CRX id
cbjmpjkhiafmdnjnigdbelcnbihgpmge
cbjmpjkhiafmdnjnigdbelcnbihgpmge
Description from extension meta
Intercept and modify or delete websites' security headers
Image from store
Description from store
Modify or delete websites' security headers on the fly.
• If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction.
• If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page.
• If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options.
Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled.
Source code: https://github.com/chbrown/chrome-unxss
Latest reviews
- (2020-09-02) 唐雪见: Good! It`s help me.
- (2019-08-09) Nach Chet: It works perfectly and allows me to do my job. Thanks!
- (2019-04-10) Nico Jablinski: Nettes Tool um zu testen, ob die eigene Sicherheitsmasnahmen funktioniren/greifen, wenn die Security-Policy und der Header von außen verändert wird.
- (2017-11-14) Brandon Jensen: Exactly what I needed.
Statistics
Installs
525
history
Category
Rating
5.0 (7 votes)
Last update / version
2015-01-10 / 0.0.4
Listing languages