diff --git a/.eslintrc.js b/.eslintrc.js
index 1d64db6b42ad..a1404f8309e6 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -1492,8 +1492,6 @@ module.exports = {
         "dom/security/test/csp/file_bug941404.html",
         "dom/security/test/csp/file_frameancestors_main.js",
         "dom/security/test/csp/file_main.js",
-        "dom/security/test/csp/file_navigate_to.html",
-        "dom/security/test/csp/file_navigate_to_request.html",
         "dom/security/test/csp/file_null_baseuri.html",
         "dom/security/test/csp/file_path_matching_redirect_server.sjs",
         "dom/security/test/csp/file_punycode_host_src.sjs",
@@ -1516,7 +1514,6 @@ module.exports = {
         "dom/security/test/csp/test_blocked_uri_in_reports.html",
         "dom/security/test/csp/test_blocked_uri_in_violation_event_after_redirects.html",
         "dom/security/test/csp/test_blocked_uri_redirect_frame_src.html",
-        "dom/security/test/csp/test_navigate_to.html",
         "dom/security/test/csp/test_null_baseuri.html",
         "dom/security/test/csp/test_path_matching.html",
         "dom/security/test/csp/test_report_for_import.html",
diff --git a/devtools/client/webconsole/test/browser/_webconsole.ini b/devtools/client/webconsole/test/browser/_webconsole.ini
index a8c8d520f468..5e4dc8e9c87d 100644
--- a/devtools/client/webconsole/test/browser/_webconsole.ini
+++ b/devtools/client/webconsole/test/browser/_webconsole.ini
@@ -134,7 +134,6 @@ support-files =
   test-message-categories-workers.html
   test-message-categories-workers.js
   test-mixedcontent-securityerrors.html
-  test-navigate-to-parse-error.html
   test-network-exceptions.html
   test-network-request.html
   test-network.html
@@ -373,7 +372,6 @@ fail-if = a11y_checks # bug 1687728 frame-link-filename is not accessible
 [browser_webconsole_multiple_windows_and_tabs.js]
 skip-if =
   win11_2009 # Bug 1798331
-[browser_webconsole_navigate_to_parse_error.js]
 [browser_webconsole_network_attach.js]
 [browser_webconsole_network_exceptions.js]
 [browser_webconsole_network_message_close_on_escape.js]
diff --git a/devtools/client/webconsole/test/browser/browser_webconsole_navigate_to_parse_error.js b/devtools/client/webconsole/test/browser/browser_webconsole_navigate_to_parse_error.js
deleted file mode 100644
index 61930ed43998..000000000000
--- a/devtools/client/webconsole/test/browser/browser_webconsole_navigate_to_parse_error.js
+++ /dev/null
@@ -1,30 +0,0 @@
-/* Any copyright is dedicated to the Public Domain.
- * http://creativecommons.org/publicdomain/zero/1.0/ */
-
-// Tests that ensure CSP 'navigate-to' does not parse.
-// Bug 1566149
-
-"use strict";
-
-const TEST_URI =
-  "data:text/html;charset=utf8,<!DOCTYPE html>Web Console navigate-to parse error test";
-const TEST_VIOLATION =
-  "https://example.com/browser/devtools/client/webconsole/" +
-  "test/browser/test-navigate-to-parse-error.html";
-
-const CSP_VIOLATION_MSG =
-  "Content-Security-Policy: Couldn\u2019t process unknown directive \u2018navigate-to\u2019";
-
-add_task(async function () {
-  const hud = await openNewTabAndConsole(TEST_URI);
-  await clearOutput(hud);
-
-  const onCSPViolationMessage = waitForMessageByType(
-    hud,
-    CSP_VIOLATION_MSG,
-    ".warn"
-  );
-  await navigateTo(TEST_VIOLATION);
-  await onCSPViolationMessage;
-  ok(true, "Received expected violation message");
-});
diff --git a/devtools/client/webconsole/test/browser/test-navigate-to-parse-error.html b/devtools/client/webconsole/test/browser/test-navigate-to-parse-error.html
deleted file mode 100644
index e806ea949897..000000000000
--- a/devtools/client/webconsole/test/browser/test-navigate-to-parse-error.html
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <meta http-equiv="Content-Security-Policy" content="navigate-to https://example.com"></meta>
-  <meta charset="UTF-8">
-  <title>Test for Bug 1566149 - Write test to ensure CSP 'navigate-to' does not parse</title>
-<!-- Any copyright is dedicated to the Public Domain.
-     http://creativecommons.org/publicdomain/zero/1.0/ -->
-</head>
-<body>
-<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1566149">Mozilla Bug 1566149</a>
-</body>
-</html>
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 543fa3af44aa..5caf338389cc 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -3544,8 +3544,7 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
     CopyUTF8toUTF16(host, *formatStrs.AppendElement());
     error = "netTimeout";
   } else if (NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION == aError ||
-             NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError ||
-             NS_ERROR_CSP_NAVIGATE_TO_VIOLATION == aError) {
+             NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError) {
     // CSP error
     cssClass.AssignLiteral("neterror");
     error = "cspBlocked";
@@ -10573,22 +10572,6 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
     NS_ADDREF(*aRequest = channel);
   }
 
