Home Blog Contact

Live HTTP headers (and other Chrome extensions) distributing adware

In the last couple of days I’ve had an in-page modal window pop up on some websites with the title “Sponsored by [website address]”. At first I didn’t think anything of it, but this is the second time I’ve seen it now so I did some digging. The modal window looks like the below, except in your case it’s probably showing an advert.

Live HTTP headers extension

I have uBlock Origin installed so this took me by surprise. It was either malware that had been introduced to my macOS system (unlikely), or something I’ve installed in Chrome that had decided to go rogue and inject advertisements into pages, bypassing uBlock Origin.

With not a lot of information to go on, I opened up developer tools to look at the markup of the modal window, hoping that I could find a vendor-specific element name that I could Google for. While that wasn’t the case, I did find a somewhat unique element name for the modal.

Devtools markup

Googling the term "asgds_modal" (in quotes) turned up this reddit thread, where a lot of users are reporting that Chrome extensions are the culprit. In my case, it was Live HTTP Headers.

Luckily the fix to this is quick and simple. Just remove the Chrome extension. Make sure you also tick the report abuse flag.

Uninstall extension

Even after removing the extension, as one last-ditch attempt to advertise to me, I got redirected to a liposuction landing page.

Liposuction ad

Some other extensions that have been reported to cause this issue are:

As if to confirm the theory, all of the Chrome web store links for these extensions now return a 404 page. Good riddance.

Chris White
Chris White

Chris is a software engineer living in Ottawa. He can usually be found writing web apps with Laravel and trying to avoid JavaScript as much as possible.

He works for Intouch Insight during the day, and is the founder of Loglia at night.