Item logo image for Disable Content-Security-Policy

Disable Content-Security-Policy

Item media 2 screenshot
Item media 1 screenshot
Item media 2 screenshot
Item media 1 screenshot
Item media 1 screenshot
Item media 2 screenshot

Overview

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page. Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header. Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

3.6 out of 591 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

Ryan HatfieldNov 21, 2024

I've been using this one for probably 5 years for work and never had an issue.

Review's profile picture

Patrick LedbetterNov 19, 2024

Did not work in Chrome. "Refused to frame ______________ because an ancestor violates the following Content Security Policy directive" Works in Edge though..

Review's profile picture

hailong huJul 29, 2024

Very effective

1 person found this review to be helpful

Details

  • Version
    4.0.0
  • Updated
    September 3, 2024
  • Offered by
    Phil Grayson
  • Size
    29.02KiB
  • Languages
    2 languages
  • Developer
    Email
    phil@philgrayson.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data. To learn more, see the developer’s privacy policy.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Support

Related

Allow CORS: Access-Control-Allow-Origin

3.4(279)

Easily add (Access-Control-Allow-Origin: *) rule to the response header.

CSP Evaluator

3.0(29)

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

Allow CSP: Content-Security-Policy

5.0(2)

Easily remove CSP (Content-Security-Policy) rules from the response header.

Requestly - Intercept, Modify & Mock HTTP Requests

4.3(1.2K)

The easiest way to Redirect URLs, Modify HTTP Headers, Mock APIs, Inject custom JS, Modify GraphQL Requests

Always Disable Content-Security-Policy

3.9(18)

Always Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Content Security Policy Override

4.2(9)

Modify the Content Security Policy of web pages.

CORS Unblock

4.2(161)

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

Ignore X-Frame headers

4.4(155)

Drops X-Frame-Options and Content-Security-Policy HTTP response headers, allowing all pages to be iframed.

Content Security Policy (CSP) Generator

4.4(14)

Automatically generate content security policy headers online for any website.

Disable Content Security Policy

4.0(5)

A extension that set csp value empty

Resource Override

4.6(203)

An extension to help you gain full control of any website by redirecting traffic, replacing, editing, or inserting new content.

CSP Unblock

3.5(2)

No more Content-Security-Policy limitations. This extension removes all CSP-related headers during website testing.

Allow CORS: Access-Control-Allow-Origin

3.4(279)

Easily add (Access-Control-Allow-Origin: *) rule to the response header.

CSP Evaluator

3.0(29)

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

Allow CSP: Content-Security-Policy

5.0(2)

Easily remove CSP (Content-Security-Policy) rules from the response header.

Requestly - Intercept, Modify & Mock HTTP Requests

4.3(1.2K)

The easiest way to Redirect URLs, Modify HTTP Headers, Mock APIs, Inject custom JS, Modify GraphQL Requests

Always Disable Content-Security-Policy

3.9(18)

Always Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Content Security Policy Override

4.2(9)

Modify the Content Security Policy of web pages.

CORS Unblock

4.2(161)

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

Ignore X-Frame headers

4.4(155)

Drops X-Frame-Options and Content-Security-Policy HTTP response headers, allowing all pages to be iframed.

Google apps