-  nsCOMPtr<nsIContentSecurityPolicy> csp = aLoadState->Csp();
-  if (csp) {
-    // Check CSP navigate-to
-    bool allowsNavigateTo = false;
-    rv = csp->GetAllowsNavigateTo(aLoadState->URI(),
-                                  aLoadState->IsFormSubmission(),
-                                  false, /* aWasRedirected */
-                                  false, /* aEnforceWhitelist */
-                                  &allowsNavigateTo);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    if (!allowsNavigateTo) {
-      return NS_ERROR_CSP_NAVIGATE_TO_VIOLATION;
-    }
-  }
-
   const nsACString& typeHint = aLoadState->TypeHint();
   if (!typeHint.IsVoid()) {
     mContentTypeHint = typeHint;
diff --git a/docshell/base/nsDocShellLoadState.h b/docshell/base/nsDocShellLoadState.h
index a1e0416409e0..c5bbbfc2ec28 100644
--- a/docshell/base/nsDocShellLoadState.h
+++ b/docshell/base/nsDocShellLoadState.h
@@ -469,8 +469,7 @@ class nsDocShellLoadState final {
   bool mOriginalFrameSrc;
 
   // If this attribute is true, then the load was initiated by a
-  // form submission. This is important to know for the CSP directive
-  // navigate-to.
+  // form submission.
   bool mIsFormSubmission;
 
   // Contains a load type as specified by the nsDocShellLoadTypes::load*
diff --git a/docshell/base/nsDocShellTelemetryUtils.cpp b/docshell/base/nsDocShellTelemetryUtils.cpp
index cd78e3bce529..bd4ed865bd70 100644
--- a/docshell/base/nsDocShellTelemetryUtils.cpp
+++ b/docshell/base/nsDocShellTelemetryUtils.cpp
@@ -58,10 +58,6 @@ static const LoadErrorTelemetryResult sResult[] = {
         NS_ERROR_CSP_FORM_ACTION_VIOLATION,
         ErrorLabel::CSP_FORM_ACTION,
     },
-    {
-        NS_ERROR_CSP_NAVIGATE_TO_VIOLATION,
-        ErrorLabel::CSP_NAVIGATE_TO,
-    },
     {
         NS_ERROR_XFO_VIOLATION,
         ErrorLabel::XFO_VIOLATION,
diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp
index 43d081809478..14deb9eb7c09 100644
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -3569,25 +3569,6 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
   rv = InitCOEP(aChannel);
   NS_ENSURE_SUCCESS(rv, rv);
 
-  // Check CSP navigate-to
-  // We need to enforce the CSP of the document that initiated the load,
-  // which is the CSP to inherit.
-  nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = loadInfo->GetCspToInherit();
-  if (cspToInherit) {
-    bool allowsNavigateTo = false;
-    rv = cspToInherit->GetAllowsNavigateTo(
-        mDocumentURI, loadInfo->GetIsFormSubmission(),
-        !loadInfo->RedirectChain().IsEmpty(), /* aWasRedirected */
-        true,                                 /* aEnforceWhitelist */
-        &allowsNavigateTo);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    if (!allowsNavigateTo) {
-      aChannel->Cancel(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION);
-      return NS_OK;
-    }
-  }
-
   rv = InitCSP(aChannel);
   NS_ENSURE_SUCCESS(rv, rv);
 
diff --git a/dom/interfaces/security/nsIContentSecurityPolicy.idl b/dom/interfaces/security/nsIContentSecurityPolicy.idl
index 827849b77b77..34e68d51597d 100644
--- a/dom/interfaces/security/nsIContentSecurityPolicy.idl
+++ b/dom/interfaces/security/nsIContentSecurityPolicy.idl
@@ -61,11 +61,10 @@ interface nsIContentSecurityPolicy : nsISerializable
     BLOCK_ALL_MIXED_CONTENT        = 18,
     SANDBOX_DIRECTIVE              = 19,
     WORKER_SRC_DIRECTIVE           = 20,
-    NAVIGATE_TO_DIRECTIVE          = 21,
-    SCRIPT_SRC_ELEM_DIRECTIVE      = 22,
-    SCRIPT_SRC_ATTR_DIRECTIVE      = 23,
-    STYLE_SRC_ELEM_DIRECTIVE       = 24,
-    STYLE_SRC_ATTR_DIRECTIVE       = 25,
+    SCRIPT_SRC_ELEM_DIRECTIVE      = 21,
+    SCRIPT_SRC_ATTR_DIRECTIVE      = 22,
+    STYLE_SRC_ELEM_DIRECTIVE       = 23,
+    STYLE_SRC_ATTR_DIRECTIVE       = 24,
   };
 
   /**
@@ -154,24 +153,6 @@ interface nsIContentSecurityPolicy : nsISerializable
                           in unsigned long aLineNumber,
                           in unsigned long aColumnNumber);
 
-  /*
-   * Whether this policy allows a navigation subject to the navigate-to
-   * policy.
-   * @param aURI The target URI
-   * @param aIsFormSubmission True if the navigation was initiated by a form submission. This
-   *        is important since the form-action directive overrides navigate-to in that case.
-   * @param aWasRedirect True if a redirect has happened. Important for path-sensitivity.
-   * @param aEnforceAllowlist True if the allowlist of allowed targets must be enforced. If
-   *        this is true, the allowlist must be enforced even if 'unsafe-allow-redirects' is
-   *        used. If 'unsafe-allow-redirects' is not used then the allowlist is always enforced
-   * @return
-   *     Whether or not the effects of the navigation is allowed
-   */
-  boolean getAllowsNavigateTo(in nsIURI aURI,
-                              in boolean aIsFormSubmission,
-                              in boolean aWasRedirected,
-                              in boolean aEnforceAllowlist);
-
   /**
    * Whether this policy allows eval and eval-like functions
    * such as setTimeout("code string", time).
diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp
index d624083ab246..fa24043a1a71 100644
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -671,93 +671,6 @@ nsCSPContext::GetAllowsInline(CSPDirective aDirective, bool aHasUnsafeHash,
   return NS_OK;
 }
 
