UnXSS

Intercept and modify or delete websites' security headers

UnXSS

Download

Extension stats

By: audiere
Users: 517
Rating: 5.00
(7)
Version: 0.0.4 (Last updated: 2015-01-10)
Risk impact: High risk impact
Risk likelihood:
High risk likelihood
Manifest version: 2
Permissions:
  • storage
  • webRequest
  • webRequestBlocking
  • *://*/*
Size: 240.64K
Price: Free

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

Modify or delete websites' security headers on the fly.

• If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction.

• If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page.

• If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options.

Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled.

Source code: https://github.com/chbrown/chrome-unxss

User reviews

Good! It`s help me.
by 唐雪见, 2020-09-02
It works perfectly and allows me to do my job. Thanks!
by Nach Chet, 2019-08-09
Nettes Tool um zu testen, ob die eigene Sicherheitsmasnahmen funktioniren/greifen, wenn die Security-Policy und der Header von außen verändert wird.
by Nico Jablinski, 2019-04-10
View all user reviews

Extension safety

Risk impact

UnXSS requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk likelihood

UnXSS may not be trust-worthy. Avoid installing if possible unless you really trust this publisher.

Upgrade to see risk analysis details

Promo images

UnXSS small promo image
Small promo image

Similar extensions

Here are some Chrome extensions that are similar to UnXSS:

Trialfire Iframe Enabler
Trialfire Iframe Enabler
mkremer
N/A
107
Xframe Assassin
Xframe Assassin
https://rayanthony.io
5.00
610
MSOS X-Frame Buster
MSOS X-Frame Buster
https://midspike.com
5.00
261
Same Origin Method Execution - Targeting Tool
Same Origin Method Execution - Targeting Tool
https://benhayak.com
5.00
230
ZeptoIt
ZeptoIt
onedurr
3.67
100
HackerNotes Plugin
HackerNotes Plugin
abhishek77in
5.00
67
Content Security Policy Override
Content Security Policy Override
https://rufflewind.com
4.22
3,000+
OSDC Backpack
OSDC Backpack
jiit.osdc
4.92
185
Display Access Keys
Display Access Keys
dharris
4.33
321
Block Unreachable Scripts
Block Unreachable Scripts
em_te
4.00
418
Ignore X-Frame headers
Ignore X-Frame headers
Guillaume Ryder
4.39
300,000+
Caspr: Enforcer
Caspr: Enforcer
c0nrad
3.71
696
Breakbot
Breakbot
https://jacksbrain.com
3.80
278
M i M
M i M
Lon H
4.89
137
Input hidden Monitor
Input hidden Monitor
Bohumil Beran
N/A
326
LazySec
LazySec
Agustín Tobio Corneu
5.00
2,000+
Cacao CORS Proxy
Cacao CORS Proxy
Michael FIG
N/A
199
ForceCORS
ForceCORS
cdeely
3.81
2,000+