Disable Content-Security-Policy
Extension Actions
- Live on Store
Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.
Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page.
Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header.
Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.
Latest reviews
- Tyler Thomas
- Doesn't work
- Ryan Hatfield
- I've been using this one for probably 5 years for work and never had an issue.
- Patrick Ledbetter
- Did not work in Chrome. "Refused to frame ______________ because an ancestor violates the following Content Security Policy directive" Works in Edge though..
- hailong hu
- Very effective
- en1ight
- 29 Jul 2024: its working. For those who messaged its not working: make sure you are using it correctly (you see "blocked:csp" agaist your request in network tab)
- Linh Ngọc
- Not working for some telegram web bot
- Phat Pham
- it work like a charm
- Colin Brown
- Doesn't work
- egg
- It works
- Jack
- awesome
- Kostis Anagnostopoulos
- Don't bother, it didn't work, at least in Brave Version 1.62.156 Chromium: 121.0.6167.139 (Official Build) (64-bit) From DevTools override headers and delete/modify the response CSP to your liking: https://developer.chrome.com/docs/devtools/overrides
- Martin Mudaliar
- Worked like a charm!
- DEV
- did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
- DEV
- did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
- Julián Andrés Núñez
- Works fine after refresh
- Julián Andrés Núñez
- Works fine after refresh
- Alex Kubica
- Works if you hard refresh 😁
- SpamBox
- Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
- SpamBox
- Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
- Kyle Keating
- Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
- Kyle Keating
- Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
- Brian Coale
- Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
- Brian Coale
- Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
- RJ Deng
- 非常有用,可以在 Github上运行翻译脚本了
- Cees Timmerman
- I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
- Cees Timmerman
- I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
- Vaibhav Nigam
- It does not work on a website which adds CSP using HTML meta tag.
- Horia Cristescu
- There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
- Horia Cristescu
- There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
- Stefanus Diptya
- works like a charm!
- Stefanus Diptya
- works like a charm!
- Efecan Yilmaz
- Works good
- Efecan Yilmaz
- Works good
- PossessWithin
- Works perfectly. Thank you very much!
- PossessWithin
- Works perfectly. Thank you very much!
- Pontus Frödén
- Don't work
- Pontus Frödén
- Don't work
- Valdek Ingmar
- It has no effect on the CSP headers when enabled and active for given tab.
- Valdek Ingmar
- It has no effect on the CSP headers when enabled and active for given tab.
- Logan
- Doesn't work, or no longer works.
- Logan
- Doesn't work, or no longer works.
- Vladimir Panteleev
- I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
- Vladimir Panteleev
- I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
- Oskar Mothander
- Doesn't work with latest Chrome
- Oskar Mothander
- Doesn't work with latest Chrome
- william dutton
- Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
- william dutton
- Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
- Qingyu Yan
- works very well 非常好用
- Ron Moses
- Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.
- Ron Moses
- Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.