# Privacy Policy — HTTP Request Recorder _Last updated: 2026-05-23_ HTTP Request Recorder ("the extension") is a developer tool that captures the fetch and XMLHttpRequest traffic of browser tabs the user explicitly opts into, so the user can inspect, diff, and export those captures. ## Data the extension handles When the user turns recording on for a tab, the extension captures, for each request issued by that tab: - the request URL, method, and timing; - the request headers and request body; - the response status, headers, and response body; - the referring page URL. Optionally — and only when the user ticks "Capture extra info" in the popup — the extension additionally observes Cookie and Set-Cookie headers via the `chrome.webRequest` API and stores them alongside the captured request. This option is off by default. ## Where the data is stored All captured data is stored locally in the browser's IndexedDB on the user's device. Nothing is uploaded, transmitted, sold, shared, or sent to any remote server. The extension itself makes no network requests of its own. The data remains until the user deletes it via the extension's history page or clears the browser's site data for the extension. ## Permissions The extension requests the minimum permissions required to operate. Each is used solely for the feature described: - `tabs` — associate captures with the originating tab and update the toolbar badge per-tab. - `scripting` — inject the page-level fetch/XHR interceptor when the user turns recording on. - `storage`, `unlimitedStorage` — persist captures and preferences in IndexedDB on the user's device. - `downloads` — export captures as a ZIP file when the user clicks Export. - `clipboardWrite` — copy URL / cURL / PowerShell / fetch snippets to the clipboard from the request detail menu. - `webRequest` — only when the user opts in via "Capture extra info": observe outgoing requests so that Cookie / Set-Cookie headers (which the fetch / XHR APIs hide from JavaScript) can be merged into the captured record. The extension never blocks or modifies requests. - host permissions `` — the user can choose to record any page, so the interceptor must be injectable into any URL the user explicitly opts in to. The extension never touches a page until the user turns recording on for it. ## What the extension does not do - It does not transmit any captured data off the user's device. - It does not include any analytics, telemetry, or tracking. - It does not sell or share user data. - It does not block, modify, or redirect any network request. - It does not use captured data for any purpose other than the local inspection / diff / export features the user can see in the UI. ## Contact Questions or concerns: ryan.tian.cn@gmail.com