-NS_IMETHODIMP
-nsCSPContext::GetAllowsNavigateTo(nsIURI* aURI, bool aIsFormSubmission,
-                                  bool aWasRedirected, bool aEnforceAllowlist,
-                                  bool* outAllowsNavigateTo) {
-  /*
-   * The matrix below shows the different values of (aWasRedirect,
-   * aEnforceAllowlist) for the three different checks we do.
-   *
-   *  Navigation    | Start Loading  | Initiate Redirect | Document
-   *                | (nsDocShell)   | (nsCSPService)    |
-   *  -----------------------------------------------------------------
-   *  A -> B          (false,false)    -                   (false,true)
-   *  A -> ... -> B   (false,false)    (true,false)        (true,true)
-   */
-  *outAllowsNavigateTo = false;
-
-  EnsureIPCPoliciesRead();
-  // The 'form-action' directive overrules 'navigate-to' for form submissions.
-  // So in case this is a form submission and the directive 'form-action' is
-  // present then there is nothing for us to do here, see: 6.3.3.1.2
-  // https://www.w3.org/TR/CSP3/#navigate-to-pre-navigate
-  if (aIsFormSubmission) {
-    for (unsigned long i = 0; i < mPolicies.Length(); i++) {
-      if (mPolicies[i]->hasDirective(
-              nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE)) {
-        *outAllowsNavigateTo = true;
-        return NS_OK;
-      }
-    }
-  }
-
-  bool atLeastOneBlock = false;
-  for (unsigned long i = 0; i < mPolicies.Length(); i++) {
-    if (!mPolicies[i]->allowsNavigateTo(aURI, aWasRedirected,
-                                        aEnforceAllowlist)) {
-      if (!mPolicies[i]->getReportOnlyFlag()) {
-        atLeastOneBlock = true;
-      }
-
-      // If the load encountered a server side redirect, the spec suggests to
-      // remove the path component from the URI, see:
-      // https://www.w3.org/TR/CSP3/#source-list-paths-and-redirects
-      nsCOMPtr<nsIURI> blockedURIForReporting = aURI;
-      if (aWasRedirected) {
-        nsAutoCString prePathStr;
-        nsCOMPtr<nsIURI> prePathURI;
-        nsresult rv = aURI->GetPrePath(prePathStr);
-        NS_ENSURE_SUCCESS(rv, rv);
-        rv = NS_NewURI(getter_AddRefs(blockedURIForReporting), prePathStr);
-        NS_ENSURE_SUCCESS(rv, rv);
-      }
-
-      // Lines numbers and source file for the violation report
-      uint32_t lineNumber = 0;
-      uint32_t columnNumber = 0;
-      nsAutoCString spec;
-      JSContext* cx = nsContentUtils::GetCurrentJSContext();
-      if (cx) {
-        nsJSUtils::GetCallingLocation(cx, spec, &lineNumber, &columnNumber);
-        // If GetCallingLocation fails linenumber & columnNumber are set to 0
-        // anyway so we can skip checking if that is the case.
-      }
-
-      // Report the violation
-      nsresult rv = AsyncReportViolation(
-          nullptr,                                    // aTriggeringElement
-          nullptr,                                    // aCSPEventListener
-          blockedURIForReporting,                     // aBlockedURI
-          nsCSPContext::BlockedContentSource::eSelf,  // aBlockedSource
-          nullptr,                                    // aOriginalURI
-          u"navigate-to"_ns,                          // aViolatedDirective
-          u"navigate-to"_ns,                          // aEffectiveDirective
-          i,                                          // aViolatedPolicyIndex
-          u""_ns,                                     // aObserverSubject
-          NS_ConvertUTF8toUTF16(spec),                // aSourceFile
-          false,                                      // aReportSample
-          u""_ns,                                     // aScriptSample
-          lineNumber,                                 // aLineNum
-          columnNumber);                              // aColumnNum
-      NS_ENSURE_SUCCESS(rv, rv);
-    }
-  }
-
-  *outAllowsNavigateTo = !atLeastOneBlock;
-  return NS_OK;
-}
-
 /**
  * For each policy, log any violation on the Error Console and send a report
  * if a report-uri is present in the policy
diff --git a/dom/security/nsCSPParser.cpp b/dom/security/nsCSPParser.cpp
index 556fae8d3617..7624ffc7aacb 100644
--- a/dom/security/nsCSPParser.cpp
+++ b/dom/security/nsCSPParser.cpp
@@ -467,20 +467,6 @@ nsCSPBaseSrc* nsCSPParser::keywordSource() {
     return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken));
   }
 
-  if (CSP_IsKeyword(mCurToken, CSP_UNSAFE_ALLOW_REDIRECTS)) {
-    if (!CSP_IsDirective(mCurDir[0],
-                         nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE)) {
-      // Only allow 'unsafe-allow-redirects' within navigate-to.
-      AutoTArray<nsString, 2> params = {u"unsafe-allow-redirects"_ns,
-                                        u"navigate-to"_ns};
-      logWarningErrorToConsole(nsIScriptError::warningFlag,
-                               "IgnoringSourceWithinDirective", params);
-      return nullptr;
-    }
-
-    return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken));
-  }
-
   return nullptr;
 }
 
@@ -886,18 +872,6 @@ nsCSPDirective* nsCSPParser::directiveName() {
     return nullptr;
   }
 
