Last updated: March 4, 2026
CORS Bypass (“the Extension”) is a Chrome browser extension that modifies HTTP response headers to bypass CORS (Cross-Origin Resource Sharing) restrictions during web development. This privacy policy explains what data the Extension collects, stores, and transmits.
CORS Bypass collects zero user data.
The Extension stores the following data locally on your device using Chrome’s chrome.storage.local API:
This data never leaves your browser. It is not synced, uploaded, or shared with any third party.
The Extension requests the following Chrome permissions:
| Permission | Purpose |
|---|---|
declarativeNetRequest |
Modify HTTP response headers to inject CORS headers on enabled domains |
declarativeNetRequestFeedback |
Display the count of modified requests in the popup debug panel |
storage |
Save your enabled domains and settings locally |
activeTab |
Detect the hostname of the currently active tab |
host_permissions: <all_urls> |
Apply CORS header modifications to any domain the user enables |
The Extension does not use any third-party services, SDKs, libraries, or APIs that collect data.
The Extension does not inject any content scripts into web pages. It only modifies HTTP response headers at the network level using Chrome’s declarativeNetRequest API.
The Extension does not collect any data from any users, including children under the age of 13.
If this privacy policy is updated, the changes will be posted on this page with an updated “Last updated” date. The Extension does not collect email addresses, so there is no way to notify users of policy changes — please check this page periodically.
If you have questions about this privacy policy, please open an issue on the project’s GitHub repository.