Ask the Community
Chrome developer permissions
Understand the Chrome extension permissions the BrowserStack Testing Toolkit requests and why each is needed.
The BrowserStack Testing Toolkit requires certain Chrome extension permissions to provide debugging, test authoring, and reporting features. This page lists each requested permission with a concise justification so you can review its security impact and scope.
All actions are user-triggered; while some features may inject helpful UI elements automatically (for example, Form Filler adding a Fill button), they never send data until you click, and you can disable or revoke any feature or related permission at any time.
Every time you submit a new version of a Chrome extension, Chrome reviews it against store security and compliance policies. Review the full Chrome Web Store program policies.
Permission justifications
The following table summarizes each permission:
| Permission | Justification |
|---|---|
| scripting | Injects content scripts dynamically into web pages for bug capture, responsive tester, and visual overlay features. |
| storage | Stores user preferences, authentication tokens, bug capture recordings, test data, and extension state across sessions. |
| unlimitedStorage | Enables storing large video recordings and screen captures from bug capture and testing sessions without quota limits. |
| activeTab | Accesses the currently active tab’s content for features like JSON formatting, responsive testing, and bug capture. |
| tabs | To get list of existing open tabs to inject content script. |
| cookies | Reads BrowserStack authentication cookies for user login state and manages cookies through the Cookie & Cache Manager tool. |
| browsingData | Clears cache, cookies, and browsing data through the Cache Manager feature. |
| downloads | Downloads bug reports, JSON files, test recordings, and exported data from various testing tools. |
| downloads.open | Automatically opens downloaded files after export from the Cookie & Cache Manager. |
| declarativeNetRequest | Modifies HTTP headers (removes X-Frame-Options and CSP headers) for the Responsive Tester to enable cross-origin iframe embedding. |
| tabCapture | Captures tab audio/video streams for the video recording feature in bug capture functionality. |
| offscreen | Creates an offscreen document to handle media recording using getUserMedia APIs for bug capture video recording. |
| webRequest | Monitors network request lifecycle in bug capture feature to record network activity, track HTTP errors, capture request/response headers and bodies, and detect failed requests. |
| webNavigation | Listens to page navigation completion events for triggering extension features after page loads. |
| Host Permission | Required for the extension to work on any website since it’s a universal testing toolkit that must function across all domains for live testing, bug capture, responsive testing, JSON formatting, and other cross-site tools. |
| Debugger | To use Chrome’s remote debugging protocol to throttle network speed. |
| Proxy | Required to configure and control Chrome’s proxy settings (example: set host, port) programmatically using the chrome.proxy API. Used in: chrome.proxy.settings.set() to define the active proxy server. |
| webRequestAuthProvider | Handles authentication such as proxy login prompts via the onAuthRequired event, allowing credentials (username and password) to be provided programmatically. Used in: chrome.webRequest.onAuthRequired.addListener() for proxy authentication. |
| alarms | Schedules timed tasks using the chrome.alarms API—used here to automatically disable or revert proxy settings after a defined duration (for example,, 30 minutes). |
For more information, check Chrome app and extension permissions.
Data and privacy principles
- Least privilege: Only permissions essential for a feature are requested.
- User initiation: Features (like cookie edits, test case generation) run only after you trigger them.
- No hidden scraping: The toolkit does not harvest full DOMs or network payloads silently.
- Controlled persistence: Preferences stored with Chrome storage; no sensitive test data synced unless you opt in.
Optional permissions
Some permissions (such as clipboardRead or identity) are optional and only activated when you use related functionality. If you avoid those features, Chrome does not grant or exercise them.
Revoking permissions
You can audit or revoke permissions any time:
- Open Chrome Extensions page (chrome://extensions/).
- Locate Testing Toolkit and click Details.
- Toggle off site access or remove the extension.
We're sorry to hear that. Please share your feedback so we can do better
Contact our Support team for immediate help while we work on improving our docs.
We're continuously improving our docs. We'd love to know what you liked
We're sorry to hear that. Please share your feedback so we can do better
Contact our Support team for immediate help while we work on improving our docs.
We're continuously improving our docs. We'd love to know what you liked
Thank you for your valuable feedback!