-  // Bug 1529068: Implement navigate-to directive.
-  // Once all corner cases are resolved we can remove that special
-  // if-handling here and let the parser just fall through to
-  // return new nsCSPDirective.
-  if (directive == nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE &&
-      !StaticPrefs::security_csp_enableNavigateTo()) {
-    AutoTArray<nsString, 1> params = {mCurToken};
-    logWarningErrorToConsole(nsIScriptError::warningFlag,
-                             "couldNotProcessUnknownDirective", params);
-    return nullptr;
-  }
-
   // Make sure the directive does not already exist
   // (see http://www.w3.org/TR/CSP11/#parsing)
   if (mPolicy->hasDirective(directive)) {
diff --git a/dom/security/nsCSPService.cpp b/dom/security/nsCSPService.cpp
index c7c58a37dc01..19574ad81949 100644
--- a/dom/security/nsCSPService.cpp
+++ b/dom/security/nsCSPService.cpp
@@ -310,25 +310,6 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
                                            nsIURI* aNewURI,
                                            nsILoadInfo* aLoadInfo,
                                            Maybe<nsresult>& aCancelCode) {
-  // Check CSP navigate-to
-  // We need to enforce the CSP of the document that initiated the load,
-  // which is the CSP to inherit.
-  nsCOMPtr<nsIContentSecurityPolicy> cspToInherit =
-      aLoadInfo->GetCspToInherit();
-  if (cspToInherit) {
-    bool allowsNavigateTo = false;
-    nsresult rv = cspToInherit->GetAllowsNavigateTo(
-        aNewURI, aLoadInfo->GetIsFormSubmission(), true, /* aWasRedirected */
-        false,                                           /* aEnforceAllowlist */
-        &allowsNavigateTo);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    if (!allowsNavigateTo) {
-      aCancelCode = Some(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION);
-      return NS_OK;
-    }
-  }
-
   // No need to continue processing if CSP is disabled or if the protocol
   // is *not* subject to CSP.
   // Please note, the correct way to opt-out of CSP using a custom
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
index a7b02a55a73c..91330ef555c2 100644
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -358,7 +358,6 @@ CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType) {
       return nsIContentSecurityPolicy::NO_DIRECTIVE;
 
     // Fall through to error for all other directives
-    // Note that we should never end up here for navigate-to
     case nsIContentPolicy::TYPE_INVALID:
     case nsIContentPolicy::TYPE_END:
       MOZ_ASSERT(false, "Can not map nsContentPolicyType to CSPDirective");
@@ -1664,31 +1663,6 @@ bool nsCSPPolicy::hasDirective(CSPDirective aDir) const {
   return false;
 }
 
-bool nsCSPPolicy::allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
-                                   bool aEnforceAllowlist) const {
-  bool allowsNavigateTo = true;
-
-  for (unsigned long i = 0; i < mDirectives.Length(); i++) {
-    if (mDirectives[i]->equals(
-            nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE)) {
-      // Early return if we can skip the allowlist AND 'unsafe-allow-redirects'
-      // is present.
-      if (!aEnforceAllowlist &&
-          mDirectives[i]->allows(CSP_UNSAFE_ALLOW_REDIRECTS, u""_ns, false)) {
-        return true;
-      }
-      // Otherwise, check against the allowlist.
-      if (!mDirectives[i]->permits(
-              nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE, nullptr, aURI,
-              u""_ns, aWasRedirected, false, false, false)) {
-        allowsNavigateTo = false;
-      }
-    }
-  }
-
-  return allowsNavigateTo;
-}
-
 /*
  * Use this function only after ::allows() returned 'false'. Most and
  * foremost it's used to get the violated directive before sending reports.
diff --git a/dom/security/nsCSPUtils.h b/dom/security/nsCSPUtils.h
index 064476855793..d8ad5e808f36 100644
--- a/dom/security/nsCSPUtils.h
+++ b/dom/security/nsCSPUtils.h
@@ -89,7 +89,6 @@ static const char* CSPStrDirectives[] = {
     "block-all-mixed-content",    // BLOCK_ALL_MIXED_CONTENT
     "sandbox",                    // SANDBOX_DIRECTIVE
     "worker-src",                 // WORKER_SRC_DIRECTIVE
-    "navigate-to",                // NAVIGATE_TO_DIRECTIVE
     "script-src-elem",            // SCRIPT_SRC_ELEM_DIRECTIVE
     "script-src-attr",            // SCRIPT_SRC_ATTR_DIRECTIVE
     "style-src-elem",             // STYLE_SRC_ELEM_DIRECTIVE
@@ -113,16 +112,15 @@ inline CSPDirective CSP_StringToCSPDirective(const nsAString& aDir) {
   return nsIContentSecurityPolicy::NO_DIRECTIVE;
 }
 
-#define FOR_EACH_CSP_KEYWORD(MACRO)                             \
-  MACRO(CSP_SELF, "'self'")                                     \
-  MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'")                   \
-  MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'")                       \
-  MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'")                   \
-  MACRO(CSP_NONE, "'none'")                                     \
-  MACRO(CSP_NONCE, "'nonce-")                                   \
-  MACRO(CSP_REPORT_SAMPLE, "'report-sample'")                   \
-  MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'")                 \
-  MACRO(CSP_UNSAFE_ALLOW_REDIRECTS, "'unsafe-allow-redirects'") \
+#define FOR_EACH_CSP_KEYWORD(MACRO)             \
+  MACRO(CSP_SELF, "'self'")                     \
+  MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'")   \
+  MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'")       \
+  MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'")   \
+  MACRO(CSP_NONE, "'none'")                     \
+  MACRO(CSP_NONCE, "'nonce-")                   \
+  MACRO(CSP_REPORT_SAMPLE, "'report-sample'")   \
+  MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \
   MACRO(CSP_WASM_UNSAFE_EVAL, "'wasm-unsafe-eval'")
 
 enum CSPKeyword {
@@ -692,9 +690,6 @@ class nsCSPPolicy {
 
   bool visitDirectiveSrcs(CSPDirective aDir, nsCSPSrcVisitor* aVisitor) const;
 
-  bool allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
-                        bool aEnforceAllowlist) const;
-
  private:
   nsUpgradeInsecureDirective* mUpgradeInsecDir;
   nsTArray<nsCSPDirective*> mDirectives;
diff --git a/dom/security/test/csp/file_navigate_to.html b/dom/security/test/csp/file_navigate_to.html
deleted file mode 100644
index f6ea36d389f9..000000000000
--- a/dom/security/test/csp/file_navigate_to.html
+++ /dev/null
@@ -1,11 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <title>Bug 1529068 Implement CSP 'navigate-to' directive</title>
-</head>
-<body>
-  <script type="text/javascript">
-  window.location = "http://www.example.com/";
-  </script>
-</body>
-</html>
diff --git a/dom/security/test/csp/file_navigate_to.sjs b/dom/security/test/csp/file_navigate_to.sjs
deleted file mode 100644
index d1cffb74ccc1..000000000000
--- a/dom/security/test/csp/file_navigate_to.sjs
+++ /dev/null
@@ -1,58 +0,0 @@
-// Custom *.sjs file specifically for the needs of
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1529068
-
-"use strict";
-Components.utils.importGlobalProperties(["URLSearchParams"]);
-
-const TEST_NAVIGATION_HEAD = `
-  <!DOCTYPE HTML>
-  <html>
-  <head>
-    <title>Bug 1529068 Implement CSP 'navigate-to' directive</title>`;
-
-const TEST_NAVIGATION_AFTER_META = `
-  </head>
-  <body>
-    <script type="text/javascript">
-    window.location = "`;
-
-const TEST_NAVIGATION_FOOT = `";
-    </script>
-  </body>
-  </html>
-  `;
-
-function handleRequest(request, response) {
-  const query = new URLSearchParams(request.queryString);
-
-  response.setHeader("Cache-Control", "no-cache", false);
-  response.setHeader("Content-Type", "text/html", false);
-
-  if (query.get("redir")) {
-    response.setStatusLine(request.httpVersion, "302", "Found");
-    response.setHeader("Location", query.get("redir"), false);
-    return;
-  }
-
-  response.write(TEST_NAVIGATION_HEAD);
-
-  // We need meta to set multiple CSP headers.
-  if (query.get("csp")) {
-    response.write(
-      '<meta http-equiv="Content-Security-Policy" content="' +
-        query.get("csp") +
-        '">'
-    );
-  }
-  if (query.get("csp2")) {
-    response.write(
-      '<meta http-equiv="Content-Security-Policy" content="' +
-        query.get("csp2") +
-        '">'
-    );
-  }
-
-  response.write(
-    TEST_NAVIGATION_AFTER_META + query.get("target") + TEST_NAVIGATION_FOOT
-  );
-}
diff --git a/dom/security/test/csp/file_navigate_to_request.html b/dom/security/test/csp/file_navigate_to_request.html
deleted file mode 100644
index 4f82525599f3..000000000000
--- a/dom/security/test/csp/file_navigate_to_request.html
+++ /dev/null
@@ -1,17 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <meta charset="utf-8">
-</head>
-<script type="text/javascript">
-  // The idea with this file is to convert responses into requests. 
-  // This is needed because we don't have 
-  // specialpowers-http-notify-response
-
-  // Response from this file => request to www.example.com => Allowed
-  // CSP error               => Blocked
-  fetch('http://www.example.com/');
-</script>
-<body>
-</body>
-</html>
diff --git a/dom/security/test/csp/mochitest.ini b/dom/security/test/csp/mochitest.ini
index 319e7cff7139..bec8f5861268 100644
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -723,14 +723,6 @@ support-files =
   file_iframe_parent_location_js.html
 skip-if =
   fission && os == "android" # Bug 1827756
-[test_navigate_to.html]
-support-files =
-  file_navigate_to.sjs
-  file_navigate_to_request.html
-skip-if =
-  http3
-  http2
-  fission && os == "android" # Bug 1827756
 [test_independent_iframe_csp.html]
 skip-if =
   fission && os == "android" # Bug 1827756
diff --git a/dom/security/test/csp/test_navigate_to.html b/dom/security/test/csp/test_navigate_to.html
deleted file mode 100644
index 357b35bb05f0..000000000000
--- a/dom/security/test/csp/test_navigate_to.html
+++ /dev/null
@@ -1,158 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <title>Bug 1529068 Implement CSP 'navigate-to' directive</title>
-  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
-  <script src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-</head>
-<body>
-  <p id="display"></p>
-  <div id="content">
-    <iframe style="width:100%;" id="testframe"></iframe>
-  </div>
-
-<script class="testbody" type="text/javascript">
-
-/*
- * Description of the test:
- *   We load a page with a given CSP and verify that navigations are correctly
- *   evaluated through the "navigate-to" directive.
- */
-SpecialPowers.pushPrefEnv({"set": [["security.csp.enableNavigateTo", true]]});
-SimpleTest.waitForExplicitFinish();
-
-// Note: The final website for the navigation chain must always be: www.example.com
-var tests = [
-  {
-    result : "blocked",
-    policy : "navigate-to www.mozilla.com",
-    target : "http://www.example.com/"
-  },
-  {
-    result : "allowed",
-    policy : "navigate-to www.example.com",
-    target : "http://www.example.com/"
-  },
-  {
-    // Test path-sensitivity 
-    result : "blocked",
-    policy : "navigate-to http://www.example.com/full/path/to/file",
-    target : "http://www.example.com/"
-  },
-  {
-    // Test scheme
-    result : "blocked",
-    policy : "navigate-to https://www.example.com/",
-    target : "http://www.example.com/"
-  },
-  {
-    // Redirect from tracking.example.com to www.example.com
-    result : "blocked",
-    policy : "navigate-to www.example.com",
-    target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/"
-  },
-  {
-  // Redirect from tracking.example.com to www.example.com (Explicitly allowed)
-    result : "allowed",
-    policy : "navigate-to tracking.example.com www.example.com",
-    target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/"
-  },
-  {
-  // Redirect from tracking.example.com to www.example.com ('unsafe-allow-redirects')
-    result : "allowed",
-    policy : "navigate-to 'unsafe-allow-redirects' www.example.com",
-    target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/"
-  },
-  // No path-sensitivity after redirect
-  {
-    result : "allowed",
-    policy : "navigate-to tracking.example.com http://www.example.com/full/path/to/file",
-    target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/"
-  },
-  // Multiple CSP directives, first block (origin) second allow
-  {
-    result : "allowed",
-    policy : "img-src 'none'; navigate-to www.example.com",
-    target : "http://www.example.com/"
-  },
-  // Multiple CSP directives, first allow (origin) second block
-  {
-    result : "blocked",
-    policy : "img-src www.example.com mochi.test:8888; navigate-to www.mozilla.com",
-    target : "http://www.example.com/"
-  },
-  // Multiple CSPs, first allow second block
-  {
-    result  : "blocked",
-    policy  : "navigate-to www.example.com",
-    policy2 : "navigate-to www.mozilla.com",
-    target  : "http://www.example.com/"
-  },
-  // Multiple CSPs, first block second allow
-  {
-    result  : "blocked",
-    policy  : "navigate-to www.mozilla.com",
-    policy2 : "navigate-to www.example.com",
-    target  : "http://www.example.com/"
-  },
-];
-
-// initializing to -1 so we start at index 0 when we start the test
-var counter = -1;
-
-function checkResult(aResult) {
-  is(aResult, tests[counter].result, "should be " + tests[counter].result + " in test " + counter + 
-    "(" + tests[counter].policy + ", " + tests[counter].target + ")!");
-  loadNextTest();
-}
-
-// We use the examiner to identify requests that hit the wire and requests
-// that are blocked by CSP and bubble up the result to the including iframe
-// document (parent).
-function examiner() {
-  SpecialPowers.addObserver(this, "csp-on-violate-policy");
-}
-examiner.prototype  = {
-  observe(subject, topic, data) {
-    if (topic === "csp-on-violate-policy" && data === "navigate-to") {
-      checkResult("blocked");
-    }
-
-  },
-  remove() {
-    SpecialPowers.removeObserver(this, "csp-on-violate-policy");
-  }
-}
-window.NavigationActionExaminer = new examiner();
-// We use iframe onload to check if requests are not blocked by CSP
-var iframe = document.getElementById("testframe");
-iframe.onload = function() {
-  checkResult("allowed");
-}
-
-function loadNextTest() {
-  counter++;
-  if (counter == tests.length) {
-    window.NavigationActionExaminer.remove();
-    SimpleTest.finish();
-    return;
-  }
-
-  var src = "file_navigate_to.sjs";
-  // append the CSP that should be used to serve the file
-  src += "?csp=" + escape(tests[counter].policy);
-  if( tests[counter].policy2 ) {
-     src += "&csp2=" + escape(tests[counter].policy2);
-  }
-  src += "&target=" + escape(tests[counter].target);
-
-  iframe.src = src;
-}
-
-// start running the tests
-loadNextTest();
-
-</script>
-</body>
-</html>
diff --git a/dom/security/test/gtest/TestCSPParser.cpp b/dom/security/test/gtest/TestCSPParser.cpp
index 735a6c7502a5..08eaecaa7cc7 100644
--- a/dom/security/test/gtest/TestCSPParser.cpp
+++ b/dom/security/test/gtest/TestCSPParser.cpp
@@ -150,11 +150,8 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount,
                       uint32_t aExpectedPolicyCount) {
   nsresult rv;
   nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-  bool navigateTo = false;
   bool wasmUnsafeEval = false;
   if (prefs) {
-    prefs->GetBoolPref("security.csp.enableNavigateTo", &navigateTo);
-    prefs->SetBoolPref("security.csp.enableNavigateTo", true);
     prefs->GetBoolPref("security.csp.wasm-unsafe-eval.enabled",
                        &wasmUnsafeEval);
     prefs->SetBoolPref("security.csp.wasm-unsafe-eval.enabled", true);
@@ -167,7 +164,6 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount,
   }
 
