HeaderFlow
HTTP Header Manager

隐私政策

Privacy Policy

你的数据,只在你的浏览器里。

Your data never leaves your browser.

生效日期:2026 年 7 月 13 日 Effective date: July 13, 2026 适用版本:HeaderFlow v1.0.0 及以后 Applies to: HeaderFlow v1.0.0+
默认本地规则与敏感值保存在你的设备
零开发者后端数据不发送给开发者服务器
同步由你决定云同步默认关闭,可加密
Local by defaultRules & secrets stay on your device
No developer backendNothing is sent to our servers — there are none
Sync is your callOff by default, optionally encrypted

一句话总结

HeaderFlow 是一个本地优先的浏览器扩展:界面、规则引擎与存储全部运行在你的浏览器内。 我们不收集、不传输、不出售任何数据 —— 没有开发者服务器可以接收,也没有代码会发送。 没有账号体系、没有分析统计、没有遥测、没有广告或错误追踪服务。

在你的浏览器内处理的数据

开发者不收集任何数据。为实现功能,以下数据仅在你的浏览器本地处理,不离开你的设备:

  • 配置名称、HTTP 请求头 / 响应头规则、变量及其值;
  • URL 匹配条件、排除条件与资源类型设置;
  • 当前活动页面的 URL 或域名 —— 仅用于本机判断规则是否命中并更新状态展示;
  • 剪贴板中以 HF1. 开头的 HeaderFlow 分享令牌(见第 6 节);
  • 界面设置、扩展启用状态、同步设置与同步状态。

HeaderFlow 不抓取网页正文,不建立浏览历史,也不记录你的点击或按键内容。

数据保存在哪里

上述数据默认保存在浏览器本机的 chrome.storage.local 中,仅本设备可访问。 敏感请求头值(如认证令牌、Cookie)同样只存本机,绝不发送给开发者。

可选的浏览器账号云同步(默认关闭)

只有你主动开启后,HeaderFlow 才会使用浏览器自带的 chrome.storage.sync 在同一浏览器账号的设备间同步(Chrome↔Chrome、Edge↔Edge、Firefox↔Firefox)。 同步数据由浏览器厂商(如 Google Chrome 的同步服务)处理,不经过 HeaderFlow 的任何服务器:

默认模式

令牌 / 密钥等敏感请求头值与敏感变量值会被替换为省略标记,不进入同步空间,只留在本机。

口令加密模式

完整载荷先在本机以 PBKDF2-HMAC-SHA256 派生密钥、AES-256-GCM 加密,再写入同步空间;口令仅保存在当前设备。

关闭同步会停止后续同步,但不会立即删除浏览器账号云端已有的同步数据 —— 数据保留与清理由浏览器的同步机制及你的账号设置管理。

编辑规则 → chrome.storage.local(本机持久化) 自动应用 → chrome.declarativeNetRequest(浏览器原生改写) 敏感值 → 仅影响显示与导出脱敏,存储仍在本机 剪贴板 → 仅本机识别 HF1. 分享令牌并提示导入,不记录、不上传 云同步 → 默认关闭;开启后走浏览器自家同步,可选口令加密

浏览器权限及其用途

HeaderFlow 申请的每一项权限都服务于单一明确的功能,别无他用:

storage

在本机持久化你的配置与规则。

declarativeNetRequest

向浏览器写入由其原生执行的 Header 改写规则 —— 任何请求都不经过扩展代码。

declarativeNetRequestWithHostAccess

允许规则作用于已授权的站点。

sidePanel

在浏览器侧边栏展示完整编辑器。

clipboardRead

读取剪贴板文本,仅用于识别你复制的 HeaderFlow 分享令牌(HF1. 开头)并提示导入。内容只在本机解析,非令牌文本一律忽略,绝不记录或上传。

<all_urls>

站点访问权限,保证任意 URL 匹配模式都能生效。扩展不读取、不收集页面内容。你可随时在 chrome://extensions 收紧或撤销。

网站访问与请求头修改

你创建的 declarativeNetRequest 规则在匹配的网站上由浏览器原生执行。 这意味着你配置的请求头会随正常网络请求发送给匹配的网站 —— 这正是本扩展的功能本身。HeaderFlow 不代理这些请求,不把请求或响应复制到任何服务器, 也不收集网站返回的内容。

