When you install an extension into Firefox, you may be presented with a message similar to this one: {for fx129}[[Image:firefoxrelay|width=1000]]{/for}{for not fx129}[[Image:Permissions request add-ons|width=1000]] {/for} {for fx129}{note}'''Note:''' For details on the ''Run in Private Windows'' checkbox, see [[#w_manage-extensions-in-private-windows|Manage extensions in private windows]] and [[Extensions in Private Browsing]].{/note}{/for} This is an extension asking your permission to tap into Firefox’s inner framework (via APIs) to alter your browser’s behavior. These APIs might ask to read or write data you enter in webpages, read data from or access features on your computer, or alter the settings in your browser. The extension may also use this message to inform you about any of your personal data that it collects or transmits. {for not fx129}So you can better understand what these messages mean in terms of practical impact on your browsing experience and your data, this article provides details about each of the messages.{/for} If you don't see one of these messages, that means the extension won't try to access any of your data or change the settings in your browser. {for not fx129}(You're also encouraged to check out [[Tips for assessing the safety of an extension]] for further guidance on evaluating extensions.){/for} =Extension permissions= When you first install a Firefox extension, you may be asked to grant certain permissions. These permissions let you know what the extension can access or modify in Firefox. You can choose to accept or decline these permissions during installation. __TOC__ =Personal data collection= Mozilla’s [https://extensionworkshop.com/documentation/publish/add-on-policies/ add-on policies] require extension developers to inform users of the personal data that an extension collects or transmits as part of its functionality. An extension can do this by informing the user of the data it intends to collect during the installation of the add-on, at the same time as it requests access to permissions. Firefox organizes this into two categories based on the type of data involved: *'''Personal data''' – Information that can identify you, such as browsing history or saved passwords. *'''Technical and interaction data''' – Details about how you use the extension or your device's technical configuration. [[Image:datacollection]] This is available for extensions that are installed on Firefox 140 and later. If you are using an earlier version that this extension supports, then they will show you a screen that they have created, usually in a new tab, asking you to consent to the data collection. If you do not agree to the data collection and the permissions the extension is requesting, you can choose to cancel the installation. ==Personal data== Personal data can either be provided by you or obtained through extension APIs. It includes, but is not limited to, names, email addresses, search terms, web page and browsing activity data, as well as access to and placement of cookies. The extension will mention which categories of data it will collect or transmit from the list below. {| |+ Table caption !Personal Data Category!!Definition / Examples |- |Personally identifying information||Examples: contact information like name and address, email, and phone number, as well as other identifying data such as ID numbers, voice or video recordings, age, demographic information, or biometric data. |- |Health information||Examples: medical history, symptoms, diagnoses, treatments, procedures, or heart rate data. |- |Financial and payment information||Examples: credit card numbers, transactions, credit ratings, financial statements, or payment history. |- |Authentication information||Examples: passwords, usernames, personal identification numbers (PINs), security questions, and registration information for extensions that offer account-based services. |- |Personal communications||Examples: emails, text or chat messages, social media posts, and data from phone calls and conference calls. |- |Location||Examples: region, GPS coordinates, or information about things near a user’s device. |- |Browsing activity||Information about the websites you visit, like specific URLs, domains, or categories of pages you view over time. |- |Website content||Covers anything visible on a website — such as text, images, videos, and links — as well as anything embedded like cookies, audio, page headers, request, and response information. |- |Website activity||Examples: interactions and mouse and keyboard activity like scrolling, clicking, typing, and covers actions such as saving and downloading. |- |Search terms||Search terms entered into search engines or the web browser. |- |Bookmarks||Information about Firefox bookmarks, including specific websites, bookmark names, and folder names. |} ==Technical and interaction data== An extension can also ask to collect non-personal Technical and Interaction data which developers use for statistical or analytics purposes. Technical data describes information about the device you are using, such as browser settings, platform information, and hardware properties. User interaction data includes how you interact with Firefox and the installed add-on, metrics for product improvement, and error information. The extension must give you a choice to opt out of this type of data collection without affecting the extension's functionality. You can change this setting, as well as any other optional data collection settings, under the extension settings in about:addons. =Access your data for all websites= The extension could read the content of any web page you visit, as well as data you enter into those web pages, such as usernames and passwords. Extensions requesting this permission might: * Read product and price information from a page to help find you the best price on items you're shopping for * Offer a password manager that reads and writes details of your username and password * Provide an ad blocker by reading the content of each web page you open to find and remove ad code =Access your data for sites in the “named” domain= The