   if (prefs) {
-    prefs->SetBoolPref("security.csp.enableNavigateTo", navigateTo);
     prefs->SetBoolPref("security.csp.wasm-unsafe-eval.enabled", wasmUnsafeEval);
   }
 
@@ -222,10 +218,6 @@ TEST(CSPParser, Directives)
       "worker-src https://example.com" },
     { "worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com",
       "worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com" },
-    { "navigate-to http://example.com",
-      "navigate-to http://example.com"},
-    { "navigate-to 'unsafe-allow-redirects' http://example.com",
-      "navigate-to 'unsafe-allow-redirects' http://example.com"},
     { "script-src 'unsafe-allow-redirects' http://example.com",
       "script-src http://example.com"},
       // clang-format on
diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml
index f5bc90443c0a..45974ce6c371 100644
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -13799,12 +13799,6 @@
   value: true
   mirror: always
 
-# Navigate-to CSP 3 directive
-- name: security.csp.enableNavigateTo
-  type: bool
-  value: false
-  mirror: always
-
 # wasm-unsafe-eval source keyword
 - name: security.csp.wasm-unsafe-eval.enabled
   type: bool
diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl
index f3f8304a1b88..804767b6eae5 100644
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@@ -673,7 +673,6 @@ interface nsILoadInfo : nsISupports
 
   /**
    * True if the load was initiated by a form request.
-   * This is important to know to handle the CSP directive navigate-to.
    */
   [infallible] attribute boolean isFormSubmission;
 
diff --git a/netwerk/ipc/DocumentLoadListener.cpp b/netwerk/ipc/DocumentLoadListener.cpp
index 7ce1ef0a864b..b4a6664ca6c1 100644
--- a/netwerk/ipc/DocumentLoadListener.cpp
+++ b/netwerk/ipc/DocumentLoadListener.cpp
@@ -975,19 +975,6 @@ auto DocumentLoadListener::OpenInParent(nsDocShellLoadState* aLoadState,
     return nullptr;
   }
 
