Disable Content-Security-Policy

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

What is Disable Content-Security-Policy?

Disable Content-Security-Policy is a Chrome extension by Phil Grayson. This extension has 58,844 weekly active users, an average user rating of 3.71, and is most similar to Always Disable Content-Security-Policy and Content Security Policy Override. The latest version, 3.0.0, was updated 3 years ago.

Download

Stats

Stats date:

By: Phil Grayson

View on Chrome Web Store

Users: 58,844 ▲ 569

Rating: 3.71 (72)

Version: 3.0.0 (Last updated: 2020-05-06)

Creation date: 2020-05-06

Manifest version: 2

Permissions:

webRequest
webRequestBlocking
browsingData
activeTab

Size: 24.09K

URLs: Website

Risk impact: Moderate risk impact

Risk likelihood: Very low risk likelihood

Found a bug?

Other platforms

Not available on Firefox

Disable Content-Security-Policy (v3.0.0)

0 1,105

ChromeStats Rank

# 3233 ▲ 28

Other rankings

#1 in policy keyword #3 in disable keyword #17 in security keyword ▲ 1 #38 in header keyword ▼ 1 #168 in testing keyword ▼ 1

Summary

Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page.

Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header.

Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked.

https://report-uri.com

 is a free tool that gives you a web interface to inspect CSP violations on your site.

Product summarizer

Ad copy creator

Analyze keywords

Safety

Risk impact

Disable Content-Security-Policy requires some risky permissions and may not be safe to use. Exercise caution when installing this extension. Review carefully before installing.

Risk impact measures the level of extra permissions an extension has access to. A low risk impact extension cannot do much harms, whereas a high risk impact extension can do a lot of damage like stealing your password, bypass your security settings, and access your personal data. High risk impact extensions are not necessarily malicious. However, if they do turn malicious, they can be very harmful.

Risk likelihood

Disable Content-Security-Policy has earned a good reputation and can be trusted.

Risk likelihood measures the probability that a Chrome extension may turn malicious. This is determined by the publisher and the Chrome extension reputation on Chrome Web Store, the amount of time the Chrome extension has been around, and other signals about the Chrome extension. Our algorithms are not perfect, and are subject to change as we discover new ways to detect malicious extensions. We recommend that you always exercise caution when installing a Chrome extension, especially ones with higher risk impact and/or higher risk likelihood.

Subscribe to the premium plan to see more risk analysis details

Screenshots

User reviews

I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.

Cees Timmerman, 2023-02-14

It does not work on a website which adds CSP using HTML meta tag.

Vaibhav Nigam, 2022-12-19

There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.