Always Disable Content-Security-Policy
Item media 1 screenshot


Always Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

This is a fork of Phil Grayson's extension with the only difference being that this one disables the headers by default. Original: Use at your own risk. Disables the current page's Content Security Policy. Useful when testing what resources a new third-party tag includes onto the page. Click the extension icon to re-enable CSP headers. Click the extension icon again to disable CSP headers. Use this only as a last resort. Disabling CSP means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep CSP enabled in your browser but still know what got blocked. is a free tool that gives you a web interface to inspect CSP violations on your site.

3.7 out of 515 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

Jordan EmbryMar 5, 2024

Only works when I disable then enable and refresh. Doesn't always disable when I want it to. Should be a easy fix. If there was a way to always enable then disable on every refresh it would work as intended.

1 person found this review to be unhelpful
Review's profile picture

V CizekAug 10, 2023

This one works for me, even for using with Luigi project, which loads pages in iframes. Love this extension! Thank you.

Review's profile picture

Nikolay LanetsAug 2, 2023

Works. Thanks!


  • Version
  • Updated
    January 10, 2020
  • Size
  • Languages
    2 languages
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.


The developer has not provided any information about the collection or usage of your data.
Google apps