A Plain-English Guide to Every Permission Highlighty Asks For

Written on:

A Plain-English Guide to Every Permission Highlighty Asks For cover image

Right before you install an extension, the browser shows you a list of permissions — and for anything that works on web pages, that list includes one line that stops people cold: "Read and change all your data on the websites you visit."

It reads like a blank check. This post goes through every permission Highlighty asks for, in plain English: what it's for, and just as importantly, what it does not let the extension do.

TL;DR

  • Host access ("read and change all your data on the websites you visit") is the big one. "Read" is needed to find your text; "change" is only the visual highlight drawn on top.
  • Highlighty never modifies the page's real content or the value of a form field. Close it and the page is exactly as it was.
  • Local storage keeps your queries, lists, history, and settings on your device — it's not a key to anything outside the browser.
  • Chrome shows that same scary sentence for every page-reading extension, from password managers to coupon finders. The wording is the browser's, not ours.
  • None of these permissions let Highlighty send your pages or searches anywhere. Free use sends nothing; PRO sign-in sends only login and subscription state.

Host access: "read and change all your data on the websites you visit"

This is the permission that matters, so let's take it apart word by word.

"Read" — because finding text means reading text

To tell you how many times a word appears on a page, or to light up every match in your saved keyword list, Highlighty has to look at the text on the page. There is no way to search a page without reading it. The browser's own Ctrl+F does the same thing — the difference is that an extension has to ask for permission out loud.

"Change" — only the highlight you can see

"Change" sounds far scarier than what actually happens. The only change Highlighty makes is visual: it paints colored highlights over matching words and draws its own search bar and X-Ray panel on top of the page.

It does this through the browser's native highlighting interface — the CSS Custom Highlight API — wherever possible. That means the words are visually marked without the page's actual content being altered. The text isn't rewritten, the value of a form field isn't touched, and nothing that gets saved or submitted is changed. Close Highlighty and the page is exactly as it was.

"All the websites you visit" — because it can't know which page you'll search next

Highlighty can't predict whether your next search will be in a contract, a research paper, a job board, or a news article. The tool has to be ready on any page you open, which is why the access is broad rather than tied to one site.

If you'd rather it not be ready everywhere, you have control. Highlighty's own whitelist and blacklist let you decide which sites it runs on, and Chrome lets you set any extension to run only "on click" or only on specific sites. You can keep it off your bank and your email entirely.

What host access does NOT allow

It's worth being just as clear about the limits as the capability:

  • It does not let Highlighty change the real content of a page, or the text you've typed into a form. The highlight is a visual layer; your data underneath is untouched.
  • It does not let Highlighty send the pages you read or the things you search to us. Reading a page locally and uploading it are two different things, and Highlighty only does the first.
  • It does not turn on tracking. There's no analytics SDK riding along on this permission, watching which sites you open.
  • It does not let the extension fetch new behavior from the internet — the code reviewed in the store is the code that runs.

Local storage: keeping your stuff on your device

Highlighty also uses the browser's storage permission. This is what lets it remember your saved keyword lists, your colors, your search history, your per-site memory, and all your settings between sessions.

Despite the word "storage," this isn't a key to your files or anything outside the browser. It's local storage inside the browser, on your device. That's where your queries and settings live, and it's why none of them need to be sent to a server for Highlighty to work.

Why the browser shows that scary line at all

Chrome uses one blunt sentence to describe a whole category of capability. Whether an extension is a password manager, a grammar checker, a coupon finder, or a highlighter, if it can run on web pages it gets the same warning: "read and change all your data on the websites you visit."

The warning is the browser being cautious on your behalf, which is a good thing. It just doesn't distinguish between an extension that quietly ships your data somewhere and one that reads the page only to highlight it and keeps everything local. That distinction is on the extension to earn — which is the whole point of being specific about it here.

The honest boundary on data

Permissions describe what an extension can do; they don't tell you what it does with the result. So here's the boundary in plain terms.

The free version needs no account and sends nothing to do its job. PRO features sign in with a Highlighty account, and the only things on our servers are your login details and subscription state — never your queries, lists, history, or the pages you read. Scanned PDFs are read by on-device OCR, so the page image never leaves your computer either.

Frequently asked questions

Why does Highlighty need "read and change all your data on the websites you visit"?

Because finding and highlighting text on a page requires reading that page's text, and showing the highlights requires drawing on top of it. The "change" is purely visual — colored highlights and Highlighty's own search bar — and never alters the page's real content or anything you submit. Chrome uses that same broad warning for every extension that can run on web pages.

Does that permission let Highlighty edit the page or my form fields?

No. The only change is a visual highlight, painted through the browser's native Custom Highlight API. The page's real content and the values in form fields are never modified — copy, paste, undo, and submit all see the original text. Close Highlighty and the page is unchanged.

Can this permission be used to send my pages or searches somewhere?

Not by Highlighty. Reading a page to highlight it happens locally on your device. The free version sends nothing. PRO signs in with an account, and only your login and subscription state are on our servers — never the pages you read or the things you search.

Why does the browser show such a scary warning?

Chrome shows the same broad sentence for every extension that can run on web pages, whether it's a password manager or a highlighter. It's the browser being cautious. The wording is the browser's, and it doesn't distinguish between extensions that keep your data local and ones that don't.

What does the storage permission do?

It lets Highlighty remember your saved lists, colors, search history, per-site memory, and settings between sessions. It's local storage inside the browser on your device — not access to your files or anything outside the browser.

Can I limit which sites Highlighty runs on?

Yes. Use Highlighty's whitelist or blacklist, or Chrome's own per-extension site access settings, to run it only on click or only on sites you choose. You can keep it off sensitive sites like your bank or email entirely.

Would you like to read more? Please check our other blog posts here.

Highlighty logo

© 2026 WEBMIND TECHNOLOGIES LTD.

All rights reserved.

Product

How To Use?

Pricing

Resources

Blog

FAQ

Multi-Highlighter Chrome Extension

Find Multiple Words on a Page in Chrome

Legal

Terms of Service

Privacy Policy

Cookies