剪贴板的边界

为了让「复制同事分享的配置 → 打开页面即提示导入」成立,HeaderFlow 会在页面加载后读取一次剪贴板文本:

  • 只做一件事:判断文本是否以 HF1. 开头的分享令牌;
  • 非令牌内容立即忽略,不解析、不记录、不存储、不上传;
  • 检测为一次性动作,完成后即移除全部监听;
  • 有效令牌在本机解析,且仅在你确认后才导入配置;
  • 整个过程在本机内存中完成,任何剪贴板内容都不会离开你的设备。

分享令牌与敏感值

当你把配置复制为分享令牌时,AuthorizationCookie 等敏感值会在编码前 强制替换为占位符(__REDACTED__),接收方需自行补填。 导出 JSON 默认同样脱敏(Safe 导出);包含明文的完整导出需要你逐次确认。 请谨慎分享包含明文值的完整导出文件。

第三方与数据出售

HeaderFlow 不向任何第三方出售、出租、交易或披露用户数据, 不向广告商、数据经纪商或开发者控制的第三方服务器传输用户数据; 页面与扩展中不嵌入任何第三方 SDK、统计脚本或广告代码。

仅有的两种数据流出都由你明确选择:开启浏览器账号同步时,数据由浏览器厂商的同步服务处理; 你配置的请求头按规则随请求发送给匹配的网站。两者都只服务于你选择的功能本身。

数据安全

HeaderFlow 不加载任何远程代码 —— 全部可执行代码都包含在扩展安装包内, 随商店审核发布。默认同步模式排除敏感值;可选加密同步使用 PBKDF2-HMAC-SHA256AES-256-GCM

建议:避免把不必要的敏感信息写进规则;分享令牌与导出文件优先使用默认的脱敏形态。

用户选择与数据删除

你的数据完全由你掌控,可随时:

  • 编辑或删除单条规则与配置,或在选项页重置(清空全部配置,恢复出厂默认);
  • 关闭浏览器账号云同步;
  • 通过 chrome://extensions 卸载扩展 —— 即删除 chrome.storage.local 中的全部本机数据;
  • 通过浏览器或账号设置管理云端已同步的数据。

儿童隐私

HeaderFlow 面向开发者与专业用户,不以儿童为目标,不主动收集年龄或儿童个人信息。

政策变更

若 HeaderFlow 的数据处理方式发生实质性变化(例如未来推出可选的付费云同步), 我们会更新本页与产品内披露,提升扩展版本号,并按适用要求向用户提供通知或取得同意。 本页始终呈现当前生效的版本。

Chrome Web Store Limited Use

HeaderFlow 对用户数据的使用仅限于提供和改进扩展中明确展示的功能。 HeaderFlow 不出售用户数据;不将用户数据用于广告、信用评估或其他与扩展单一用途无关的目的; 也不允许人工读取用户数据。

HeaderFlow 对从 Chrome API 获得的信息的使用遵守 Chrome Web Store User Data Policy,包括其 Limited Use 要求。

联系我们

对本政策或 HeaderFlow 的数据处理方式有任何疑问,请联系: [email protected]

Summary

HeaderFlow is a local-first browser extension: the UI, the rule engine and all storage run inside your browser. We do not collect, transmit or sell any data — there is no developer server to receive it, and no code that sends it. No accounts, no analytics, no telemetry, no ads, no crash reporting.

Data processed inside your browser

The developer collects nothing. To do its job, the following data is processed locally in your browser and never leaves your device:

  • Profile names, HTTP request/response header rules, variables and their values;
  • URL match conditions, exclude patterns and resource-type settings;
  • The active tab's URL or domain — used locally to decide whether rules match and to update status displays;
  • Clipboard text that is a HeaderFlow share token starting with HF1. (see section 6);
  • UI preferences, the extension's on/off state, and sync settings/state.

HeaderFlow does not scrape page content, build a browsing history, or record your clicks or keystrokes.

Where your data lives

By default everything above is stored on this device in chrome.storage.local. Sensitive header values (auth tokens, cookies) also stay local and are never sent to the developer.

Optional browser-account sync (off by default)

Only if you explicitly enable Cloud Sync does HeaderFlow use your browser's built-in chrome.storage.sync to sync within your own browser account (Chrome↔Chrome, Edge↔Edge, Firefox↔Firefox). Sync data is handled by your browser vendor's infrastructure — never by any HeaderFlow server:

Default mode

Sensitive header values and secret variables are replaced with a redaction marker and excluded from the sync space — they stay on this device.

