Privacy Policy — Security Headers

Last updated: April 6, 2026

Summary

Security Headers does not collect, transmit, or share any personal data. Everything stays on your device.

Data collection

Security Headers collects no personal information. The extension stores the following data locally on your device using Chrome's built-in chrome.storage.local API:

• A history of scanned sites (hostname, grade, percentage, and timestamp). No full URLs, cookies, or page content are stored.

How the scan works

When you click "Scan This Page," the extension injects a small script into the active tab that performs a same-origin fetch() HEAD request to the current page URL. The HTTP response headers are read locally and analyzed entirely within your browser. No data is sent to any external server.

Data sharing

Security Headers does not transmit any data to external servers, analytics services, or third parties. The only network request made is the same-origin HEAD fetch to the page you are already visiting.

Data retention

Scan history is limited to the most recent 50 entries and can be cleared at any time from the extension popup. You can also clear all stored data by uninstalling the extension or clearing its storage through Chrome's extension settings.

Permissions

Security Headers requests the following Chrome permissions:

• activeTab — Accesses the current tab to identify the page URL for scanning.
• scripting — Injects a read-only script into the active tab to perform a same-origin HEAD fetch and read response headers.
• storage — Saves scan history locally on your device.

Third-party services

Security Headers uses no third-party services, SDKs, analytics, or tracking tools.

Changes to this policy

If this privacy policy is updated, the changes will be noted here with a revised "last updated" date.

Contact

Questions or concerns? Reach out at peakpostagent@gmail.com.