Index: theme.php
===================================================================
--- theme.php	(revision 32881)
+++ theme.php	(working copy)
@@ -2066,11 +2066,22 @@
 	$admin_origin = parse_url( admin_url() );
 	$home_origin  = parse_url( home_url() );
 	$cross_domain = ( strtolower( $admin_origin[ 'host' ] ) != strtolower( $home_origin[ 'host' ] ) );
-
+	/**
+	 * Filter whether to enable the Customizer.
+	 *
+	 * Returning false to this hook will trigger the 'no-customizer-support'
+	 * class within the body tag which will effectively revert the inclusion
+	 * of the Customizer.
+	 *
+	 * @since 4.x.x
+	 *
+	 * @param bool Whether the Customizer should be shown. Default true.
+	 */
+	$enabled = apply_filters( 'enable_customizer_support', true );
 	?>
 	<script type="text/javascript">
 		(function() {
-			var request, b = document.body, c = 'className', cs = 'customize-support', rcs = new RegExp('(^|\\s+)(no-)?'+cs+'(\\s+|$)');
+			var request, enabled, b = document.body, c = 'className', cs = 'customize-support', rcs = new RegExp('(^|\\s+)(no-)?'+cs+'(\\s+|$)');
 
 <?php		if ( $cross_domain ): ?>
 			request = (function(){ var xhr = new XMLHttpRequest(); return ('withCredentials' in xhr); })();
@@ -2077,9 +2088,14 @@
 <?php		else: ?>
 			request = true;
 <?php		endif; ?>
+<?php       if ( $enabled ) { ?>
+			enabled = true;
+<?php       } else { ?>
+			enabled = false;
+<?php       } ?>
 
 			b[c] = b[c].replace( rcs, ' ' );
-			b[c] += ( window.postMessage && request ? ' ' : ' no-' ) + cs;
+			b[c] += ( window.postMessage && request && enabled ? ' ' : ' no-' ) + cs;
 		}());
 	</script>
 	<?php