Extensions request access to your browser data. Here's how to review what each extension can see and do — and what permissions are normal vs suspicious.
When you install a Chrome extension, it requests specific permissions to function. These permissions define what data the extension can access: your browsing history, the content of pages you visit, your clipboard, cookies, and more. Most legitimate extensions request only what they genuinely need — but malicious extensions exploit broad permissions to steal data.
Type chrome://extensions in the address bar and press Enter.
Click the Details button on the extension card you want to inspect.
Scroll down to the Permissions section. You'll see a plain-English list of what the extension can access. Also check Site access — this shows whether it runs on all sites, specific sites, or only when you click it.
| Permission | Normal for SEO tools? | What it means |
|---|---|---|
| Read and change data on all sites | Expected | Needed for on-page analysis and overlays |
| Read your browsing history | Unusual | Not needed for most SEO tools |
| Read and change data on specific sites | Normal | Minimal scope — better than "all sites" |
| Display notifications | Unusual for SEO tools | Acceptable for productivity tools |
| Manage your apps, extensions, and themes | Suspicious | No SEO tool needs this |
| Read and change your bookmarks | Suspicious | No SEO tool needs this |
| Communicate with cooperating native apps | Unusual | Legitimate only for password managers |
You can restrict when an extension runs. In the extension's Details page, under Site access, change the setting from "On all sites" to "On click" — the extension will only run when you click its icon, not on every page load automatically. This reduces both privacy exposure and memory usage.