extension ExtPose

UnXSS (delisted)

CRX id


Description from extension meta

Intercept and modify or delete websites' security headers

Image from store UnXSS
Description from store Modify or delete websites' security headers on the fly. • If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction. • If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page. • If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options. Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled. Source code: https://github.com/chbrown/chrome-unxss

Latest reviews

  • (2020-09-02) 唐雪见: Good! It`s help me.
  • (2019-08-09) Nach Chet: It works perfectly and allows me to do my job. Thanks!
  • (2019-04-10) Nico Jablinski: Nettes Tool um zu testen, ob die eigene Sicherheitsmasnahmen funktioniren/greifen, wenn die Security-Policy und der Header von außen verändert wird.
  • (2017-11-14) Brandon Jensen: Exactly what I needed.


525 history
5.0 (7 votes)
Last update / version
2015-01-10 / 0.0.4
Listing languages