extension ExtPose

UnXSS

Description from extension meta

Intercept and modify or delete websites' security headers

Image from store UnXSS
Description from store Modify or delete websites' security headers on the fly. • If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction. • If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page. • If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options. Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled. Source code: https://github.com/chbrown/chrome-unxss

Latest reviews

  • (2019-08-09) Nacho Hott: It works perfectly and allows me to do my job. Thanks!
  • (2019-04-10) Nico Jablinski: Nettes Tool um zu testen, ob die eigene Sicherheitsmasnahmen funktioniren/greifen, wenn die Security-Policy und der Header von außen verändert wird.
  • (2017-11-14) Brandon Jensen: Exactly what I needed.

Statistics

Installs
521
Category
Rating
5.0 (6 votes)
Last update / version
2015-01-10 / 0.0.4

Links