Disable Content-Security-Policy

ieelmcmcagommplceebfedjlakkhpden

Disable Content-Security-Policy for web application testing. When the icon is coloured, CSP headers are disabled.

Latest reviews

• (2025-05-04) Tyler Thomas: Doesn't work
• (2024-11-21) Ryan Hatfield: I've been using this one for probably 5 years for work and never had an issue.
• (2024-11-19) Patrick Ledbetter: Did not work in Chrome. "Refused to frame ______________ because an ancestor violates the following Content Security Policy directive" Works in Edge though..
• (2024-07-29) hailong hu: Very effective
• (2024-07-29) en1ight: 29 Jul 2024: its working. For those who messaged its not working: make sure you are using it correctly (you see "blocked:csp" agaist your request in network tab)
• (2024-07-10) Linh Ngọc: Not working for some telegram web bot
• (2024-07-04) Phat Pham: it work like a charm
• (2024-06-14) Colin Brown: Doesn't work
• (2024-04-11) egg: It works
• (2024-03-22) Jack: awesome
• (2024-02-27) Kostis Anagnostopoulos: Don't bother, it didn't work, at least in Brave Version 1.62.156 Chromium: 121.0.6167.139 (Official Build) (64-bit) From DevTools override headers and delete/modify the response CSP to your liking: https://developer.chrome.com/docs/devtools/overrides
• (2024-01-31) Martin Mudaliar: Worked like a charm!
• (2023-11-06) DEV: did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
• (2023-11-06) DEV: did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
• (2023-07-17) Julián Andrés Núñez: Works fine after refresh
• (2023-07-17) Julián Andrés Núñez: Works fine after refresh
• (2023-07-04) Alex Kubica: Works if you hard refresh 😁
• (2023-06-09) SpamBox: Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
• (2023-06-09) SpamBox: Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
• (2023-05-31) Kyle Keating: Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
• (2023-05-31) Kyle Keating: Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
• (2023-05-18) Brian Coale: Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
• (2023-05-18) Brian Coale: Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
• (2023-05-06) RJ Deng: 非常有用，可以在 Github上运行翻译脚本了
• (2023-02-14) Cees Timmerman: I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
• (2023-02-14) Cees Timmerman: I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
• (2022-12-19) Vaibhav Nigam: It does not work on a website which adds CSP using HTML meta tag.
• (2022-11-28) Horia Cristescu: There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
• (2022-11-28) Horia Cristescu: There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
• (2022-10-29) Stefanus Diptya: works like a charm!
• (2022-10-29) Stefanus Diptya: works like a charm!
• (2022-09-14) Efecan Yilmaz: Works good
• (2022-09-14) Efecan Yilmaz: Works good
• (2022-08-20) PossessWithin: Works perfectly. Thank you very much!
• (2022-08-20) PossessWithin: Works perfectly. Thank you very much!
• (2022-08-09) Pontus Frödén: Don't work
• (2022-08-09) Pontus Frödén: Don't work
• (2022-05-09) Valdek Ingmar: It has no effect on the CSP headers when enabled and active for given tab.
• (2022-05-09) Valdek Ingmar: It has no effect on the CSP headers when enabled and active for given tab.
• (2021-12-01) Logan: Doesn't work, or no longer works.
• (2021-12-01) Logan: Doesn't work, or no longer works.
• (2021-08-23) Vladimir Panteleev: I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
• (2021-08-23) Vladimir Panteleev: I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
• (2021-07-06) Oskar Mothander: Doesn't work with latest Chrome
• (2021-07-06) Oskar Mothander: Doesn't work with latest Chrome
• (2021-06-23) william dutton: Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
• (2021-06-23) william dutton: Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
• (2021-04-14) Qingyu Yan: works very well 非常好用
• (2021-04-13) Ron Moses: Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.
• (2021-04-13) Ron Moses: Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.