extension could read the content of web pages you visit in the specified domain, as well as data you enter into those web pages, such as usernames and passwords. {for fx133} ;[[Image:Add-on permission named domain|width=400]] {/for} Extensions requesting this permission might: * Update the look of some or all pages within the domain * Block content, such as advertising or content using certain tags, from a domain’s content feed =Access your data in # other domains= Used in conjunction with the named domain message (above) when the extension is requesting access to five or more domains; the first three are listed and the other domain requests counted. =Access your data for a specific site= The extension could read the content of any web pages you visit at the specified website, as well as any data you enter into those web pages, such as usernames and passwords. Extensions requesting this permission might: * Update the look of some or all pages within the website * Block content, such as advertising or content labeled with certain tags =Access your data on # other sites= Used in conjunction with the named website message (above) when the extension is requesting access to five or more websites – the first three are listed and the other website requests counted. =Read and modify bookmarks= The extension could create, modify or remove bookmarks, or change the folder structure in which bookmarks are stored. Extensions requesting this permission might: * Add bookmarks for their features or for certain web pages * Provide enhanced bookmark management features =Read and modify browser settings= The extension could do one or more of the following: * Enable or disable the display of popups * Enable or disable the caching of web pages * Set the browser to deny or prompt for all new requests to display notifications * Read the URL of the browser’s home page * Read the URL used in new tabs * Determine how the browser displays animated images—plays as normal, once, or not at all =Clear recent browsing history, cookies and related data= Extensions requesting this permission might offer enhanced features to clean up your browsing history. The extension could clear any or all of: * Browser cache * Cookies * Downloads * History * Local storage * Plugin data * Saved form data * Saved passwords =Get data from the clipboard= The extension could retrieve data from the clipboard: The equivalent of “paste”. Extensions requesting this permission might: * Let you submit copied text into a translation tool * Use a copied image to perform a lookup in a visual search engine =Input data to the clipboard= The extension could write data to the clipboard: The equivalent of “copy” or “cut”. Extensions requesting this permission might add content to the clipboard, so you can use it elsewhere in your browser or computer. =Extend developer tools to access your data in open tabs= The extension could add a new panel to the developer tools and will be given access to all data in all tabs. Extensions requesting this permission will usually deliver new [https://developer.mozilla.org/en-US/docs/Glossary/Developer_Tools developer tools]. However, some ordinary extensions use the developer tools to provide additional diagnostic or informational features. One example is [https://addons.mozilla.org/firefox/addon/adblock-plus/ Adblock Plus], which provides a feature in developer tools where you can see details of the ads and content it’s blocking. =Download files and read and modify the browser’s download history= The extension could save a file from the web or one created in the extension using the browser’s download manager. The extension could also access and update details of downloaded files stored in the download manager. {note}'''Note:''' The extension has to obey the settings in the download manager, putting you in control of where the files are saved.{/note} Extensions requesting this permission might: * Save data from the extension to your computer (extensions aren’t allowed to write directly to your computer’s file system) * Save files from a website or remote server * Provide a feature to manage download history =Open files downloaded to your computer= The extension could request that the application on your computer that handles files of a specific type opens a downloaded file. For example, if you have Microsoft Word installed on your computer, the extension could request it to open files with “.docx”. Extensions requesting this permission might: * Open audio files in your computer’s music player * Open documents, images or other files in an editor =Read the text of all open tabs= The extension could perform a search of the text content of any tab. Extensions requesting this permission might provide an enhanced “find” feature. =Access your location= The extension could obtain your location from your computer, GPS, the location associated with your IP address or some other method. Extensions requesting this permission might: * Provide information about your current location * Record your location with data maintained in the extension =Access browsing history= The extension could do one of the following with your browser history: * Search for pages * Remove some or all pages * Add pages * Retrieve or remove details of visits to a page * Access the list of “Top Sites” that are shown in the browser's new tab page Extensions requesting this permission might: * Offer features to remove browsing history for certain websites or domains * Provide enhanced reporting on your browsing history =Monitor extension usage and manage themes= The extension could: * Get information about installed add-ons (extensions and themes) * Enable and disable themes * Uninstall itself * Get notifications of add-ons being installed, uninstalled, enabled or disabled Extensions requesting this permission might: * Monitor add-on installation to check for any potential conflicts * Change or manage themes =Exchange messages with programs other than Firefox= The extension could send messages to and receive them from a complementary native app on your computer. The complementary app needs to be installed on your computer