UnXSS (cbjmpjkhiafmdnjnigdbelcnbihgpmge): Intercept and modify or delete websites' security headers... Read More > or Download Now >
UnXSS for Chrome
Tech Specs
- • Type: Browser Extension
- • Latest Version: 0.0.4
- • Price: Freeware
- • Offline: No
- • Developer: audiere
User Reviews
- • Rating Average
- 5 out of 5
- • Rating Users
- 7
Download Count
- • Total Downloads
- 14
- • Current Version Downloads
- 14
- • Updated: January 10, 2015
UnXSS is a free Accessibility Extension for Chrome. You could download the latest version crx file and install it.
More About UnXSS
Modify or delete websites' security headers on the fly.
• If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction.
• If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page.
• If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options.
Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled.
Source code: https://github.com/chbrown/chrome-unxss
• If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction.
• If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page.
• If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options.
Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled.
Source code: https://github.com/chbrown/chrome-unxss
