NickScripts NickScripts

HeaderInject Privacy Policy

HeaderInject Privacy Policy

Last updated: May 12, 2026

HeaderInject is a browser extension for adding user-configured HTTP request headers for development, testing, and authentication workflows. This policy explains what data the extension handles and how it is used.

Data We Collect

HeaderInject does not collect, sell, share, or transfer personal data to the developer or to any developer-operated server.

The extension does not use analytics, tracking pixels, advertising identifiers, or behavioral profiling.

Data Processed Locally

HeaderInject processes the following data locally in your browser:

  • Header names and header values you configure.
  • URL patterns you configure for matching requests.
  • Whether header injection is enabled or disabled.

These settings are stored in Chrome extension local storage on your device.

Header values may contain sensitive information, such as development tokens or test credentials, if you choose to enter them. You are responsible for choosing which headers to store and which URL patterns they apply to.

How Header Injection Works

When enabled, HeaderInject uses Chrome's declarativeNetRequest API to add your configured headers to requests that match your configured URL pattern. If you leave the URL pattern blank or configure a broad pattern, your headers may be added to requests across many websites.

HeaderInject does not send your configured headers to the developer. However, matching websites and services that receive modified requests will receive the headers you configured, because that is the purpose of the extension.

Storage

HeaderInject uses Chrome extension local storage to save:

  • Configured header names and values.
  • The configured URL pattern.
  • The enabled or disabled state.

You can remove saved headers in the extension popup. You can remove all extension data by uninstalling the extension or clearing the extension's site data through your browser settings.

Website Access

HeaderInject requests access to all URLs so it can modify request headers on any site you choose for development and testing. The extension does not read page content, monitor browsing history, or transmit browsing activity to the developer.

For debugging, the extension may log rule-match information to the browser's extension console. This information remains local to your browser and is not transmitted by the extension.

Third-Party Links And Resources

The extension popup includes a support link to Ko-fi. Opening that link takes you to a third-party website governed by its own privacy policy.

Some user interface assets may be loaded from third-party content delivery networks. Those third parties may receive standard request information, such as your IP address and browser request metadata, when the popup loads those assets.

Data Sharing

HeaderInject does not share user data with the developer, advertisers, data brokers, or other third parties.

The only disclosure caused by the extension is the user-requested injection of configured headers into matching web requests.

Changes To This Policy

This policy may be updated if the extension's functionality or data handling changes. Updates will be included with the extension or its public listing.

Contact

For privacy questions, contact the developer through the Chrome Web Store listing or the repository where you obtained the extension.