Always Disable Content-Security-Policy

Always Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

What is Always Disable Content-Security-Policy?

'Always Disable Content-Security-Policy' is a Chrome extension that disables the current page's Content Security Policy by default, allowing resources from third-party tags. It is primarily used for testing purposes. Users can re-enable CSP headers by clicking on the extension icon. Use it with caution as disabling CSP may increase risk of cross-site scripting.

Download

Stats

By: Unknown

View on Chrome Web Store

Users: 10,000+

Rating: 3.67 (15)

Version: 1.0.7 (Last updated: 2020-01-10)

Creation date: 2020-01-10

Risk impact: High risk impact

Risk likelihood: Low risk likelihood

Manifest version: 2

Permissions:

webRequest
webRequestBlocking
browsingData
http://*/*
https://*/*

Size: 13.52K

Stats date:

Chrome-Stats Rank

# 9448 ▼ 88

Other rankings

#5418 in Developer Tools ▼ 5

#16 in policy keyword 11 ▼ 5

#28 in disable keyword 33 ▲ 5

#70 in security keyword 86 ▼ 5

#127 in header keyword 45

Upgrade to see more rankings

Other platforms

Not available on Firefox

Not available on Edge

Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Summary

Analyze keywords

This is a fork of Phil Grayson's extension with the only difference being that this one disables the headers by default. Original: https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden Use at your own risk. Disables the current page's Content Security Policy. Useful when testing what resources a new third-party tag includes onto the page.

Click the extension icon to re-enable CSP headers. Click the extension icon again to disable CSP headers.

Use this only as a last resort. Disabling CSP means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep CSP enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

User reviews

User reviews summary

These summaries are automatically generated weekly using AI based on recent user reviews. Chrome Web Store does not verify user reviews, so some user reviews may be inaccurate, spammy, or outdated.

Pros

Works for some users as intended
Simple and effective for certain sites
The only plugin that worked for some users

Cons

Does not always disable CSP as intended
Requires disable/enable and refresh to work
Ineffective for certain websites with CSP

Most mentioned

Doesn't always work
Requires toggling or refreshing to function properly
Successfully disables CSP for some sites but not others

Recent reviews

Only works when I disable then enable and refresh. Doesn't always disable when I want it to. Should be a easy fix. If there was a way to always enable then disable on every refresh it would work as intended.

Jordan Embry, 2024-03-05

This one works for me, even for using with Luigi project, which loads pages in iframes. Love this extension! Thank you.

V Cizek, 2023-08-10

Works. Thanks!

Nikolay Lanets, 2023-08-02

View all user reviews

Safety

Risk impact

Always Disable Content-Security-Policy is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this extension. Review carefully before installing. We recommend that you only install Always Disable Content-Security-Policy if you trust the publisher.