All HTTP/HTTPS Sites
*://*/*Install Warning
"Read and change all your data on all websites."
Technical Context
Grants access to all websites using HTTP or HTTPS protocols, excluding special Chrome pages (chrome://, chrome-extension://). Functionally similar to <all_urls> for most practical purposes.
What This Means For You
The extension can access every normal website you visit. The only pages it cannot touch are special Chrome settings pages and other extensions.
Related APIs
This permission enables access to these Chrome APIs:
chrome.scriptingchrome.tabsCommon Use Cases
- ✓Password managers
- ✓Universal tools
How to Declare in manifest.json
Add the "*://*/*" permission to your extension manifest:
{
"manifest_version": 3,
"name": "My Extension",
"permissions": [
"*://*/*"
]
}What Users Will See
When users install your extension, Chrome will display this warning:
This extension can:
"Read and change all your data on all websites."
Related Permissions
All URLs
<all_urls>The extension can see and modify every single website you visit, including sensitive pages like banking and email. This is the most powerful and potentially dangerous permission an extension can have.
Local Files
file:///*The extension can read files you open directly in Chrome from your computer. This is useful for tools that enhance local file viewing but means it can see personal documents.
All HTTP Sites
http://*/*The extension can access websites that do not use secure HTTPS connections. These are becoming rare but still exist for some legacy sites.
All HTTPS Sites
https://*/*The extension can access all secure websites you visit, which includes almost every site you use today. It still cannot access special Chrome pages.
Tabs
tabsThe extension can see what websites you have open in all your tabs, even if you are not actively using them. This is necessary for tab managers but means the extension knows your browsing patterns.