Disable Content-Security-Policy

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

What is Disable Content-Security-Policy?

'Disable Content-Security-Policy' is a Chrome Extension providing a tool for web application testing. When activated, it deactivates the Content-Security-Policy header in a selected tab, giving testers the ability to see what resources new third-party tags include on the page. Remember to utilize it cautiously; disabling the Content-Security-Policy can potentially expose you to cross-site scripting. A safer alternative is to use report-uri to record and inspect CSP violations.

Download

Extension stats

By: Phil Grayson

View on Chrome Web Store

Users: 60,000+ ▲ 10.00K

Rating: 3.64 (89)

Version: 4.0.0 (Last updated: 2024-09-03)

Creation date: 2020-05-06

Risk impact: Very low risk impact

Risk likelihood: Moderate risk likelihood

Manifest version: 3

Permissions:

storage
activeTab
browsingData
declarativeNetRequest

Size: 29.72K

Email: ph*****@philgrayson.com

URLs: Privacy policy

Ranking

# 3641 ▲ 362

Other rankings

#6555 in Developer Tools ▼ 15

#3 in disable keyword 34 ▲ 1

#6 in policy keyword 10 ▼ 1

#17 in security keyword 83 ▲ 3

#101 in header keyword 25

Upgrade to see more rankings

Other platforms

Not available on Firefox

Disable Content-Security-Policy (v3.0.0)

0.00

(0) 2,928+

Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page.

Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header.

Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

User reviews

These summaries are automatically generated weekly using AI based on recent user reviews. Chrome Web Store does not verify user reviews, so some user reviews may be inaccurate, spammy, or outdated.

Pros

Works effectively for some users
Can help bypass Content Security Policy restrictions
Useful for specific websites or applications

Cons

Doesn't work universally across all websites
Some users receive 'Refused to frame' errors
Inconsistent performance noted, requiring hard refreshes

Most mentioned

Works like a charm for some users
Not working for others
Issues with specific websites or configurations

Recent reviews

Did not work in Chrome. "Refused to frame ______________ because an ancestor violates the following Content Security Policy directive" Works in Edge though..