independently of the extension. This usually happens in one of two ways: * The extension will provide a guide to the steps you should follow to install the app * You would have installed an app that then suggests you install an extension in Firefox Please note that Mozilla has not vetted or reviewed the complementary app. You should approach the installation of the complementary app with the same caution you would apply when installing any third party software from the internet. Extensions requesting this permission might: * Use a complementary app to communicate with hardware attached to your computer * Store usernames and passwords using a secure method not available to a browser * Perform extensive computations in a complimentary app =Display notifications to you= The extension could issue notifications through the standard notification system offered by your computer’s operating systems. Extensions requesting this permission might: * Alert you to the completion of background or long-running tasks in the extension * Aggregate messages from one or more web services =Provide cryptographic authentication services= The extension could access software on your computer for generating and validating security keys and certificates using the PKCS #11 standard. (Note the extension can't install the PKCS #11 software on your computer; you’ll be prompted to install the software separately.) Extensions requesting this permission might: * Offer features to use securely encrypted single sign-on mechanisms * Provide a smartcard reader =Read and modify privacy settings= The extension could change privacy related settings controlling: * Network behavior * Whether passwords are stored in the browser’s password manager * The way the browser interacts with websites Extensions requesting this permission might: * Disable browser storage of passwords as part of an enhanced password manager * Help protect your privacy by managing the information made available in real-time chat and video applications * Offer additional tracking protection features =Control browser proxy settings= The extension could direct some or all of your web browsing traffic to another computer (a proxy) on the internet. Extensions requesting this permission might: * Block access to certain websites or domains * Provide access to certain websites and domains through proxy servers, for example, to enable browsing where it might otherwise be limited by geography =Access recently closed tabs= The extension could access a list of recently closed windows and tabs, reopen those tabs and windows, and remove details of these tabs and windows from the lists. Extensions requesting this permission might: * Provide an enhanced browser history manager * Offer the ability to clean up or remove history for specific websites or domains * Deliver features to reopen closed tabs =Access browser tabs= The extension could obtain the URL, title and icon from any tab. Extensions requesting this permission might: * Access tab details to enable bookmarking * Order and group tabs * Move tabs between windows * Provide an alternative way of listing tabs =Store unlimited amount of client-side data= The extension could store an unlimited amount of data using your browser’s data storage features. Extensions requesting this permission might: * Store large files, such as images, locally in your browser * Offer an extensive local database of information =Access browser activity during navigation= The extension could listen for the steps the browser takes to navigate from a link to another page. The extension could then provide new features for the content on the page. Extensions requesting this permission might: * Detect when streamed videos are about to play and provide a download feature * Look for and prevent ad pop-ups from opening =Access MIDI devices with SysEx support= The site permission extension enables a website to communicate with MIDI devices and send and receive SysEx data. SysEx data is arbitrary, often specific to a particular device model or manufacturer. Websites granted this permission can tamper with the device. While there are many legitimate use-cases for SysEx messages, a malicious website could corrupt the device's memory. The consequences of malicious action range from losing all the data stored in the device to rendering the device useless by overwriting the device’s program memory. Extensions requesting this permission might: * Back up a MIDI device's configuration data (presets, samples, etc.) for archival * Restore the configuration of a MIDI device to a previously backed-up copy, or restore it to factory default * Configure a MIDI device using a web interface * Upgrade the firmware version of a MIDI device * Communicate with the device, sending and receiving more complex, advanced messages than standard MIDI notes or CC messages. For example, setting an LED color, writing text on a screen, etc. {for fx129} =Manage extensions in private windows= You can manage which extensions are active in private browsing by selecting the '''Run in Private Windows''' checkbox when granting a new extension permissions on your device. For more information, see [[Extensions in Private Browsing]]. ;[[Image:Permissions request add-ons/ focus|width=400]] {/for} {for fx136} <!-- This heading's text (“Allow unverified third-party scripts to access you data” in en-) must exactly match the string of webext-perms-description-userScripts in extensionPermissions.ftl, which was added in bug 1917000 (https://hg.mozilla.org/mozilla-central/rev/bc4881030055). Localized versions can be found at https://searchfox.org/l10n/search?q=webext-perms-description-userScripts --> =Allow unverified third-party scripts to access your data= The extension could enable unverified scripts to access your website data on websites that the extension can [[#w_access-your-data-for-all-websites|access]]. Unverified scripts can pose security and privacy risks, such as running harmful code or tracking website activity. Only run scripts from extensions or sources you trust. {/for} =Related content= *[[Manage optional permissions for Firefox extensions]]

