Header Injector — Privacy Policy
Header Injector collects no personal data, has no account system, runs no analytics, and has no backend of its own. Everything it stores is your own configuration, kept in your browser.
Last updated: 10 July 2026.
What we collect
Nothing. The extension does not collect, transmit, or sell any personal or browsing data. We do not operate a server, and no data ever leaves your browser to reach us or any third party.
What the extension stores
The only data the extension holds is the configuration you create: the header name/value pairs you add, their descriptions, URL patterns, each header's enabled state, and the master on/off toggle. This is saved using Chrome's storage.sync API, which keeps it in your own browser profile and, if you are signed in to Chrome, syncs it across your devices through your Google account. We have no access to it.
How your headers are used
When enabled, the extension adds the headers you configured to outgoing web requests, using Chrome's declarativeNetRequest API. Those headers are sent only to the sites they target — every site, or the specific URL patterns you set. The extension does not read the content of pages, requests, or responses, and it does not log your browsing.
Permissions
The extension requests broad host access so that a header you mark as global, or scope with a wildcard pattern, can be applied on the sites you choose. It requests declarativeNetRequest to modify request headers and storageto save your configuration. These permissions exist solely to provide the extension's single purpose — injecting your headers — and for nothing else.
Import & export
Exporting writes your configuration to a JSON file that you save locally. Importing reads a JSON file you select. These files stay on your device; the extension does not upload or fetch them from anywhere.
A note on header values
If you choose to store a sensitive value — such as an authentication token — as a header, it is kept only in your own browser storage as described above. Treat exported configuration files accordingly, since they contain whatever values you entered.
Children
Header Injector is a developer tool, is not directed at children, and does not knowingly collect information from anyone.
Contact
Questions about privacy? Reach us via the support page.