UnXSS
Intercept and modify or delete websites' security headers
Stats
Other platforms
Summary
Modify or delete websites' security headers on the fly.
• If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction.
• If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page.
• If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options.
Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled.
Source code: https://github.com/chbrown/chrome-unxss
User reviews
Safety
Risk impact
UnXSS is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this extension. Review carefully before installing. We recommend that you only install UnXSS if you trust the publisher.
Risk likelihood
UnXSS may not be trust-worthy. Avoid installing if possible unless you really trust this publisher.
Promo images
Similar extensions
Here are some Chrome extensions that are similar to UnXSS: