plugin it was enabled on all pages. In the last few days I have to enable it on every page separately. how to avoid that?


45,443 history
3.8 (58 votes)
Last update / version
2020-05-06 / 3.0.0
Listing languages