Merlin

Compare Chrome extensions: Disable Content-Security-Policy vs Always Disable Content-Security-Policy

Upgrade to compare more stats
Stats Disable Content-Security-Policy Disable Content-Security-Policy Always Disable Content-Security-Policy Always Disable Content-Security-Policy
User count 60,000+ 10,000+
Average rating 3.65 3.67
Rating count 82 15
Last updated 2020-05-06 2020-01-10
Size 24.09K 13.52K
Version 3.0.0 1.0.7
Short description
Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled. Always Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.
Full summary

Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page.

Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header.

Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

This is a fork of Phil Grayson's extension with the only difference being that this one disables the headers by default. Original: https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden Use at your own risk. Disables the current page's Content Security Policy. Useful when testing what resources a new third-party tag includes onto the page.

Click the extension icon to re-enable CSP headers. Click the extension icon again to disable CSP headers.

Use this only as a last resort. Disabling CSP means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep CSP enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.