Disable Content-Security-Policy

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Disable Content-Security-Policy: Testing Tool Chrome Extension

'Disable Content-Security-Policy' is a Chrome Extension providing a tool for web application testing. When activated, it deactivates the Content-Security-Policy header in a selected tab, giving testers the ability to see what resources new third-party tags include on the page. Remember to utilize it cautiously; disabling the Content-Security-Policy can potentially expose you to cross-site scripting. A safer alternative is to use report-uri to record and inspect CSP violations.

Download

Extension stats

By: Phil Grayson

Users: 50,000+

-10,000

Rating: 3.64

(91)

Version: 4.0.0 (Last updated: 2024-09-03)

Creation date: 2020-05-06

Risk impact: Very low risk impact

Risk likelihood:

Moderate risk likelihood

Manifest version: 3

Permissions:

storage
activeTab
browsingData
declarativeNetRequest

Size: 29.72K

Email: ph*****@philgrayson.com

URLs: Privacy policy

Ranking

# 3,972 ▼ 363

Other rankings

#6646 in Developer Tools ▼ 18

#3 in policy keyword 14 ▲ 2

#4 in disable keyword 36 ▲ 1

#15 in security keyword 75 ▲ 3

#102 in header keyword 27 ▼ 1

Upgrade to see more rankings

Other platforms

Disable Bluetooth On Device Ut (v1.20)

3.64

(136) 31,630+

Not available on Firefox

Disable Content-Security-Policy (v3.0.0)

0.00

(0) 2,917+

Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page.

Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header.

Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

User reviews

These summaries are automatically generated weekly using AI based on recent user reviews. Chrome Web Store does not verify user reviews, so some user reviews may be inaccurate, spammy, or outdated.

Pros

Effective for some users
Works in Edge
Can still function after a refresh

Cons

Does not work for some users in Chrome
Specific errors related to Content Security Policy remain
Limited effectiveness as it only works on single sites

Most mentioned

Refused to frame error related to Content Security Policy
Works after refresh
Mixed experience across different browsers

User reviews

I've been using this one for probably 5 years for work and never had an issue.

Ryan Hatfield, 2024-11-21

Did not work in Chrome. "Refused to frame ______________ because an ancestor violates the following Content Security Policy directive" Works in Edge though..