-  if (nsCOMPtr<nsIContentSecurityPolicy> csp = aLoadState->Csp()) {
-    // Check CSP navigate-to
-    bool allowsNavigateTo = false;
-    nsresult rv = csp->GetAllowsNavigateTo(aLoadState->URI(),
-                                           aLoadState->IsFormSubmission(),
-                                           false, /* aWasRedirected */
-                                           false, /* aEnforceWhitelist */
-                                           &allowsNavigateTo);
-    if (NS_FAILED(rv) || !allowsNavigateTo) {
-      return nullptr;
-    }
-  }
-
   // Clone because this mutates the load flags in the load state, which
   // breaks nsDocShells expectations of being able to do it.
   RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(*aLoadState);
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini b/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini
index a2f33529566f..a9157fbc6a9f 100644
--- a/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini
@@ -1,4 +1 @@
-prefs: [security.csp.enableNavigateTo:true]
-disabled:
-  if os == "win": https://bugzilla.mozilla.org/show_bug.cgi?id=1450635
-lsan-allowed: [Alloc, AllocateProtoAndIfaceCache, CallFromStack, CallJSNative, CallResolveOp, DelazifyCanonicalScriptedFunction, EnterJit, InternalCall, JS::Call, JSFunction::delazifyLazilyInterpretedFunction, MakeLinearStringForAtomization, ProtoAndIfaceCache, addDataProperty, alloc::raw_vec::finish_grow, applyImpl, js::RunScript, js::frontend::CompilationStencil::instantiateStencilsAfterPreparation, js_new, js_pod_arena_malloc, maybeCreateCacheForLookup, mozilla::EventDispatcher::Dispatch, mozilla::EventListenerManager::HandleEventInternal, mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal, mozilla::detail::HashTable, mozilla::detail::RunnableFunction, mozilla::dom::PContentChild::OnMessageReceived, mozilla::dom::Performance::CreateForMainThread, mozilla::dom::PerformanceMainThread::CreateNavigationTimingEntry, mozilla::dom::ProtoAndIfaceCache::PageTableCache::EntrySlotOrCreate, mozilla::dom::ScriptLoader::CreateLoadRequest, mozilla::dom::ScriptLoader::EvaluateScript, mozilla::intl::FluentBundle::Constructor, mozilla::intl::FluentResource::Constructor, mozilla::ipc::MessageChannel::RunMessage, mozilla::net::nsStandardURL::TemplatedMutator, nsDocumentOpenInfo::TryContentListener, nsDynamicAtom::Create, nsPresContext::NotifyContentfulPaint, nsThread::ProcessNextEvent, operator, search, unknown stack]
+disabled: true
\ No newline at end of file
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini
deleted file mode 100644
index d78f9d922d46..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini
+++ /dev/null
@@ -1,8 +0,0 @@
-[child-navigates-parent-allowed.html]	
-  disabled:
-    if os == "linux": https://bugzilla.mozilla.org/show_bug.cgi?id=1450660
-  
-  expected: TIMEOUT
-
-  [Test that the child can navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child, which has the policy `navigate-to 'self'`)]
-    expected: NOTRUN
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini
deleted file mode 100644
index 1c5507d9a75e..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini
+++ /dev/null
@@ -1,8 +0,0 @@
-[child-navigates-parent-blocked.sub.html]
-  expected: TIMEOUT
-  [Violation report status OK.]
-    expected: FAIL
-
-  [Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child which has the policy `navigate-to 'none'`)]
-    expected: NOTRUN
-
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini
deleted file mode 100644
index 9e2a1d94a307..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[form-action-blocks-navigate-to-allows.sub.html]
-  [Test that form-action overrides navigate-to when present.]
-    expected: FAIL
-
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini
deleted file mode 100644
index 60129ed9d57d..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[form-action-blocks-navigate-to-blocks.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
-  [Test that form-action overrides navigate-to when present.]
-    expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini
deleted file mode 100644
index 2f1bbca0b863..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini
+++ /dev/null
@@ -1,9 +0,0 @@
-[form-blocked.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
-  [Test that the child iframe navigation is not allowed]
-    expected: FAIL
-
-  [Violation report status OK.]
-    expected:
-      if (os == "android") and not debug: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini
deleted file mode 100644
index 31c50b28804e..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[form-cross-origin-blocked.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
-  [Test that the child iframe navigation is not allowed]
-    expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini
deleted file mode 100644
index e13832a88048..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[form-redirected-blocked.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini
deleted file mode 100644
index 0416d153e3cb..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[href-location-allowed.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini
deleted file mode 100644
index a5b851165841..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini
+++ /dev/null
@@ -1,6 +0,0 @@
-[href-location-blocked.sub.html]
-  [Violation report status OK.]
-    expected:
-      if (os == "android") and debug and swgl: [PASS, FAIL]
-      if (os == "android") and debug and not swgl: [FAIL, PASS]
-      if (os == "android") and not debug: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini
deleted file mode 100644
index 8958f54ddeae..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[href-location-cross-origin-allowed.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini
deleted file mode 100644
index 809f776856c8..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[href-location-cross-origin-blocked.sub.html]
-  disabled:
-    if os == "android": Passes on debug but fails on optimized
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini
deleted file mode 100644
index 56897589aa6d..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[href-location-redirected-allowed.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini
deleted file mode 100644
index e65075322e37..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[href-location-redirected-blocked.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini
deleted file mode 100644
index 31bdc49265eb..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[link-click-allowed.html]
-  expected:
-    if (os == "android") and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini
deleted file mode 100644
index 69decb5e51bf..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini
+++ /dev/null
@@ -1,11 +0,0 @@
-[link-click-blocked.sub.html]
-  expected:
-    if fission and (os == "linux") and not debug: [OK, TIMEOUT]
-    if fission and (os == "android"): [OK, TIMEOUT]
-  [Test that the child iframe navigation is not allowed]
-    expected:
-      if (os == "linux") and not debug and fission: [PASS, NOTRUN]
-
-  [Violation report status OK.]
-    expected:
-      if (os == "linux") and not debug and fission: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini
deleted file mode 100644
index 13f264797508..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[link-click-cross-origin-allowed.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini
deleted file mode 100644
index ce667bffc4e2..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[link-click-cross-origin-blocked.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini
deleted file mode 100644
index 3d09bedd5718..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[link-click-redirected-allowed.html]
-  disabled:
-    if os == "win": Bug 1440584
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini
deleted file mode 100644
index dead79e0d0fe..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[link-click-redirected-blocked.sub.html]
-  [Violation report status OK.]
-    expected:
-      if debug and (os == "linux") and not fission and not swgl: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini
deleted file mode 100644
index 6398d9b5f824..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-allowed.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini
deleted file mode 100644
index d54aa48aafcd..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-blocked.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini
deleted file mode 100644
index 6c67fc19ced2..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-cross-origin-allowed.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini
deleted file mode 100644
index 07ff849d4d7e..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-cross-origin-blocked.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini
deleted file mode 100644
index 5beb83a1c4e8..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-redirected-allowed.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini
deleted file mode 100644
index 35264132b126..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-redirected-blocked.sub.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini
deleted file mode 100644
index b169d939dc1d..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[parent-navigates-child-allowed.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini
deleted file mode 100644
index d4c0fa1e3c14..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[parent-navigates-child-blocked.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini
deleted file mode 100644
index d7d5d787aaf0..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini
+++ /dev/null
@@ -1,17 +0,0 @@
-[spv-only-sent-to-initiator.sub.html]
-  expected:
-    if fission and (os == "linux") and debug and not swgl: [TIMEOUT, OK]
-    if fission and (os == "linux") and debug and swgl: [TIMEOUT, OK]
-    if fission and (os == "linux") and not debug and (processor == "x86_64"): [TIMEOUT, OK]
-    if fission and (os == "mac") and debug: [TIMEOUT, OK]
-    [OK, TIMEOUT]
-  [Test that no spv event is raised]
-    expected:
-      if fission and (os == "linux") and not debug and (processor == "x86_64"): [NOTRUN, FAIL]
-      if fission and (os == "linux") and debug and not swgl: [NOTRUN, FAIL]
-      if fission and (os == "linux") and debug and swgl: [NOTRUN, FAIL]
-      if fission and (os == "mac") and debug: [NOTRUN, FAIL]
-      [FAIL, NOTRUN]
-
-  [Violation report status OK.]
-    expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini
deleted file mode 100644
index 50b69647119b..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[allowed-end-of-chain-because-of-same-origin.sub.html]
-  disabled:
-    if (os == "android"): https://bugzilla.mozilla.org/show_bug.cgi?id=1511193
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini
deleted file mode 100644
index d912e96f1d4c..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini
+++ /dev/null
@@ -1,6 +0,0 @@
-[blocked-end-of-chain.sub.html]
-  expected: TIMEOUT
-
-  [Test that the child iframe navigation is blocked]
-    expected: NOTRUN
-
diff --git a/xpcom/base/ErrorList.py b/xpcom/base/ErrorList.py
index 434c3d00565f..8b854fef8bc2 100755
--- a/xpcom/base/ErrorList.py
+++ b/xpcom/base/ErrorList.py
@@ -894,9 +894,8 @@ with modules["SECURITY"]:
     errors["NS_ERROR_XFO_VIOLATION"] = FAILURE(96)
 
     # Error code for CSP
-    errors["NS_ERROR_CSP_NAVIGATE_TO_VIOLATION"] = FAILURE(97)
-    errors["NS_ERROR_CSP_FORM_ACTION_VIOLATION"] = FAILURE(98)
-    errors["NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION"] = FAILURE(99)
+    errors["NS_ERROR_CSP_FORM_ACTION_VIOLATION"] = FAILURE(97)
+    errors["NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION"] = FAILURE(98)
 
     # Error code for Sub-Resource Integrity
     errors["NS_ERROR_SRI_CORRUPT"] = FAILURE(200)