ExtGuard
Purple CopperPrivacy & DataHard rejection

User data — secure transmission required

User data is sent over insecure connections or leaked through URLs/headers.

Common reasons Google rejected this

  • 01Extension transmits user data over HTTP instead of HTTPS.
  • 02Sensitive data is encoded in URL query parameters or headers.
  • 03TLS certificate validation is disabled or weakened.

How to fix it

  • Use HTTPS for every fetch that touches user data.
  • Send sensitive data in request bodies, not URLs.
  • Never accept invalid certificates in production code.

Read Google's full policy

developer.chrome.com

Don't risk another rejection

Run all 25 ExtGuard checks against your zip in 3 seconds.