UnXSS

Extension Delisted

This extension is no longer available in the official store. Delisted on 2025-09-15.

How to install an extension Open in Chrome Web Store

CRX ID

cbjmpjkhiafmdnjnigdbelcnbihgpmge

Status

Minor Policy Violation
Removed Long Ago
No Privacy Policy

Description from extension meta

Intercept and modify or delete websites' security headers

Image from store

Description from store

Modify or delete websites' security headers on the fly.

• If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction.

• If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page.

• If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options.

Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled.

Source code: https://github.com/chbrown/chrome-unxss

Latest reviews

唐雪见 2020-09-02: Good! It`s help me.
Nach Chet 2019-08-09: It works perfectly and allows me to do my job. Thanks!
Nico Jablinski 2019-04-10: Nettes Tool um zu testen, ob die eigene Sicherheitsmasnahmen funktioniren/greifen, wenn die Security-Policy und der Header von außen verändert wird.
Brandon Jensen 2017-11-14: Exactly what I needed.

Extension Delisted

Extension Actions