Always Disable Content-Security-Policy

Always Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

What is Always Disable Content-Security-Policy?

'Always Disable Content-Security-Policy' is a Chrome extension that disables the current page's Content Security Policy by default, allowing resources from third-party tags. It is primarily used for testing purposes. Users can re-enable CSP headers by clicking on the extension icon. Use it with caution as disabling CSP may increase risk of cross-site scripting.

Download

Extension stats

View on Chrome Web Store

Users: 10,000+

Rating: 3.82 (17)

Version: 1.0.7 (Last updated: 2020-01-10)

Creation date: 2020-01-10

Risk impact: High risk impact

Risk likelihood: Low risk likelihood

Manifest version: 2

Permissions:

webRequest
webRequestBlocking
browsingData
http://*/*
https://*/*

Size: 13.52K

Ranking

# 8840 ▲ 3

Other rankings

#6628 in Developer Tools ▼ 11

#14 in policy keyword 9 ▼ 1

#17 in disable keyword 30

#66 in security keyword 81 ▼ 7

#133 in header keyword 31 ▼ 1

Upgrade to see more rankings

Other platforms

Not available on Firefox

Not available on Edge

Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

This is a fork of Phil Grayson's extension with the only difference being that this one disables the headers by default. Original: https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden Use at your own risk. Disables the current page's Content Security Policy. Useful when testing what resources a new third-party tag includes onto the page.

Click the extension icon to re-enable CSP headers. Click the extension icon again to disable CSP headers.

Use this only as a last resort. Disabling CSP means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep CSP enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

User reviews

These summaries are automatically generated weekly using AI based on recent user reviews. Chrome Web Store does not verify user reviews, so some user reviews may be inaccurate, spammy, or outdated.

Pros

Effective in disabling Content-Security-Policy when it works
Works well with certain projects and platforms like Github and Luigi
Very simple and easy to use

Cons

Does not always function as intended; requires refreshing or manual enabling/disabling
Issues with specific sites, such as f95zone.to, where it fails to disable CSP
Some users report it no longer working or having no effect in disabling CSP

Most mentioned

Works great when functioning properly
Not always reliable or effective
Simple to use and set up

Recent reviews

Does exactly what it says it will do.

DJ Shastri, 2024-09-26

Very effective

hailong hu, 2024-07-30

Only works when I disable then enable and refresh. Doesn't always disable when I want it to. Should be a easy fix. If there was a way to always enable then disable on every refresh it would work as intended.

Jordan Embry, 2024-03-05

View all user reviews

Extension safety

Risk impact

Always Disable Content-Security-Policy requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.