No-CSRF

Prevent cookies from being client-side sent cross-origin.
What is No-CSRF?
No-CSRF is a Chrome extension that prevents Cross-Site Request Forgery (CSRF) attacks by removing cookies from non-GET requests that violate the same-origin policy. This extension keeps your browsing secure and provides a report of stripped cookies. Open source and based on a similar extension by avlidienbrunn.
Download

Extension stats

Users: 456 ▲ 7
Rating: 5.00 (1)
Version: 0.42 (Last updated: 2016-07-05)
Creation date: 2016-07-04
Risk impact: High risk impact
Risk likelihood: Low risk likelihood
Manifest version: 2
Permissions:
  • webRequest
  • webRequestBlocking
  • tabs
  • webNavigation
  • <all_urls>
Size: 9.81K

Ranking

# 42655 ▲ 32
Other rankings
#7657 in Developer Tools ▼ 19 #110 in contain keyword 9 ▲ 4 #252 in request keyword 20

Other platforms

Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

Cross-Site Request Forgery is a major problem when it comes to browsing the web. If an attacker were to craft a request toward a server that performs an action, the request would contain any identifying cookies you have. As pointed out in academic literature, this can be used to empty bank accounts, change passwords, or anything in between.

This extension attempts to prevent Cross-Site Request Forgery by stripping cookies from any (non-GET) request that does not follow the same-origin policy. In this way, normal browsing remains uninterrupted while any possible CRSF attacks are blocked!

The extension is easily disabled and contains a small report of all requests which had cookies stripped.

This extension is open source and the source code is viewable at https://github.com/brandonio21/no-csrf

This extension is based on a similar extension by avlidienbrunn

Extension safety

Risk impact

No-CSRF requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk likelihood

No-CSRF has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details

Similar extensions

Here are some Chrome extensions that are similar to No-CSRF:

Ignore Google Scripts
Ignore Google Scripts
em_te
4.67
375
Xframe Assassin
Xframe Assassin
https://rayanthony.io
5.00
651
Disable Content-Security-Policy
Disable Content-Security-Policy
Phil Grayson
3.64
60,000+
Block Cross Domain protection
Block Cross Domain protection
Albert Sputa
N/A
38
Cross Domain - CORS
Cross Domain - CORS
Mai Tan
3.92
50,000+
No Opener, No Phishers
No Opener, No Phishers
Jamie Farrelly
4.78
635
Policy Control - JavaScript and Flash blocker
Policy Control - JavaScript and Flash blocker
rynu.smith
4.92
776
Origin Requests Only (Firewall)
Origin Requests Only (Firewall)
ATCS
4.50
538
Policy Control
Policy Control
MeryDev
4.33
594
Cacao CORS Proxy
Cacao CORS Proxy
Michael FIG
N/A
207
Block Unreachable Scripts
Block Unreachable Scripts
em_te
4.00
432
Clickjacking Test
Clickjacking Test
Offcon Info Security
4.33
4,000+