Merlin
CSP for Me

CSP for Me

Adds/Removes directive or directive-value to/from the existing CSP(content-security-policy) header in HTTP response. Works on Android as well as on PC. HTTPレスポンスの既存のCSPヘッダにディレクティブあるいはディレクティブ値を追加/削除する拡張機能。Androidでも機能します

CSP for Me promo image
What is CSP for Me?

CSP for Me is a Firefox add-on that adds or removes directive-values from the existing CSP (content-security-policy) header in HTTP responses. It works on both Android and PC platforms. The add-on provides features like enabling at startup, printing debug info, controlling cache-control header, specifying applied URLs and policy, and more.

Download
Merlin
Stats
Stats date:
Users: 11 ▲ 1
Version: 0.3.6 (Last updated: 2023-04-14)
Creation date: 2019-08-12
Weekly download count: 1
Firefox on Android: Yes
Manifest version: 2
Permissions:
  • webRequest
  • webRequestBlocking
  • storage
  • <all_urls>
Size: 27.55K
Risk impact: High risk impact
Risk likelihood: Moderate risk likelihood

Other platforms

Not available on Chrome
Not available on Edge

ChromeStats Rank

# 23752 ▲ 893
Merlin
Summary

Adds/Removes directive or directive-value to the existing CSP(content-security-policy) header in HTTP response. Works on Android as well as on PC.

Usage See the screenshot.

  • Enable at startup: Enable this feature when the browser is started.
  • Print debug info: Output debug information at the bottom of the Options tab.
  • no-cache: Controls the Cache-Control header so that CSP-modified pages are not cached.
  • Applied URLs: Comma-Separated target URL patterns.
  • Applied Policy: CSP directives to add or remove. Add: Follow the CSP syntax. e.g. script-src 'unsafe-inline' https://yobukodori.github.io

    Remove: 'remove':<value> or <regular expression> or 'directive' e.g. script-src 'remove':https://www.google-analytics.com 'remove':/^'(nonce|sha256|sha384|sha512)-/; report-uri 'remove':'directive'

    Adds new value to end of existing value if same directive name exists. Adds new directive to end of header value if same directive name not exists. Does nothing if CSP header doesn't exist in response.

  • Save: Save and apply settings.
  • Apply: Apply settings. (doesn't save settings).
  • Get Status: get current status and applied settings.
  • On enables this feature. Off disables this feature. Or clicking lock icon in toolbar will bring up a pop-up menu where you can turn it on/off and open the settings page.
  • Clear Log: Clear log.
If CSP for Me doesn't work, reload the page several times. The browser may be loading the cache of the page before CSP modification.

Product summarizer
Ad copy creator
Analyze keywords
Safety
Risk impact

CSP for Me is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this add-on. Review carefully before installing. We recommend that you only install CSP for Me if you trust the publisher.

Risk likelihood

CSP for Me is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this add-on.

Subscribe to the premium plan to see more risk analysis details
Screenshots
CSP for Me