All HTTP Sites

http://*/*

High RiskCategory: Host PermissionsView Official Docs↗

⚠

Install Warning

"Read and change all your data on all websites."

Technical Context

Grants access to all non-secure HTTP websites. Since HTTP traffic is unencrypted, this is increasingly less common as the web moves to HTTPS.

What This Means For You

The extension can access websites that do not use secure HTTPS connections. These are becoming rare but still exist for some legacy sites.

Related APIs

This permission enables access to these Chrome APIs:

chrome.scripting

Common Use Cases

✓Legacy site tools
✓Developer debugging

How to Declare in manifest.json

Add the "http://*/*" permission to your extension manifest:

{
  "manifest_version": 3,
  "name": "My Extension",
  "permissions": [
    "http://*/*"
  ]
}

What Users Will See

When users install your extension, Chrome will display this warning:

⚠

This extension can:

"Read and change all your data on all websites."

Related Permissions

All URLs

<all_urls>

The extension can see and modify every single website you visit, including sensitive pages like banking and email. This is the most powerful and potentially dangerous permission an extension can have.

high

All HTTP/HTTPS Sites

*://*/*

The extension can access every normal website you visit. The only pages it cannot touch are special Chrome settings pages and other extensions.

high

Local Files

file:///*

The extension can read files you open directly in Chrome from your computer. This is useful for tools that enhance local file viewing but means it can see personal documents.

high

All HTTPS Sites

https://*/*

The extension can access all secure websites you visit, which includes almost every site you use today. It still cannot access special Chrome pages.

high

Tabs

tabs

The extension can see what websites you have open in all your tabs, even if you are not actively using them. This is necessary for tab managers but means the extension knows your browsing patterns.

high