Disable Content-Security-Policy

How to install an extension Open in Chrome Web Store

CRX ID

ieelmcmcagommplceebfedjlakkhpden

Status

Live on Store

Description from extension meta

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Image from store

Description from store

Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page.

Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header.

Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

Latest reviews

Tyler Thomas 2025-05-04: Doesn't work
Ryan Hatfield 2024-11-21: I've been using this one for probably 5 years for work and never had an issue.
Patrick Ledbetter 2024-11-19: Did not work in Chrome. "Refused to frame ______________ because an ancestor violates the following Content Security Policy directive" Works in Edge though..
hailong hu 2024-07-29: Very effective
en1ight 2024-07-29: 29 Jul 2024: its working. For those who messaged its not working: make sure you are using it correctly (you see "blocked:csp" agaist your request in network tab)
Linh Ngọc 2024-07-10: Not working for some telegram web bot
Phat Pham 2024-07-04: it work like a charm
Colin Brown 2024-06-14: Doesn't work
egg 2024-04-11: It works
Jack 2024-03-22: awesome
Kostis Anagnostopoulos 2024-02-27: Don't bother, it didn't work, at least in Brave Version 1.62.156 Chromium: 121.0.6167.139 (Official Build) (64-bit) From DevTools override headers and delete/modify the response CSP to your liking: https://developer.chrome.com/docs/devtools/overrides
Martin Mudaliar 2024-01-31: Worked like a charm!
DEV 2023-11-06: did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
DEV 2023-11-06: did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
Julián Andrés Núñez 2023-07-17: Works fine after refresh
Julián Andrés Núñez 2023-07-17: Works fine after refresh
Alex Kubica 2023-07-04: Works if you hard refresh 😁
SpamBox 2023-06-09: Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
SpamBox 2023-06-09: Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
Kyle Keating 2023-05-31: Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
Kyle Keating 2023-05-31: Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
Brian Coale 2023-05-18: Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
Brian Coale 2023-05-18: Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
RJ Deng 2023-05-06: 非常有用，可以在 Github上运行翻译脚本了
Cees Timmerman 2023-02-14: I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
Cees Timmerman 2023-02-14: I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
Vaibhav Nigam 2022-12-19: It does not work on a website which adds CSP using HTML meta tag.
Horia Cristescu 2022-11-28: There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
Horia Cristescu 2022-11-28: There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
Stefanus Diptya 2022-10-29: works like a charm!
Stefanus Diptya 2022-10-29: works like a charm!
Efecan Yilmaz 2022-09-14: Works good
Efecan Yilmaz 2022-09-14: Works good
PossessWithin 2022-08-20: Works perfectly. Thank you very much!
PossessWithin 2022-08-20: Works perfectly. Thank you very much!
Pontus Frödén 2022-08-09: Don't work
Pontus Frödén 2022-08-09: Don't work
Valdek Ingmar 2022-05-09: It has no effect on the CSP headers when enabled and active for given tab.
Valdek Ingmar 2022-05-09: It has no effect on the CSP headers when enabled and active for given tab.
Logan 2021-12-01: Doesn't work, or no longer works.
Logan 2021-12-01: Doesn't work, or no longer works.
Vladimir Panteleev 2021-08-23: I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
Vladimir Panteleev 2021-08-23: I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
Oskar Mothander 2021-07-06: Doesn't work with latest Chrome
Oskar Mothander 2021-07-06: Doesn't work with latest Chrome
william dutton 2021-06-23: Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
william dutton 2021-06-23: Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
Qingyu Yan 2021-04-14: works very well 非常好用
Ron Moses 2021-04-13: Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.
Ron Moses 2021-04-13: Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.

Extension Actions