extension ExtPose


Description from extension meta

Intercept and modify or delete websites' security headers

Image from store UnXSS
Description from store Modify or delete websites' security headers on the fly. • If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction. • If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page. • If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options. Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled. Source code: https://github.com/chbrown/chrome-unxss

Latest reviews

  • (2019-08-09) Nach Chet: It works perfectly and allows me to do my job. Thanks!
  • (2019-04-10) Nico Jablinski: Nettes Tool um zu testen, ob die eigene Sicherheitsmasnahmen funktioniren/greifen, wenn die Security-Policy und der Header von außen verändert wird.
  • (2017-11-14) Brandon Jensen: Exactly what I needed.


489 history
5.0 (6 votes)
Last update / version
2015-01-10 / 0.0.4
Listing languages