Upgrade
No-CSRF

No-CSRF

Prevent cookies from being client-side sent cross-origin.

What is No-CSRF?
No-CSRF is a Chrome extension that prevents Cross-Site Request Forgery (CSRF) attacks by removing cookies from non-GET requests that violate the same-origin policy. This extension keeps your browsing secure and provides a report of stripped cookies. Open source and based on a similar extension by avlidienbrunn.
Download
Stats
Users: 402 ▼ -1
Rating: 5.00 (1)
Version: 0.42 (Last updated: 2016-07-05)
Creation date: 2016-07-04
Risk impact: High risk impact
Risk likelihood: Low risk likelihood
Manifest version: 2
Permissions:
  • webRequest
  • webRequestBlocking
  • tabs
  • webNavigation
  • <all_urls>
Size: 9.81K
URLs: Website
Stats date:

Chrome-Stats Rank

# 41287 ▼ 379
Other rankings
#6365 in Developer Tools ▼ 5 #107 in contain keyword 13 #243 in request keyword 28 ▲ 1

Other platforms

Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.
Chrome-Stats extension
Summary
Analyze keywords

Cross-Site Request Forgery is a major problem when it comes to browsing the web. If an attacker were to craft a request toward a server that performs an action, the request would contain any identifying cookies you have. As pointed out in academic literature, this can be used to empty bank accounts, change passwords, or anything in between.

This extension attempts to prevent Cross-Site Request Forgery by stripping cookies from any (non-GET) request that does not follow the same-origin policy. In this way, normal browsing remains uninterrupted while any possible CRSF attacks are blocked!

The extension is easily disabled and contains a small report of all requests which had cookies stripped.

This extension is open source and the source code is viewable at https://github.com/brandonio21/no-csrf

This extension is based on a similar extension by avlidienbrunn

Safety
Risk impact

No-CSRF is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this extension. Review carefully before installing. We recommend that you only install No-CSRF if you trust the publisher.

Risk likelihood

No-CSRF has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details
Screenshots
No-CSRF
Similar extensions

Here are some Chrome extensions that are similar to No-CSRF:

Ignore Google Scripts
Ignore Google Scripts
em_te
4.67
495
Xframe Assassin
Xframe Assassin
https://rayanthony.io
5.00
783
Disable Content-Security-Policy
Disable Content-Security-Policy
Phil Grayson
3.65
60,000+
Block Cross Domain protection
Block Cross Domain protection
Albert Sputa
N/A
49
Cross Domain - CORS
Cross Domain - CORS
Mai Tan
4.08
50,000+
No Opener, No Phishers
No Opener, No Phishers
Jamie Farrelly
4.78
790
Policy Control - JavaScript and Flash blocker
Policy Control - JavaScript and Flash blocker
rynu.smith
4.90
770
Origin Requests Only (Firewall)
Origin Requests Only (Firewall)
ATCS
4.45
598
Policy Control
Policy Control
MeryDev
4.33
411
Cacao CORS Proxy
Cacao CORS Proxy
Michael FIG
N/A
188
Block Unreachable Scripts
Block Unreachable Scripts
em_te
4.20
931
CounterXSS
CounterXSS
playarun93
5.00
578