All HTTPS Sites

https://*/*

High RiskCategory: Host PermissionsView Official Docs↗

⚠

Install Warning

"Read and change all your data on all websites."

Technical Context

Grants access to all secure HTTPS websites. This covers the vast majority of modern web traffic but excludes insecure HTTP sites.

What This Means For You

The extension can access all secure websites you visit, which includes almost every site you use today. It still cannot access special Chrome pages.

Related APIs

This permission enables access to these Chrome APIs:

chrome.scripting

Common Use Cases

✓Universal web tools
✓Accessibility extensions

How to Declare in manifest.json

Add the "https://*/*" permission to your extension manifest:

{
  "manifest_version": 3,
  "name": "My Extension",
  "permissions": [
    "https://*/*"
  ]
}

What Users Will See

When users install your extension, Chrome will display this warning:

⚠

This extension can:

"Read and change all your data on all websites."

Related Permissions

All URLs

<all_urls>

The extension can see and modify every single website you visit, including sensitive pages like banking and email. This is the most powerful and potentially dangerous permission an extension can have.

high

All HTTP/HTTPS Sites

*://*/*

The extension can access every normal website you visit. The only pages it cannot touch are special Chrome settings pages and other extensions.

high

Local Files

file:///*

The extension can read files you open directly in Chrome from your computer. This is useful for tools that enhance local file viewing but means it can see personal documents.

high

All HTTP Sites

http://*/*

The extension can access websites that do not use secure HTTPS connections. These are becoming rare but still exist for some legacy sites.

high

Tabs

tabs

The extension can see what websites you have open in all your tabs, even if you are not actively using them. This is necessary for tab managers but means the extension knows your browsing patterns.

high