Permissions Justifications
Clarity Project ID Finder â Why each permission is required
This document explains why each permission declared in the extension's manifest is required. No permission is used beyond its stated purpose.
đ webRequest
Why it's needed: The extension monitors network requests to *.clarity.ms domains to detect Clarity project IDs embedded in request URLs (e.g., https://www.clarity.ms/tag/{projectId}). This is a passive, read-only observation â no requests are blocked, modified, or redirected.
What it does NOT do: It does not intercept, alter, or log any request content, headers, or payloads. It only reads the URL of matching requests.
đž storage
Why it's needed: The extension uses chrome.storage.session to temporarily store detected Clarity project IDs for the current browser session. This allows the popup to display results when clicked.
What it does NOT do: No data is persisted to disk (storage.local / storage.sync are not used). Session data is automatically cleared when the browser is closed.
đ§ webNavigation
Why it's needed: The extension listens to the onCommitted navigation event to detect when a user navigates to a new page. This is used to clear previously detected results for a tab so that stale data is not shown.
What it does NOT do: It does not track, record, or transmit any browsing history or navigation patterns.
đ activeTab
Why it's needed: The extension uses activeTab to identify which tab the user is currently viewing when they open the popup, so it can display the correct detection results for that tab.
What it does NOT do: It does not access the content or URL of any tab beyond what is needed to match results to the correct tab.
đ Host Permission: <all_urls>
Why it's needed: Microsoft Clarity can be installed on any website. To detect Clarity project IDs reliably, the content script must be able to run on any page the user visits. The content script scans <script> elements in the page DOM for references to clarity.ms and Clarity bootstrap code.
What it does NOT do: The content script does not read, collect, or transmit any personal information, form data, passwords, or page content beyond <script> tags. It does not modify the page in any way.
Summary
| Permission | Purpose | Data Sent Externally |
|---|---|---|
webRequest | Observe clarity.ms network URLs | â None |
storage | Temporarily store detected IDs in session | â None |
webNavigation | Clear stale results on navigation | â None |
activeTab | Show results for the correct tab | â None |
<all_urls> | Run content script to scan page scripts | â None |
No data is ever transmitted outside the browser.