Always Disable Content-Security-Policy
Item media 1 screenshot

Overview

Always Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

This is a fork of Phil Grayson's extension with the only difference being that this one disables the headers by default. Original: https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden Use at your own risk. Disables the current page's Content Security Policy. Useful when testing what resources a new third-party tag includes onto the page. Click the extension icon to re-enable CSP headers. Click the extension icon again to disable CSP headers. Use this only as a last resort. Disabling CSP means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep CSP enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

3.7 out of 515 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

Jordan EmbryMar 5, 2024

Only works when I disable then enable and refresh. Doesn't always disable when I want it to. Should be a easy fix. If there was a way to always enable then disable on every refresh it would work as intended.

1 person found this review to be unhelpful
Review's profile picture

V CizekAug 10, 2023

This one works for me, even for using with Luigi project, which loads pages in iframes. Love this extension! Thank you.

Review's profile picture

Nikolay LanetsAug 2, 2023

Works. Thanks!

Details

  • Version
    1.0.7
  • Updated
    January 10, 2020
  • Size
    13.2KiB
  • Languages
    2 languages
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has not provided any information about the collection or usage of your data.

Related

Content Security Policy (CSP) Generator

4.2(11)

Automatically generate content security policy headers online for any website.

Allow CSP: Content-Security-Policy

5.0(1)

Easily remove CSP (Content-Security-Policy) rules from the response header.

CSP Evaluator

3.1(25)

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

Ignore X-Frame headers

4.4(144)

Drops X-Frame-Options and Content-Security-Policy HTTP response headers, allowing all pages to be iframed.

Disable Content-Security-Policy

3.6(82)

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

CORS Unblock

4.2(144)

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

Content Security Policy Override

4.2(9)

Modify the Content Security Policy of web pages.

csp-disable

3.0(2)

CSP DISABLE 프로그램

Allow CORS: Access-Control-Allow-Origin

3.4(259)

Easily add (Access-Control-Allow-Origin: *) rule to the response header.

Disable Content Security Policy

4.2(5)

A extension that set csp value empty

Disable-CSP

0.0(0)

A browser extension to disable http header Content-Security-Policy and html meta Content-Security-Policy

CSP Unblock

5.0(1)

No more Content-Security-Policy limitations. This extension removes all CSP-related headers during website testing.

Content Security Policy (CSP) Generator

4.2(11)

Automatically generate content security policy headers online for any website.

Allow CSP: Content-Security-Policy

5.0(1)

Easily remove CSP (Content-Security-Policy) rules from the response header.

CSP Evaluator

3.1(25)

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

Ignore X-Frame headers

4.4(144)

Drops X-Frame-Options and Content-Security-Policy HTTP response headers, allowing all pages to be iframed.

Disable Content-Security-Policy

3.6(82)

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

CORS Unblock

4.2(144)

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

Content Security Policy Override

4.2(9)

Modify the Content Security Policy of web pages.

csp-disable

3.0(2)

CSP DISABLE 프로그램

Google apps