When you install an extension into Firefox, you may be presented with a message similar to this one:

This is an extension asking your permission to tap into Firefox’s inner framework (via APIs) to alter your browser’s behavior. These APIs might ask to read or write data you enter in webpages, read data from or access features on your computer, or alter the settings in your browser.

The extension may also use this message to inform you about any of your personal data that it collects or transmits.

So you can better understand what these messages mean in terms of practical impact on your browsing experience and your data, this article provides details about each of the messages.

If you don't see one of these messages, that means the extension won't try to access any of your data or change the settings in your browser.

(You're also encouraged to check out Tips for assessing the safety of an extension for further guidance on evaluating extensions.)

Extension permissions

When you first install a Firefox extension, you may be asked to grant certain permissions. These permissions let you know what the extension can access or modify in Firefox. You can choose to accept or decline these permissions during installation.

Personal data collection

Mozilla’s add-on policies require extension developers to inform users of the personal data that an extension collects or transmits as part of its functionality. An extension can do this by informing the user of the data it intends to collect during the installation of the add-on, at the same time as it requests access to permissions.

Firefox organizes this into two categories based on the type of data involved:

• Personal data – Information that can identify you, such as browsing history or saved passwords.
• Technical and interaction data – Details about how you use the extension or your device's technical configuration.

This is available for extensions that are installed on Firefox 140 and later. If you are using an earlier version that this extension supports, then they will show you a screen that they have created, usually in a new tab, asking you to consent to the data collection.

If you do not agree to the data collection and the permissions the extension is requesting, you can choose to cancel the installation.

Personal data

Personal data can either be provided by you or obtained through extension APIs. It includes, but is not limited to, names, email addresses, search terms, web page and browsing activity data, as well as access to and placement of cookies. The extension will mention which categories of data it will collect or transmit from the list below.

Table caption

Personal Data Category	Definition / Examples
Personally identifying information	Examples: contact information like name and address, email, and phone number, as well as other identifying data such as ID numbers, voice or video recordings, age, demographic information, or biometric data.
Health information	Examples: medical history, symptoms, diagnoses, treatments, procedures, or heart rate data.
Financial and payment information	Examples: credit card numbers, transactions, credit ratings, financial statements, or payment history.
Authentication information	Examples: passwords, usernames, personal identification numbers (PINs), security questions, and registration information for extensions that offer account-based services.
Personal communications	Examples: emails, text or chat messages, social media posts, and data from phone calls and conference calls.
Location	Examples: region, GPS coordinates, or information about things near a user’s device.
Browsing activity	Information about the websites you visit, like specific URLs, domains, or categories of pages you view over time.
Website content	Covers anything visible on a website — such as text, images, videos, and links — as well as anything embedded like cookies, audio, page headers, request, and response information.
Website activity	Examples: interactions and mouse and keyboard activity like scrolling, clicking, typing, and covers actions such as saving and downloading.
Search terms	Search terms entered into search engines or the web browser.
Bookmarks	Information about Firefox bookmarks, including specific websites, bookmark names, and folder names.

Technical and interaction data

An extension can also ask to collect non-personal Technical and Interaction data which developers use for statistical or analytics purposes. Technical data describes information about the device you are using, such as browser settings, platform information, and hardware properties. User interaction data includes how you interact with Firefox and the installed add-on, metrics for product improvement, and error information.

