Always active Window - Always Visible
π Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Blocks all whitelisted browser windows from becoming inactive by spoofing the visibility state event and more, allowing users to maintain focus on their active window even when others are minimized or closed. Most beneficial for power users who frequently switch between multiple tabs or windows, this extension simulates the active window state to prevent distractions and improve productivity.
Overview
[Breaking Change] Version 0.4.0 and above.
The extension must now be enabled for each hostname individually. This adjustment enhances the extension's performance, as the always-active feature can disrupt websites. To activate it, open the page requiring the always-active feature in a browser tab and click the action button once. The page will refresh, and the action button will turn blue.
---
This extension protects against web pages tracking the activity state of the page. Some websites use this track to only offer services when the tab is active. By installing this extension a small script is injected into every webpage which overwrites the "document.visibilityState", and "document.hidden" properties to pretend the tab is always in the active state (document.visibilityState = 'visible' and document.hidden = false).
This is useful for the webpages that check your visibility state before loading resources like many music webpages. By installing this extension even if the page is opened in the background page, the player will start immediately like the page is loaded on an active tab.
Supported Trackings:
document.mozHidden (only on Firefox browser)
document.webkitHidden (only on Chromium browsers)
Supported Events:
1. visibilitychange
2. webkitvisibilitychange (only on Chromium browsers)
3. mozvisibilitychange (only on Firefox browser)
4. blur (some websites require the user to keep the tab focused)
5. mouseleave (some websites use this method to make sure the user pointer is inside the window)
Tags
Privacy Practices
Security Analysis
Permissions
External Connections
Package Contents 24 files Β· 72KB
What This Extension Does
This extension makes web pages think your browser tab is always active, which helps certain sites load content even when the tab is in the background.
Permissions
- *://*/*expected: This permission lets the extension access and modify every website you visit. A user might care because it gives broad control over your browsing activity, potentially allowing data collection or behavior modification across all sites.
- storageexpected: This lets the extension save settings and preferences locally in your browser. Users should understand that it can store information about which sites have been enabled for always-active mode.
- scriptingexpected: This permission allows the extension to inject scripts into web pages. Users should know that it can run code directly on any website you visit, which is necessary for spoofing visibility states but also potentially risky.
Your Data
The extension does not appear to transmit personal information outside the browser unless a user explicitly enables it for specific sites, which may involve sending basic site metadata. It contacts external domains only during development or testing phases and does not seem to send data.
Code Findings
No automated code flags were raised for this extension.
Trustworthiness
- Developer: Developer name is not listed in the extension metadata or CWS listing.
- Privacy Policy: No privacy policy found in manifest or visible from store page; this raises concerns about how data may be handled despite limited exposure.
- Install Base: Installed by 300K users and last updated recently (version 0.4.6), suggesting ongoing maintenance but not necessarily trustworthiness.
Nothing in this scan suggests behavior beyond what is needed for the stated purpose of making tabs appear active to websites, though lack of a privacy policy or developer identity means users should exercise caution.
Extension Overview
This extension makes web pages think your browser tab is always active, which helps certain sites load content even when the tab is in the background.
Permissions
- *://*/*expected: Grants full read/write access to all web pages via Chrome's declarativeNetRequest API and script injection capabilities. An attacker with this permission could intercept network traffic, inject malicious code into any page, steal cookies/session tokens, or manipulate DOM content on arbitrary origins.
- storageexpected: Uses Chrome's storage API to persist user configuration (e.g., per-site activation status). If compromised, could allow persistent tracking or manipulation of site-specific settings without user awareness.
- scriptingexpected: Enables injection of JavaScript via Chrome.scripting API into all tabs matching *://*/* patterns. Allows execution of arbitrary JS in context of webpages, including access to DOM and global objects like document.visibilityState. Could be used by an attacker to exfiltrate data or manipulate page behavior.
Data Exposure (Technical)
Contacts several external domains including www2.stat.duke.edu, page-visibility.vercel.app, codepen.io, cdpn.io, oncode-frontend.github.io, webbrowsertools.com. These appear to be related to documentation, demos, or testing environments rather than production services. No data transmission observed in scan; no cookies, auth tokens, keystrokes, or page content sent.
Code Findings
No automated code flags were raised for this extension.
Code Analysis
- Obfuscation: Standard minification applied with no heavy obfuscation techniques detected.
- Content Security Policy: Content Security Policy is not set in the extension manifest or injected scripts. This allows inline script execution and potentially increases attack surface if malicious code were injected into pages.
- Architecture: Uses Manifest V3 architecture with a background service worker managing state and injecting scripts via Chrome.scripting API. No content scripts defined, relying instead on dynamic injection for visibility spoofing.
Transparency
- Developer: Developer name is not listed in the extension metadata or CWS listing.
- Privacy Policy: No privacy policy found in manifest or visible from store page; this raises concerns about how data may be handled despite limited exposure.
- Code Visibility: Source code appears to be bundled/minified with no public repository linked, making independent verification difficult.
- Install Base: Installed by 300K users and last updated recently (version 0.4.6), suggesting ongoing maintenance but not necessarily trustworthiness.
The extension's architecture exposes significant attack surface through broad permissions and lack of CSP enforcement. The absence of a privacy policy and identifiable developer raises concerns about accountability. While no red-flag code patterns were found in automated checks, the high-risk permission set combined with minimal transparency warrants further manual review of injected scripts for potential misuse or hidden functionality.