Spectra is a Chrome extension that audits HTTP security headers, cookies, and CORS
configuration for websites you visit. This page explains what data the extension
accesses and how it is handled.
Data the extension accesses
HTTP response headers are read from pages you navigate to in order
to evaluate their security configuration. This data is processed locally and never
leaves your device.
Cookies are read from the active tab to check security attributes
(HttpOnly, Secure, SameSite). This data is processed locally and never leaves your device.
Page URLs are used to fetch headers and identify the site being scanned.
URLs are not stored persistently or sent to our servers.
External requests
Spectra makes requests to the following third-party services:
hstspreload.org is queried to check whether a domain appears on the
browser HSTS preload list. Only the domain name is sent. No personal data is included.
Sites you choose to scan are fetched directly by the Bulk Scanner to
retrieve HTTP headers. No data from those requests is stored or forwarded anywhere.
Our license server receives your license key when you activate Pro or
when the extension revalidates it. No other personal data is sent.
Local storage
Session storage holds scan results and header data temporarily in
chrome.storage.session. This is cleared automatically when the browser closes.
Local storage stores your Pro license key, theme preference, and
Terms of Service acceptance in chrome.storage.local on your device.
None of this is transmitted to third parties.
Data sharing
We do not sell, share, or transmit personal data to third parties. The extension does
not collect analytics, crash reports, or usage statistics of any kind.
Permissions
webRequest is used to read HTTP response headers from pages you visit.
cookies is used to read cookie attributes for the active tab.
tabs is used to identify the current active tab's URL.
storage is used to cache scan results temporarily and store your license key.
Children's privacy
Spectra is a developer tool and is not directed at children under 13. We do not
knowingly collect any information from children.
Changes to this policy
If this policy changes in a material way, we will update the date at the top of this page.
Continued use of the extension after changes are posted constitutes acceptance of the updated policy.
Chrome Web Store Limited Use Compliance
Spectra's use of user data complies with the
Chrome Web Store User Data Policy,
including its Limited Use requirements. User data is used only to provide the
extension's security analysis features and is not sold, shared with advertisers,
or used for any purpose unrelated to those features.