UnXSS

UnXSS

Intercept and modify or delete websites' security headers

Stats
This extension was removed from Chrome Web Store on 2021-04-21
By: audiere
Users: 517
Rating: 5.00 (7)
Version: 0.0.4 (Last updated: 2015-01-10)
Risk impact: High risk impact
Risk likelihood: High risk likelihood
Manifest version: 2
Permissions:
  • storage
  • webRequest
  • webRequestBlocking
  • *://*/*
Size: 240.64K
Price: Free
Stats date:

Other platforms

Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.
Chrome-Stats extension
Summary

Modify or delete websites' security headers on the fly.

• If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction.

• If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page.

• If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options.

Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled.

Source code: https://github.com/chbrown/chrome-unxss

User reviews
Good! It`s help me.
by 唐雪见 唐雪见, 2020-09-02

It works perfectly and allows me to do my job. Thanks!
by Nach Chet, 2019-08-09

Nettes Tool um zu testen, ob die eigene Sicherheitsmasnahmen funktioniren/greifen, wenn die Security-Policy und der Header von außen verändert wird.
by Nico Jablinski, 2019-04-10
View all user reviews
Safety
Risk impact

UnXSS is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this extension. Review carefully before installing. We recommend that you only install UnXSS if you trust the publisher.

Risk likelihood

UnXSS may not be trust-worthy. Avoid installing if possible unless you really trust this publisher.

Upgrade to see risk analysis details
Promo images
UnXSS small promo image
Small promo image
Similar extensions

Here are some Chrome extensions that are similar to UnXSS: