Developer Tools
Anti-CORS, anti-CSP icon

Anti-CORS, anti-CSP

Enable cross origin requests blocked by CORS or CSP. Disable CORS and CSP in selected hostnames, preserve security of other websites

Users5K
Rating4.3
Reviews14
Manifest versionV3
7-day growth0
7-day growth rate0%
Preview mode

Upgrade to view the full paid extension report

Public basics remain visible. Paid access adds payment clues, related extensions, and more review detail.

7-day previewPayment cluesRelated extensions
Sign in to upgradeOpen paid market overview
Preview

Anti-CORS, anti-CSP Media preview

1 assets
Trend

7-day user preview

Free accounts only see a short preview for paid extensions.

User Growth Over Time

5K5K5K5K5K2026年5月28日2026年5月31日2026年6月3日Latest: 5K
Rating trend

7-day rating preview

The rating curve is shortened in preview mode.

30-day rating change

Start
4.31
Latest
4.29
30-day rating change
-0.02
4.294.294.304.314.312026年5月28日2026年5月31日2026年6月3日Latest: 4.29
2026年5月28日2026年6月3日
Growth overview

Daily, weekly, and monthly growth

Compare 1-day, 7-day, and 30-day net growth and growth rate.

1-day growthFlat
00%
7-day growthFlat
00%
30-day growthFlat
00%
Technical snapshot

Version, languages, and crawl freshness

Review publication date, version, supported languages, and crawl timestamps.

Version0.0.9
ManifestV3
Size42.2KiB
Languages1English
Published
Store updated
Last crawled
English
Overview

Product summary

Review the store description, core capabilities, and common use cases.

The extension enables cross origin requests with fetch() or XMLHttpRequest (XHR) objects that are blocked by CORS policy or violate the document’s Content Security Policy. It is an easiest way to solve CORS errors during development.

Internally the extension bypasses Cross-Origin Resource Sharing (CORS) and Content Security Policy (CSP) by setting permissive Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, Access-Control-Allow-Credentials and Content-Security-Policy response headers.

User guide:

Click the extension icon in the tab with the URL on which you want to enable cross-origin requests. CORS policy gets disabled in all the tabs with the same hostname. The tabs with web pages from other hosts are not affected. Any fetch() or XHR requests will succeed unless they are blocked by CSP. To disable CSP the pages have to be reloaded.

Typical use case:

You develop an enterprise web application whose functionality depends on already existing web services. The production environment has the same hostname as the web services, but the development environment is set up in your office and has a different hostname. The web services do not support the cross-origin requests. Thus, in the development environment HTTP requests to the essential web services are prevented by the CORS mechanism in the browser. You can imagine a solution based on a reverse proxy and the environment-dependent URLs for the REST services, or you can opt for the effortless solution not to do anything more than installing a browser extension.

Reviews

Recent review snapshot

Inspect the latest comments and rating distribution.

Locked

More reviews require paid access

The rating summary remains visible. Paid access includes more synced review text.

Review textRating distributionRecent feedback
Unlock more reviews
Related products

Similar and related extensions

Review related products from the Chrome Web Store detail page.

Locked

Related paid products require paid access

Upgrade to compare similar products and adjacent extensions.

Similar productsAdjacent extensionsComparison
Unlock related products