Disable Content-Security-Policy icon

Disable Content-Security-Policy

Extension Actions

CRX ID
ieelmcmcagommplceebfedjlakkhpden
Status
  • Live on Store
Description from extension meta

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Image from store
Disable Content-Security-Policy
Description from store

Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page.

Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header.

Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

Latest reviews

Tyler Thomas
Doesn't work
Ryan Hatfield
I've been using this one for probably 5 years for work and never had an issue.
Patrick Ledbetter
Did not work in Chrome. "Refused to frame ______________ because an ancestor violates the following Content Security Policy directive" Works in Edge though..
hailong hu
Very effective
en1ight
29 Jul 2024: its working. For those who messaged its not working: make sure you are using it correctly (you see "blocked:csp" agaist your request in network tab)
Linh Ngọc
Not working for some telegram web bot
Phat Pham
it work like a charm
Colin Brown
Doesn't work
egg
It works
Jack
awesome
Kostis Anagnostopoulos
Don't bother, it didn't work, at least in Brave Version 1.62.156 Chromium: 121.0.6167.139 (Official Build) (64-bit) From DevTools override headers and delete/modify the response CSP to your liking: https://developer.chrome.com/docs/devtools/overrides
Martin Mudaliar
Worked like a charm!
DEV
did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
DEV
did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
Julián Andrés Núñez
Works fine after refresh
Julián Andrés Núñez
Works fine after refresh
Alex Kubica
Works if you hard refresh 😁
SpamBox
Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
SpamBox
Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
Kyle Keating
Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
Kyle Keating
Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
Brian Coale
Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
Brian Coale
Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
RJ Deng
非常有用,可以在 Github上运行翻译脚本了
Cees Timmerman
I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
Cees Timmerman
I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
Vaibhav Nigam
It does not work on a website which adds CSP using HTML meta tag.
Horia Cristescu
There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
Horia Cristescu
There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
Stefanus Diptya
works like a charm!
Stefanus Diptya
works like a charm!
Efecan Yilmaz
Works good
Efecan Yilmaz
Works good
PossessWithin
Works perfectly. Thank you very much!
PossessWithin
Works perfectly. Thank you very much!
Pontus Frödén
Don't work
Pontus Frödén
Don't work
Valdek Ingmar
It has no effect on the CSP headers when enabled and active for given tab.
Valdek Ingmar
It has no effect on the CSP headers when enabled and active for given tab.
Logan
Doesn't work, or no longer works.
Logan
Doesn't work, or no longer works.
Vladimir Panteleev
I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
Vladimir Panteleev
I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
Oskar Mothander
Doesn't work with latest Chrome
Oskar Mothander
Doesn't work with latest Chrome
william dutton
Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
william dutton
Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
Qingyu Yan
works very well 非常好用
Ron Moses
Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.
Ron Moses
Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.