Is Block Site safe to use?

Block Site has a risk level of MEDIUM with an overall risk score of 5.4/10. Our scan detected 31 security findings. This extension has some risks worth reviewing.

What permissions does Block Site request?

Block Site requests the following permissions: activeTab, storage, notifications, alarms, contextMenus, declarativeNetRequestWithHostAccess, idle. It also requests host access to: .

What is Block Site's risk score?

Block Site has an overall risk score of 5.4/10 (MEDIUM). Breakdown: Permissions 7.0/10, Code 5.8/10, Combinations 10.0/10, CSP 4.3/10.

ExtSafe

Block SiteSecurity Analysis

Chromev0.5.9MV3March 1, 2026 at 05:12 PM

Use with caution

This extension requests significant permissions. It has 90K+ users, a 4.7 star rating, but review the findings below.

5.4MEDIUM

5.4 MEDIUMRaw: 6.8

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 8 permissions including high-risk ones, 29 code findings, 1 dangerous combination.

Trust Signals(4.0/10)

Users

90K

Rating

4.7(319 reviews)

Status

Featured

Dangerous Combinations(1)

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

5.8/10

Combinations

10.0/10

Manifest/CSP

4.3/10

Permissions(8 analyzed)

Code Findings(11 patterns, 29 total)

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Description: A customizable, password-protected website blocker and redirector.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(16)

add0n.comaddons.mozilla.orgaddons.opera.combccode.google.comfoo.comgithub.commathiasbynens.bemicrosoftedge.microsoft.commths.betools.ietf.orgwebextension.orgwww.example.comwww.mozilla.orgwww.youtube.com