Extension Disablement

Your extensions can't touch your browsing session.

When you visit a protected site, Haven automatically disables risky browser extensions. The moment you leave, they come back. You can turn this off at any time.

On chase.com — protected site
1
1PasswordActive
G
GrammarlyActivePaused
A
AdBlock PlusActivePaused
H
HoneyActivePaused
Extensions restored when you leave this site

Why extensions are a risk

Extensions see everything on your screen.

Most browser extensions are harmless — but all of them have broad access to the pages you visit. They can read form fields, intercept credentials, and alter page content. On a banking site, that's a significant exposure.

Extensions Can Read Your Passwords

Browser extensions can access form fields, intercept credentials, and read everything on the page.

Extensions Can Modify Transactions

Malicious extensions can alter bank transfers, change account numbers, and inject fake forms.

Extensions Can Steal OTPs

One-time passwords and 2FA codes can be intercepted by compromised extensions in real-time.

You'd Never Know

Extension attacks are invisible. There's no warning, no popup, no sign anything happened.

You're in control

Not for you? Turn it off.

Extension disablement is on by default because it meaningfully reduces your exposure on sensitive sites. But if it conflicts with your workflow, you can turn it off in Haven settings at any time.

How to turn off extension disablement

Open Haven → Settings → toggle off "Disable extensions on protected sites." Your extensions will stay active on all sites going forward.

Answers to Your Questions

Get answers to commonly asked questions about extension disablement.

Contact us