ieelmcmcagommplceebfedjlakkhpden
Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled. Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page. Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header. Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.
Allow CORS: Access-Control-Allow-Origin
Easily add (Access-Control-Allow-Origin: *) rule to the response header. Allow CORS: Access-Control-Allow-Origin lets you easily perform cross-domain Ajax requests in web applications. Simply activate the add-on and perform the request. CORS or Cross-Origin Resource Sharing is blocked in modern browsers by default (in JavaScript APIs). Installing this add-on will allow you to unblock this feature. Please note that, when the add-on is added to your browser, it is inactive by default (toolbar icon is grey C letter). If you want to activate the add-on, please open the toolbar popup and press the toggle button on the left side. The icon will turn to an orange C letter. If you have a feature request or found a bug to report, please fill out the bug report form on the add-on's homepage (https://mybrowseraddon.com/access-control-allow-origin.html).
CSP Evaluator
CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses. CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.
Allow CSP: Content-Security-Policy
Easily remove CSP (Content-Security-Policy) rules from the response header. Allow CSP extension lets you easily remove existing content security policy rules from any webpage (from the response header). This extension is useful for web or mobile app developers or whenever you want to temporarily disable CSP rules. To work with this addon, please open the toolbar popup and then click on the toggle button on the left side to activate the addon. When the addon is installed, the default state is inactive with a grey icon color. Once it is active, the toolbar icon becomes blue. You can add/remove the active tab domain to the whitelist table via the toolbar popup. If you have a feature request or found a bug to report please fill out the bug report form on the addon's homepage (https://mybrowseraddon.com/content-security-policy.html).
ModHeader - Modify HTTP headers
Modify HTTP request headers, response headers, and redirect URLs The most popular Chrome extension to modify headers and monitor page statistics simultaneously. ** What can ModHeader do?** - Add, modify, and remove request and response headers - Use ModHeader to set X-Forwarded-For, Authorization, Access-Control-Allow-Origin, Content-Security-Policy, and your custom headers! - Modify cookies in request / response header - Advanced Content-Security-Policy editor - Redirect URL to another - Enable header modification by URLs - Advanced filtering by tab, tab group, or window ** Why ModHeader ** - ModHeader is fast, efficient, and light-weight. You can quickly enable/disable header modification with just 1-2 clicks. - ModHeader provides you with many convenient features that will help you increase your development velocity with the least amount of frictions. Check out the big list the features below! - ModHeader is free to use, with a paid option to unlock even more features. - ModHeader works on Chrome, Firefox, Edge, and Opera. - ModHeader is used by over 800,000+ users on Chrome Web Store! ** ModHeader features ** - Add comments to header - One-click "undo" if you made a mistake - Support having multiple profiles with quick switching between profiles - Export and import profile - Easily share your profiles with others - Customize autocomplete names and values - Support for dynamic variables - Dark mode support - Sorting headers and name, value, or comments - Append value to existing request or response header - Customizable profile badge - Clone profile - Cloud backup ...and more!!! ** What is new in 4.4.0 ** - Enable ad-supported plan where users can get pro for allowing affiliated ads in extension. Users can opt-out of ads by selecting ... -> Opt out of ads (will revert back to having limited profiles and rules). ** What is new in 4.3.7 ** - Support iso_date and utc_date variable ** What is new in 4.3.6 ** - Suggest when advanced header editor is available - Suggest when a response header is incorrectly entered in request header field and vice versa - Suggest using tab domain filter, tab group filter, window filter, etc. ** What is new in 4.3.5 ** - Revise the add dialog to give more description ** What is new in 4.3.2 ** - Support query parameter as dynamic value - Support matching HTTP methods in request URL filter and exclude request URL filter ** What is new in 4.3.1 ** - Make import with auto-sync available for free - Gather feedbacks on uninstallation ** What is new in 4.3.0 ** - Allow free users access to all mods and filters, but limit number of rules to 10. ** What is new in 4.2.4 ** - Fix a minor bug with time filters ** What is new in 4.2.3 ** - Fix a minor bug with tab domain filters ** What is new in 4.1.0 ** - Update login, logout, and license checking logics ** What is new in 4.0.21 ** - Add support for advanced Content-Security-Policy modification ** What is new in 4.0.20 ** - Fix ModHeader not showing up for new users. - Add {{ip_v4}} dynamic value ** What is new in 4.0.18 ** - Support for simple dynamic value: {{uuid}}, {{url}}, {{url_origin}}, {{url_hostname}}, {{url_path}}, {{existing_value}}, {{timestamp}} ** What is new in 4.0.17 ** - Allow ModHeader to read from managed storage (for enterprise) - Fix CSS not loading correctly ** What is new in 4.0.16 ** - Add regex cookie matching and ability to retain cookie value while modifying its attributes ** What is new in 4.0.15 ** - Add support for Time filter ** What is new in 4.0.14 ** - Dependency upgrades and some minor bug fixes ** What is new in 4.0.12 ** - Support auto-sync profile import: https://docs.modheader.com/profiles/auto-sync-profile - Remove support for dynamic value as Firefox addon policy and Manifest V3 both disallow it. If you need this feature, please email support@modheader.com and we will try to figure out how to support your use-case. ** What is new in 4.0.8 ** - Support reordering profile, headers, and filters. ** What is new in 4.0.0 ** - Support enhanced cookie modification - Replace tab lock with tab filter, along with tab group and window filter - Support autocomplete customization - Dark mode support - Keyboard commands mapping - Give users more controls over share profile URLs - Paid subscription required for some of the newly introduced features. Most existing features should continue to work for free users. "webRequest" and "webRequestBlocking" are required in order for request headers modification to work. Because ModHeader doesn't know ahead of time which website the modification should apply to, it needs to request permissions for all URLs (3). "storage" permission is needed to save settings to the cloud. "contextMenus" is used to enable quick pause/unpause by right-clicking on the icon. "alarm" is used to periodically auto-sync profiles (if auto-sync is setup). ** Automation ** For Selenium WebDriver users, please try: https://github.com/modheader/modheader_selenium
