Extensions request access to your browser data. Here's how to review what each extension can see and do. And what permissions are normal vs suspicious.
When you install a Chrome extension, it requests specific permissions to function. These permissions define what data the extension can access: your browsing history, the content of pages you visit, your clipboard, cookies, and more. Most legitimate extensions request only what they genuinely need, but malicious extensions exploit broad permissions to steal data.
Type chrome://extensions in the address bar and press Enter.
Click the Details button on the extension card you want to inspect.
Scroll down to the Permissions section. You'll see a plain-English list of what the extension can access. Also check Site access, this shows whether it runs on all sites, specific sites, or only when you click it.
| Permission | Normal for SEO tools? | What it means |
|---|---|---|
| Read and change data on all sites | Expected | Needed for on-page analysis and overlays |
| Read your browsing history | Unusual | Not needed for most SEO tools |
| Read and change data on specific sites | Normal | Minimal scope. Better than "all sites" |
| Display notifications | Unusual for SEO tools | Acceptable for productivity tools |
| Manage your apps, extensions, and themes | Suspicious | No SEO tool needs this |
| Read and change your bookmarks | Suspicious | No SEO tool needs this |
| Communicate with cooperating native apps | Unusual | Legitimate only for password managers |
You can restrict when an extension runs. In the extension's Details page, under Site access, change the setting from "On all sites" to "On click", the extension will only run when you click its icon, not on every page load automatically. This reduces both privacy exposure and memory usage.