Passphrase-encrypted mode

The full payload is encrypted locally with a PBKDF2-HMAC-SHA256-derived key and AES-256-GCM before entering the sync space; the passphrase never leaves this device.

Turning sync off stops future syncing but does not immediately delete data already in your browser account's cloud — retention is governed by your browser's sync machinery and account settings.

Edit rules → chrome.storage.local (persisted on this device) Apply → chrome.declarativeNetRequest (rewritten natively by the browser) Secrets → masking affects display & exports only; storage stays local Clipboard → HF1. share tokens detected locally; never logged or uploaded Cloud sync → off by default; browser-vendor channel, optional encryption

Browser permissions and why

Every permission HeaderFlow requests serves one narrow purpose:

storage

Persist your profiles and rules on this device.

declarativeNetRequest

Register header-rewrite rules executed natively by the browser — no request ever passes through extension code.

declarativeNetRequestWithHostAccess

Let rules apply on sites you have granted access to.

sidePanel

Show the full editor in the browser side panel.

clipboardRead

Read clipboard text solely to recognize a copied HeaderFlow share token (starting with HF1.) and offer an import. Parsing happens locally; anything that is not a token is ignored — never logged, stored or uploaded.

<all_urls>

Host access so any URL pattern you write can take effect. The extension does not read or collect page content. You can restrict or revoke this at any time in chrome://extensions.

Website access and header modification

The declarativeNetRequest rules you create are executed natively by the browser on matching sites. This means the headers you configure are sent to matching websites as part of normal requests — that is the product's very function. HeaderFlow does not proxy those requests, does not copy requests or responses to any server, and does not collect what websites return.

Clipboard boundaries

To make “copy a shared config → open a matching page → get an import prompt” work, HeaderFlow reads the clipboard text once after a page loads:

  • It does exactly one thing: check whether the text is a share token starting with HF1.;
  • Non-token content is ignored immediately — not parsed, logged, stored or uploaded;
  • Detection is one-shot; all listeners are removed once it completes;
  • Valid tokens are parsed locally, and a config is imported only after you confirm;
  • Everything happens in local memory. Clipboard content never leaves your device.

Share tokens and secrets

When you copy a profile as a share token, sensitive values such as Authorization and Cookie are force-replaced with a placeholder (__REDACTED__) before encoding — recipients fill in their own. JSON exports are redacted by default (Safe export); a full export containing plaintext requires explicit confirmation every time. Share full exports with care.

Third parties & data sales

HeaderFlow does not sell, rent, trade or disclose user data to any third party, and does not transmit user data to advertisers, data brokers or any developer-controlled server. No third-party SDKs, analytics or ad scripts are embedded anywhere.

The only two data flows out of your device are ones you explicitly choose: browser-account sync (handled by your browser vendor) and the headers you configured being sent to matching websites per your rules. Both serve only the feature you opted into.

Data security

HeaderFlow loads no remote code — all executable code ships inside the store-reviewed extension package. Default sync excludes secrets; optional encrypted sync uses PBKDF2-HMAC-SHA256 and AES-256-GCM.

Recommendations: avoid putting unnecessary secrets into rules, and prefer the default redacted form for share tokens and exports.

Your choices and deleting data

  • Edit or delete individual rules and profiles, or reset from the options page (clears all profiles, restores defaults);
  • Turn off browser-account sync;
  • Uninstall the extension via chrome://extensions — this deletes everything in chrome.storage.local;
  • Manage already-synced cloud data via your browser or account settings.

Children's privacy

HeaderFlow is built for developers and professionals. It does not target children and does not knowingly collect age information or personal information from children.

Changes to this policy

If HeaderFlow's data practices materially change (for example, an optional paid cloud sync in the future), we will update this page and the in-product disclosures, bump the extension version, and provide notice or obtain consent where required. This page always shows the currently effective version.

Chrome Web Store Limited Use

HeaderFlow's use of user data is limited to providing and improving the user-facing features clearly presented in the extension. HeaderFlow does not sell user data; does not use it for advertising, creditworthiness or any purpose unrelated to the extension's single purpose; and does not allow humans to read user data.

HeaderFlow's use of information received from Chrome APIs adheres to the Chrome Web Store User Data Policy, including its Limited Use requirements.

Contact

Questions about this policy or HeaderFlow's data practices: [email protected]