The extension must give you a choice to opt out of this type of data collection without affecting the extension's functionality.

You can change this setting, as well as any other optional data collection settings, under the extension settings in about:addons.

Access your data for all websites

The extension could read the content of any web page you visit, as well as data you enter into those web pages, such as usernames and passwords.

Extensions requesting this permission might:

• Read product and price information from a page to help find you the best price on items you're shopping for
• Offer a password manager that reads and writes details of your username and password
• Provide an ad blocker by reading the content of each web page you open to find and remove ad code

Access your data for sites in the “named” domain

The extension could read the content of web pages you visit in the specified domain, as well as data you enter into those web pages, such as usernames and passwords.

Extensions requesting this permission might:

• Update the look of some or all pages within the domain
• Block content, such as advertising or content using certain tags, from a domain’s content feed

Access your data in # other domains

Used in conjunction with the named domain message (above) when the extension is requesting access to five or more domains; the first three are listed and the other domain requests counted.

Access your data for a specific site

The extension could read the content of any web pages you visit at the specified website, as well as any data you enter into those web pages, such as usernames and passwords.

Extensions requesting this permission might:

• Update the look of some or all pages within the website
• Block content, such as advertising or content labeled with certain tags

Access your data on # other sites

Used in conjunction with the named website message (above) when the extension is requesting access to five or more websites – the first three are listed and the other website requests counted.

Read and modify bookmarks

The extension could create, modify or remove bookmarks, or change the folder structure in which bookmarks are stored.

Extensions requesting this permission might:

• Add bookmarks for their features or for certain web pages
• Provide enhanced bookmark management features

Read and modify browser settings

The extension could do one or more of the following:

• Enable or disable the display of popups
• Enable or disable the caching of web pages
• Set the browser to deny or prompt for all new requests to display notifications
• Read the URL of the browser’s home page
• Read the URL used in new tabs
• Determine how the browser displays animated images—plays as normal, once, or not at all

Clear recent browsing history, cookies and related data

Extensions requesting this permission might offer enhanced features to clean up your browsing history.

The extension could clear any or all of:

• Browser cache
• Cookies
• Downloads
• History
• Local storage
• Plugin data
• Saved form data
• Saved passwords

Get data from the clipboard

The extension could retrieve data from the clipboard: The equivalent of “paste”.

Extensions requesting this permission might:

• Let you submit copied text into a translation tool
• Use a copied image to perform a lookup in a visual search engine

Input data to the clipboard

The extension could write data to the clipboard: The equivalent of “copy” or “cut”.

Extensions requesting this permission might add content to the clipboard, so you can use it elsewhere in your browser or computer.

Extend developer tools to access your data in open tabs

The extension could add a new panel to the developer tools and will be given access to all data in all tabs.

Extensions requesting this permission will usually deliver new developer tools. However, some ordinary extensions use the developer tools to provide additional diagnostic or informational features. One example is Adblock Plus, which provides a feature in developer tools where you can see details of the ads and content it’s blocking.

Download files and read and modify the browser’s download history

The extension could save a file from the web or one created in the extension using the browser’s download manager. The extension could also access and update details of downloaded files stored in the download manager.

Extensions requesting this permission might:

• Save data from the extension to your computer (extensions aren’t allowed to write directly to your computer’s file system)
• Save files from a website or remote server
• Provide a feature to manage download history

Open files downloaded to your computer

The extension could request that the application on your computer that handles files of a specific type opens a downloaded file. For example, if you have Microsoft Word installed on your computer, the extension could request it to open files with “.docx”.

Extensions requesting this permission might:

• Open audio files in your computer’s music player
• Open documents, images or other files in an editor

Read the text of all open tabs

The extension could perform a search of the text content of any tab.

Extensions requesting this permission might provide an enhanced “find” feature.

Access your location

The extension could obtain your location from your computer, GPS, the location associated with your IP address or some other method.

