Hacksudo JWT X-Ray does NOT collect, transmit, or store any personal data externally.

• All processing happens locally inside the browser.
• JWT tokens are stored only in local browser storage.
• No data is sent to external servers.
• No analytics, tracking, or telemetry is included.

The extension operates entirely offline.

<all_urls> – Required to detect JWT tokens in requests and storage for authorized testing.

webRequest & webRequestBlocking – Used to implement rule-based header modification for testing purposes.
storage – Used to store local token history and rule configuration.
tabs – Used to identify the active tab URL.
cookies – Used to detect JWT tokens stored in cookies.