Disable-CSP

CSP Evaluator

CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses. CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.

CSP Unblock

No more Content-Security-Policy limitations. This extension removes all CSP-related headers during website testing. This extension removes the following CSP-related response headers to remove limitations caused by CSP. 1. "content-security-policy" header 2. "content-security-policy-report-only" header 3. "x-webkit-csp" and "x-webkit-csp-report-only" headers 4. "x-content-security-policy" and "x-content-security-policy-report-only" headers 5. reporting APIs ("report-to" and "reporting-endpoints") Use Cases: 1. This extension can temporarily remove the limitations of CSP so that the developer can test inline and remote scripts. Also, you can load different cross-origin resources without any limitation. 2. Allow a website to load a remote worker script 3. Allow a website to play remote media Notes: 1. Disable the extension when you are browsing the internet. By removing CSP, the website's protection reduces significantly which might harm you. 2. The extension removes specified CSP-related headers from the top-frame and all sub-frame elements Definitions: "content-security-policy" header: The HTTP Content-Security-Policy response header allows website administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks (Cross-site_scripting). "content-security-policy-report-only" header: The HTTP Content-Security-Policy-Report-Only response header allows web developers to experiment with policies by monitoring (but not enforcing) their effects. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.

V2EX Polish

专为 V2EX 用户设计，提供了丰富的扩展功能。 为原网站添加了众多便捷的功能，让你的 V2EX 页面焕然一新 ！ ―――――― ◉ 扩展功能 🪄 界面美化 UI 设计更现代化，为你带来愉悦的视觉体验。 📥 评论回复嵌套层级 主题下的评论回复支持层级展示，更轻松地跟踪和回复其他用户的评论。 🔥 热门回复展示 自动筛选出最受欢迎的回复，第一时间了解热评。 😀 表情回复支持 评论输入框可以选择表情，让回复更加生动和有趣。 📃 长回复优化 智能折叠长篇回复，一键展开查看完整内容。 📰 内置主题列表 无需打开网页，插件内即可快速获取最热、最新的主题列表和消息通知。 更多实用功能： ⊙ 便捷回复操作：上传图片、预览回复内容、文字转 Base64。 ⊙ 添加用户信息卡片，快捷查看用户信息。 ⊙ 右键菜单扩展：支持解析页面中 Base64 编码内容。 ⊙ 在主题列表中即可预览内容，无需再进入主题页面。 ⊙ 自动领取每日签到奖励。 ⊙ 用户标签设置，快速标记各类用户。 ⊙ 支持备份个人配置，方便跨设备、跨脚本同步配。 ⊙ 支持自动跟随系统切换浅色/深色主题。 ⊙ 支持预加载多页回复，让嵌套回复更完美。 ⊙ “稍后阅读”功能：添加感兴趣的主题，方便日后浏览。 ⊙ 支持水平分区展示主题内容。 ―――――― ◉ 更多信息 ⊙ 代码开源，在 GitHub 中查看：https://github.com/coolpace/V2EX_Polish ⊙ 任何想法、新功能需求？在此反馈：https://github.com/coolpace/V2EX_Polish/discussions/1 ⊙ 浏览我们的主页，发现更多：👉 https://v2p.leoku.dev 👈 ―――――― 喜欢我们的扩展吗？请在应用商店给我们好评！🥰

Allow X-Frame-Options

Easily remove X-Frame-Options from the response header. This extension enables you to remove the x-frame-options from the HTTP response header. To work with this addon, please open the toolbar popup and then click on the toggle button on the left side. Once the addon is turned ON, the browser ignores the x-frame-options for all iframes within websites. To whitelist a domain, please click on the - Add to whitelist - button on the toolbar popup. If you want the addon to work per tab only, please mark the related option from the options page. Please note that, in per-tab mode, the whitelist feature is not working. If you have a feature request or found a bug to report, please fill out the bug report form on the addon's homepage (https://mybrowseraddon.com/allow-x-frame-options.html).