Disable Content-Security-Policy
Item media 2 screenshot
Item media 1 screenshot
Item media 2 screenshot
Item media 1 screenshot
Item media 1 screenshot
Item media 2 screenshot

Overview

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page. Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header. Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

3.6 out of 580 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

Kostis AnagnostopoulosFeb 27, 2024

Don't bother, it didn't work, at least in Brave Version 1.62.156 Chromium: 121.0.6167.139 (Official Build) (64-bit) From DevTools override headers and delete/modify the response CSP to your liking: https://developer.chrome.com/docs/devtools/overrides

1 person found this review to be helpful
Review's profile picture

Martin MudaliarJan 31, 2024

Worked like a charm!

Review's profile picture

DEVNov 6, 2023

did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""

4 out of 4 people found this helpful

Details

  • Version
    3.0.0
  • Updated
    May 6, 2020
  • Offered by
    Phil Grayson
  • Size
    23.53KiB
  • Languages
    2 languages
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has not provided any information about the collection or usage of your data.

Support

Related

Allow CORS: Access-Control-Allow-Origin

3.4(254)

Easily add (Access-Control-Allow-Origin: *) rule to the response header.

CSP Evaluator

3.2(24)

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

Allow CSP: Content-Security-Policy

5.0(1)

Easily remove CSP (Content-Security-Policy) rules from the response header.

Tamper Chrome (extension)

3.3(234)

Allows the user to modify requests as they happen.

Always Disable Content-Security-Policy

3.7(15)

Always Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Content Security Policy Override

4.2(9)

Modify the Content Security Policy of web pages.

CORS Unblock

4.2(138)

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

Ignore X-Frame headers

4.4(143)

Drops X-Frame-Options and Content-Security-Policy HTTP response headers, allowing all pages to be iframed.

Content Security Policy (CSP) Generator

4.2(11)

Automatically generate content security policy headers online for any website.

Cross Domain - CORS

4.1(58)

Cross Domain will help you to deal with cross domain - CORS problem. This is tool helpful when face with cross domain issue.

Requestly - Intercept, Modify & Mock HTTP Requests

4.4(1.1K)

The easiest way to Redirect URLs, Modify HTTP Headers, Mock APIs, Inject custom JS, Modify GraphQL Requests

Resource Override

4.6(193)

An extension to help you gain full control of any website by redirecting traffic, replacing, editing, or inserting new content.

Allow CORS: Access-Control-Allow-Origin

3.4(254)

Easily add (Access-Control-Allow-Origin: *) rule to the response header.

CSP Evaluator

3.2(24)

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

Allow CSP: Content-Security-Policy

5.0(1)

Easily remove CSP (Content-Security-Policy) rules from the response header.

Tamper Chrome (extension)

3.3(234)

Allows the user to modify requests as they happen.

Always Disable Content-Security-Policy

3.7(15)

Always Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Content Security Policy Override

4.2(9)

Modify the Content Security Policy of web pages.

CORS Unblock

4.2(138)

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

Ignore X-Frame headers

4.4(143)

Drops X-Frame-Options and Content-Security-Policy HTTP response headers, allowing all pages to be iframed.

Google apps