Is Pixelay for Figma safe?

Medium risk

Pixelay for Figma can remove CSP and X-Frame-Options headers from HTTPS pages after its content script is triggered.

Hypermaticv1.1.11Chrome Web Store
45Risk

AI-generated. Findings may contain errors. Those marked Verified have been manually reviewed.

Publishers can request a review.

Updated 14 July 2026gnbafbeabkbkecmbedfgebgboicpnkpp