Extensions requesting this permission might:

• Provide information about your current location
• Record your location with data maintained in the extension

Access browsing history

The extension could do one of the following with your browser history:

• Search for pages
• Remove some or all pages
• Add pages
• Retrieve or remove details of visits to a page
• Access the list of “Top Sites” that are shown in the browser's new tab page

Extensions requesting this permission might:

• Offer features to remove browsing history for certain websites or domains
• Provide enhanced reporting on your browsing history

Monitor extension usage and manage themes

The extension could:

• Get information about installed add-ons (extensions and themes)
• Enable and disable themes
• Uninstall itself
• Get notifications of add-ons being installed, uninstalled, enabled or disabled

Extensions requesting this permission might:

• Monitor add-on installation to check for any potential conflicts
• Change or manage themes

Exchange messages with programs other than Firefox

The extension could send messages to and receive them from a complementary native app on your computer.

The complementary app needs to be installed on your computer independently of the extension. This usually happens in one of two ways:

• The extension will provide a guide to the steps you should follow to install the app
• You would have installed an app that then suggests you install an extension in Firefox

Please note that Mozilla has not vetted or reviewed the complementary app. You should approach the installation of the complementary app with the same caution you would apply when installing any third party software from the internet.

Extensions requesting this permission might:

• Use a complementary app to communicate with hardware attached to your computer
• Store usernames and passwords using a secure method not available to a browser
• Perform extensive computations in a complimentary app

Display notifications to you

The extension could issue notifications through the standard notification system offered by your computer’s operating systems.

Extensions requesting this permission might:

• Alert you to the completion of background or long-running tasks in the extension
• Aggregate messages from one or more web services

Provide cryptographic authentication services

The extension could access software on your computer for generating and validating security keys and certificates using the PKCS #11 standard. (Note the extension can't install the PKCS #11 software on your computer; you’ll be prompted to install the software separately.)

Extensions requesting this permission might:

• Offer features to use securely encrypted single sign-on mechanisms
• Provide a smartcard reader

Read and modify privacy settings

The extension could change privacy related settings controlling:

• Network behavior
• Whether passwords are stored in the browser’s password manager
• The way the browser interacts with websites

Extensions requesting this permission might:

• Disable browser storage of passwords as part of an enhanced password manager
• Help protect your privacy by managing the information made available in real-time chat and video applications
• Offer additional tracking protection features

Control browser proxy settings

The extension could direct some or all of your web browsing traffic to another computer (a proxy) on the internet.

Extensions requesting this permission might:

• Block access to certain websites or domains
• Provide access to certain websites and domains through proxy servers, for example, to enable browsing where it might otherwise be limited by geography

Access recently closed tabs

The extension could access a list of recently closed windows and tabs, reopen those tabs and windows, and remove details of these tabs and windows from the lists.

Extensions requesting this permission might:

• Provide an enhanced browser history manager
• Offer the ability to clean up or remove history for specific websites or domains
• Deliver features to reopen closed tabs

Access browser tabs

The extension could obtain the URL, title and icon from any tab.

Extensions requesting this permission might:

• Access tab details to enable bookmarking
• Order and group tabs
• Move tabs between windows
• Provide an alternative way of listing tabs

Store unlimited amount of client-side data

The extension could store an unlimited amount of data using your browser’s data storage features.

Extensions requesting this permission might:

• Store large files, such as images, locally in your browser
• Offer an extensive local database of information

Access browser activity during navigation

The extension could listen for the steps the browser takes to navigate from a link to another page. The extension could then provide new features for the content on the page.

Extensions requesting this permission might:

• Detect when streamed videos are about to play and provide a download feature
• Look for and prevent ad pop-ups from opening

Access MIDI devices with SysEx support

The site permission extension enables a website to communicate with MIDI devices and send and receive SysEx data. SysEx data is arbitrary, often specific to a particular device model or manufacturer. Websites granted this permission can tamper with the device. While there are many legitimate use-cases for SysEx messages, a malicious website could corrupt the device's memory. The consequences of malicious action range from losing all the data stored in the device to rendering the device useless by overwriting the device’s program memory.

Extensions requesting this permission might:

• Back up a MIDI device's configuration data (presets, samples, etc.) for archival
• Restore the configuration of a MIDI device to a previously backed-up copy, or restore it to factory default
• Configure a MIDI device using a web interface
• Upgrade the firmware version of a MIDI device
• Communicate with the device, sending and receiving more complex, advanced messages than standard MIDI notes or CC messages. For example, setting an LED color, writing text on a screen, etc.

Related content

• Manage optional permissions for Firefox extensions