UnXSS
Extension Delisted
This extension is no longer available in the official store. Delisted on 2025-09-15.
Intercept and modify or delete websites' security headers
Modify or delete websites' security headers on the fly.
• If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction.
• If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page.
• If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options.
Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled.
Source code: https://github.com/chbrown/chrome-unxss
Latest reviews
Good! It`s help me.
It works perfectly and allows me to do my job. Thanks!
Nettes Tool um zu testen, ob die eigene Sicherheitsmasnahmen funktioniren/greifen, wenn die Security-Policy und der Header von außen verändert wird.
Exactly what I needed.
