No-CSRF

Prevent cookies from being client-side sent cross-origin.

No-CSRF: Prevent Cross-Site Request Forgery

No-CSRF is a Chrome extension that prevents Cross-Site Request Forgery (CSRF) attacks by removing cookies from non-GET requests that violate the same-origin policy. This extension keeps your browsing secure and provides a report of stripped cookies. Open source and based on a similar extension by avlidienbrunn.
Install from Chrome Web Store

Extension stats

Users: 429
-7
Rating: 5.00
(1)
Version: 0.42 (Last updated: 2016-07-05)
Creation date: 2016-07-04
Risk impact: High risk impact
Risk likelihood:
Manifest version: 2
Permissions:
  • webRequest
  • webRequestBlocking
  • tabs
  • webNavigation
  • <all_urls>
Size: 9.81K

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Cross-Site Request Forgery is a major problem when it comes to browsing the web. If an attacker were to craft a request toward a server that performs an action, the request would contain any identifying cookies you have. As pointed out in academic literature, this can be used to empty bank accounts, change passwords, or anything in between.

This extension attempts to prevent Cross-Site Request Forgery by stripping cookies from any (non-GET) request that does not follow the same-origin policy. In this way, normal browsing remains uninterrupted while any possible CRSF attacks are blocked!

The extension is easily disabled and contains a small report of all requests which had cookies stripped.

This extension is open source and the source code is viewable at https://github.com/brandonio21/no-csrf

This extension is based on a similar extension by avlidienbrunn

Extension safety

Risk impact

No-CSRF requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk likelihood

No-CSRF has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details

Similar extensions

Here are some Chrome extensions that are similar to No-CSRF: