Browse Security AI Extensions Collections
Honey Automated Coupons R Chrome extension icon

Honey Automated Coupons R

🔍 Security Report Available
👥 13M+ users
📦 v19.0.3
💾 5.84MiB
📅 2026-02-13
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Blocks unwanted ads and brings you exclusive coupons at checkout, saving you money on your online purchases. Lets you earn rewards points for every dollar saved with Honey Automated Coupons R, benefiting frequent shoppers who want to maximize their savings. Earns praise from millions of users who rely on it to make the most of their online shopping experience.

Overview

Join 17M+ members using PayPal Honey to find deals, earn cash back, and compare prices while you shop.

🪄 Find great deals on 30,000+ sites
With one click, Honey will automatically look for and apply digital coupons and promo codes to your cart.

🎉 Load up on Cash Back - it adds up fast**
You could earn Cash Back at thousands of stores like AliExpress, eBay, Macy’s, and Sephora!

💯 Know the best time to buy
Add items to your Droplist and Honey will track the price. We'll email you if we detect a price drop, so you don't miss a deal.

✅ Compare Amazon sellers easily
We compare sellers for you – even factoring in their shipping cost and your Prime status. Use our tracking and price history tools for more chances to save.

----------------------------------------------
**Cash redemption requires a PayPal account in good standing. Terms and exclusions apply.

By using the PayPal Honey browser extension, you agree to Honey’s terms and conditions. (https://www.joinhoney.com/terms )

When you use PayPal Honey, merchants may pay us affiliate commissions. We share those commissions with our users in the form of rewards.

Disclaimer:
This extension uses Google Analytics to collect extension usage statistics to help improve user experience. If you want to opt-out of Google Analytics tracking, please visit http://tools.google.com/dlpage/gaoptout or you can set up a filter in Adblock Plus or similar ad blocker tools like AdBlock, uBlock or Adblock Pro.

Tags

Lifestyle/shopping shopping lifestyle/shopping

Privacy Practices

Not being sold to third parties, outside of the approved use cases
Not being used or transferred for purposes that are unrelated to the item's core functionality
Not being used or transferred to determine creditworthiness or for lending purposes
v19.0.3 Info Scanned Mar 4, 2026

Security Analysis — Honey Automated Coupons R

Analyzed v19.0.3 · Mar 4, 2026 · 26 JS files · 18330 KB scanned

Permissions

alarms cookies storage unlimitedStorage scripting webRequest offscreen http://*/* https://*/*

Code Patterns Detected

Function constructor used — dynamic code execution String.fromCharCode (obfuscation) charCodeAt (obfuscation) unescape (deprecated obfuscation) Creates script elements dynamically Captures keystrokes Potential hardcoded secret Cryptographic operations Creates iframe elements Uses postMessage for cross-origin comms Sets up event listeners

External Connections

github.com cdn.honey.io www.w3.org goo.gl www.joinhoney.com help.joinhoney.com regex101.com cdn.joinhoney.com d.joinhoney.com www.orbitz.com images-na.ssl-images-amazon.com www.walmart.com +8 more

Package Contents 303 files · 19.7MB

📁_locales1MB
📁de152KB
{}messages.json152KB
📁en144KB
{}messages.json144KB
📁en_AU3KB
{}messages.json3KB
📁en_GB3KB
{}messages.json3KB
📁en_US4KB
{}messages.json4KB
📁es150KB
{}messages.json150KB
📁fr158KB
{}messages.json158KB
📁it151KB
{}messages.json151KB
📁nl151KB
{}messages.json151KB
📁pt_BR151KB
{}messages.json151KB
📁_metadata42KB
{}verified_contents.json42KB
📁checkoutPaypal52KB
📜honeySPBContent.js2KB
📜honeySPBResponders.js20KB
📜merchantSPBContent.js1KB
📜merchantSPBResponders.js28KB
📁extensionMixinScripts
📜blockWindowAlert.js33B
📜blockWindowAlertFalse.js33B
📜blockWindowAlertTrue.js33B
📜blockWindowConfirm.js35B
📜blockWindowConfirmFalse.js35B
📜blockWindowConfirmTrue.js35B
📜blockWindowPrompt.js34B
📜blockWindowPromptFalse.js34B
📜blockWindowPromptTrue.js34B
📜clickElementThruPage.js180B
📁icons725KB
📁gold-activated-frames616KB
📁32616KB
🖼1.png5KB
🖼10.png4KB
🖼100.png4KB
🖼101.png4KB
🖼102.png4KB
🖼103.png5KB
🖼104.png5KB
🖼105.png5KB
🖼106.png5KB
🖼107.png5KB
🖼108.png5KB
🖼109.png5KB
🖼11.png4KB
🖼110.png5KB
🖼111.png5KB
🖼112.png5KB
🖼113.png5KB
🖼114.png5KB
🖼115.png5KB
🖼116.png5KB
🖼117.png5KB
🖼118.png5KB
🖼119.png5KB
🖼12.png4KB
🖼120.png5KB
🖼121.png5KB
🖼122.png5KB
🖼123.png5KB
🖼124.png5KB
🖼125.png5KB
🖼126.png5KB
🖼127.png5KB
🖼128.png5KB
🖼129.png5KB
🖼13.png4KB
🖼130.png5KB
🖼131.png5KB
🖼132.png5KB
🖼133.png5KB
🖼134.png5KB
🖼14.png4KB
🖼15.png4KB
🖼16.png4KB
🖼17.png4KB
🖼18.png4KB
🖼19.png4KB
🖼2.png5KB
🖼20.png4KB
🖼21.png4KB
🖼22.png4KB
🖼23.png4KB
🖼24.png4KB
🖼25.png4KB
🖼26.png4KB
🖼27.png4KB
🖼28.png4KB
🖼29.png4KB
🖼3.png5KB
🖼30.png4KB
🖼31.png4KB
🖼32.png4KB
🖼33.png4KB
🖼34.png5KB
🖼35.png5KB
🖼36.png5KB
🖼37.png5KB
🖼38.png5KB
🖼39.png5KB
🖼4.png5KB
🖼40.png5KB
🖼41.png5KB
🖼42.png5KB
🖼43.png5KB
🖼44.png5KB
🖼45.png5KB
🖼46.png5KB
🖼47.png5KB
🖼48.png5KB
🖼49.png5KB
🖼5.png5KB
🖼50.png5KB
🖼51.png5KB
🖼52.png5KB
🖼53.png5KB
🖼54.png5KB
🖼55.png5KB
🖼56.png5KB
🖼57.png5KB
🖼58.png5KB
🖼59.png5KB
🖼6.png4KB
🖼60.png5KB
🖼61.png5KB
🖼62.png5KB
🖼63.png5KB
🖼64.png5KB
🖼65.png5KB
🖼66.png5KB
🖼67.png5KB
🖼68.png5KB
🖼69.png5KB
🖼7.png4KB
🖼70.png5KB
🖼71.png5KB
🖼72.png5KB
🖼73.png5KB
🖼74.png5KB
🖼75.png5KB
🖼76.png5KB
🖼77.png5KB
🖼78.png5KB
🖼79.png5KB
🖼8.png4KB
🖼80.png5KB
🖼81.png5KB
🖼82.png5KB
🖼83.png5KB
🖼84.png5KB
🖼85.png5KB
🖼86.png5KB
🖼87.png5KB
🖼88.png5KB
🖼89.png5KB
🖼9.png4KB
🖼90.png4KB
🖼91.png4KB
🖼92.png4KB
🖼93.png4KB
🖼94.png4KB
🖼95.png4KB
🖼96.png4KB
🖼97.png4KB
🖼98.png4KB
🖼99.png4KB
📁rewards-activated-frames50KB
📁3250KB
🖼1.png878B
🖼10.png671B
🖼11.png689B
🖼12.png689B
🖼13.png703B
🖼14.png745B
🖼15.png804B
🖼16.png880B
🖼17.png889B
🖼18.png890B
🖼19.png910B
🖼2.png859B
🖼20.png910B
🖼21.png905B
🖼22.png891B
🖼23.png897B
🖼24.png891B
🖼25.png870B
🖼26.png879B
🖼27.png881B
🖼28.png891B
🖼29.png895B
🖼3.png838B
🖼30.png900B
🖼31.png897B
🖼32.png899B
🖼33.png895B
🖼34.png891B
🖼35.png901B
🖼36.png905B
🖼37.png922B
🖼38.png898B
🖼39.png874B
🖼4.png835B
🖼40.png916B
🖼41.png864B
🖼42.png876B
🖼43.png810B
🖼44.png815B
🖼45.png780B
🖼46.png811B
🖼47.png825B
🖼48.png824B
🖼49.png784B
🖼5.png770B
🖼50.png759B
🖼51.png763B
🖼52.png714B
🖼53.png706B
🖼54.png710B
🖼55.png747B
🖼56.png811B
🖼57.png852B
🖼58.png858B
🖼59.png872B
🖼6.png751B
🖼60.png865B
🖼61.png867B
🖼62.png881B
🖼7.png741B
🖼8.png737B
🖼9.png695B
📁sf5KB
🖼Icon-24.png658B
🖼Icon-32.png895B
🖼Icon-64.png2KB
🖼honey-logo-14.png507B
🖼honey-logo-14@2x.png1KB
🖼active-16.png428B
🖼active-19-dev.png533B
🖼active-19-si.png446B
🖼active-19.png601B
🖼active-20.png597B
🖼active-24.png658B
🖼active-25.png702B
🖼active-30.png864B
🖼active-32.png895B
🖼active-35.png983B
🖼active-38-dev.png948B
🖼active-38-si.png693B
🖼active-38.png1KB
🖼active-40.png1KB
🖼active-48.png1KB
🖼default-16.png410B
🖼default-19-dev.png570B
🖼default-19.png570B
🖼default-20.png529B
🖼default-24.png614B
🖼default-25.png632B
🖼default-30.png789B
🖼default-32.png826B
🖼default-35.png943B
🖼default-38-dev.png988B
🖼default-38.png988B
🖼default-40.png1KB
🖼default-48.png1KB
🖼gold-active-16.png473B
🖼gold-active-19-dev.png537B
🖼gold-active-19.png537B
🖼gold-active-24.png665B
🖼gold-active-32.png818B
🖼gold-active-38-dev.png5KB
🖼gold-active-38.png5KB
🖼gold-active-48.png1KB
🖼honey-logo-128.png4KB
🖼honey-logo-16.png429B
🖼honey-logo-48.png1KB
🖼honey-logo-dev-16.png454B
🖼honey-logo-dev-48.png4KB
🖼honey-logo-si-16.png392B
🖼honey-logo-si-48.png824B
🖼rewards-active-16.png465B
🖼rewards-active-19-dev.png533B
🖼rewards-active-19-si.png446B
🖼rewards-active-19.png598B
🖼rewards-active-24.png676B
🖼rewards-active-32.png822B
🖼rewards-active-38-dev.png948B
🖼rewards-active-38-si.png693B
🖼rewards-active-38.png1000B
🖼rewards-active-48.png1KB
📁offscreen
🌐offscreen.html43B
📁paypal
📜meta.js198B
📁popover
🌐popover.html450B
📁proxies1KB
📜requestProxies.js1KB
📜h0.js3.9MBlarge
📄h0.js.LICENSE.txt5KB
📜h1-check.js2.2MBlarge
📄h1-check.js.LICENSE.txt4KB
📜h1-gpTips.js937KBlarge
📄h1-gpTips.js.LICENSE.txt3KB
📜h1-honeyscience-main-popover.js1.4MBlarge
📄h1-honeyscience-main-popover.js.LICENSE.txt2KB
📜h1-main.js706KBlarge
📄h1-main.js.LICENSE.txt301B
📜h1-offscreen.js472B
📜h1-popover.js194KBlarge
📄h1-popover.js.LICENSE.txt301B
📜h1-searchEngine.js1MBlarge
📄h1-searchEngine.js.LICENSE.txt3KB
📜h1-vendors-main-popover.js4.9MBlarge
📄h1-vendors-main-popover.js.LICENSE.txt6KB
📜h2.js2.6MBlarge
📄h2.js.LICENSE.txt4KB
{}manifest.json2KB

What This Extension Does

The Honey Automated Coupons R browser extension claims to help users save money and earn rewards when shopping online. It offers features such as automatic coupon application, cash back, price tracking, and seller comparison. With over 13 million users, it's a popular choice for those looking to optimize their online shopping experience.

Permissions Explained

  • alarmsexpected: This permission allows the extension to display notifications and alerts on your browser.
    Technical: The alarms API provides access to Chrome's notification system, enabling the extension to send notifications to users. This could be used for legitimate purposes such as alerting users about price drops or new deals.
  • cookiesexpected: This permission allows the extension to read and write cookies on your browser.
    Technical: The cookies API provides access to Chrome's cookie storage, enabling the extension to read and modify cookies. This could be used for legitimate purposes such as tracking user preferences or storing session data.
  • storageexpected: This permission allows the extension to store data locally on your browser.
    Technical: The storage API provides access to Chrome's local storage, enabling the extension to store and retrieve data. This could be used for legitimate purposes such as storing user preferences or caching data.
  • unlimitedStorageexpected: This permission allows the extension to store an unlimited amount of data locally on your browser.
    Technical: The unlimitedStorage API provides access to Chrome's local storage, enabling the extension to store and retrieve large amounts of data. This could be used for legitimate purposes such as caching large datasets or storing user-generated content.
  • scriptingexpected: This permission allows the extension to execute scripts on your browser.
    Technical: The scripting API provides access to Chrome's script execution, enabling the extension to run JavaScript code. This could be used for legitimate purposes such as implementing dynamic functionality or enhancing user experience.
  • webRequestexpected: This permission allows the extension to intercept and modify web requests on your browser.
    Technical: The webRequest API provides access to Chrome's request handling, enabling the extension to intercept and modify HTTP requests. This could be used for legitimate purposes such as optimizing network performance or implementing security features.
  • offscreenexpected: This permission allows the extension to execute scripts off-screen, without displaying a browser window.
    Technical: The offscreen API provides access to Chrome's off-screen rendering, enabling the extension to render content without displaying a browser window. This could be used for legitimate purposes such as implementing background tasks or enhancing user experience.
  • http://*/*check this: This permission allows the extension to access all HTTP requests on your browser.
    Technical: The http permission provides access to Chrome's request handling, enabling the extension to intercept and modify HTTP requests. This could be used for legitimate purposes such as optimizing network performance or implementing security features. ⚠ 1
  • https://*/*check this: This permission allows the extension to access all HTTPS requests on your browser.
    Technical: The https permission provides access to Chrome's request handling, enabling the extension to intercept and modify HTTPS requests. This could be used for legitimate purposes such as optimizing network performance or implementing security features. ⚠ 1

Your Data

The Honey Automated Coupons R browser extension accesses cookies, storage, and keystrokes on your device. It sends data to various domains, including github.com, cdn.honey.io, and www.joinhoney.com. The extension uses HTTPS for most requests, but some HTTP requests are also made.

Technical Details

domains
  • github.com
  • cdn.honey.io
  • www.w3.org
  • goo.gl
  • www.joinhoney.com
  • help.joinhoney.com
  • regex101.com
  • cdn.joinhoney.com
  • d.joinhoney.com
  • www.orbitz.com
  • images-na.ssl-images-amazon.com
  • www.walmart.com
protocols
  • HTTPS
  • HTTP
encryption_status
Most requests are encrypted using HTTPS, but some HTTP requests are also made.
data_types
  • cookies
  • storage
  • keystrokes

Code Findings

Function constructor used — dynamic code executionHigh

The extension uses the function constructor to execute JavaScript code dynamically. This could be used for malicious purposes such as injecting malware or stealing user data.

Technical: The extension uses the function constructor in various files, including background.js and contentScript.js. This allows the extension to execute JavaScript code dynamically, which could be used for malicious purposes.

💡 Legitimate extensions may use dynamic code execution for legitimate purposes such as implementing dynamic functionality or enhancing user experience.

String.fromCharCode (obfuscation)Medium

The extension uses the String.fromCharCode method to obfuscate code. This could be used for malicious purposes such as hiding malware or stealing user data.

Technical: The extension uses the String.fromCharCode method in various files, including background.js and contentScript.js. This allows the extension to obfuscate code, which could be used for malicious purposes.

💡 Legitimate extensions may use code obfuscation for legitimate purposes such as protecting intellectual property or enhancing user experience.

Captures keystrokesCritical

The extension captures keystrokes on your device. This could be used for malicious purposes such as stealing user data or injecting malware.

Technical: The extension uses the webRequest API to intercept and modify HTTP requests, including capturing keystrokes. This allows the extension to steal user data or inject malware.

💡 Legitimate extensions may use keystroke capture for legitimate purposes such as implementing password management or enhancing user experience.

Bottom Line

The Honey Automated Coupons R browser extension has several security concerns, including the use of dynamic code execution, obfuscation, and keystroke capture. While these features could be used for legitimate purposes, they also pose a significant risk to user data and security. We recommend that users exercise caution when using this extension and consider alternative options for optimizing their online shopping experience.

Similar Extensions

More in Lifestyle/shopping →

Keepa Amazon Price Tracke

4M+ users
Adds price history charts and the option to be alerted on price drops to all supported Amazon sites.
Lifestyle/shopping

Coupert Automatic Coupon

3M+ users
Automatically find coupons, apply the best coupon code and earn Cash Back rewards to save money for your online shopping…
Lifestyle/shopping AI

Klarna Shop Now Pay Later

1M+ users
Automatic Coupons, Points, and Pay Anywhere with Klarna
Lifestyle/shopping