Under Chrome Web Store Review
Version 1.0.0 has been submitted and is currently pending Google's in-depth review (triggered by host permissions on merchant domains). This is normal and typically takes 1โ7 days. The extension is fully built and functional โ install link will appear here the moment it is approved.
HoneyKiller
Version 1.0.0 ยท Chrome Extension (Manifest V3) ยท MIT License
What it does
Blocks commission theft at checkout
When your reader reaches Amazon checkout, Honey pops up and replaces your affiliate tag with its own. HoneyKiller removes the popup before your reader sees it.
Blocks attribution server calls
Uses declarativeNetRequest rules to block Honey's attribution redirect (out.honey.io) at the network level โ before any JavaScript runs.
Covers 8 commission-stealing extensions
Honey, Capital One Shopping, Rakuten, RetailMeNot, Piggy, Coupert, DealFinder, and Cently โ all blocked with dedicated detection signatures.
Zero data collected
Block counts are stored locally in your browser only. Nothing is ever sent to any server. No account needed. No tracking. Privacy by design.
How it works โ 4 layers
Network block (declarativeNetRequest)
Blocks Honey's attribution server (out.honey.io) at the browser network layer before any JavaScript runs. Honey cannot claim the commission.
DOM scan on page load
Scans the page after load for injected commission-thief panels. Removes them if found.
Body guard (MutationObserver)
Watches every element added to the page in real time. Honey v19 uses a closed shadow root that normal JavaScript cannot read โ HoneyKiller uses Chrome's chrome.dom.openOrClosedShadowRoot() API to pierce it and detect the panel before the reader sees it.
Global variable freeze
Freezes the extension globals (window.honey, window.CapOne etc.) using Object.defineProperty โ prevents re-injection after removal.
Extensions blocked
Combined: ~50 million browsers actively stealing from affiliate creators
Honey
17M usersPayPal ($4B acquisition)
Rakuten / Ebates
12M usersRakuten Group
Capital One Shopping
10M usersCapital One Bank
RetailMeNot
5M usersZiff Davis
Piggy
3M usersPiggy Ltd
Coupert
2M usersCoupert
DealFinder
1M+ usersDealFinder
Cently
1M+ usersCently
Known limitations (honest)
Honey's internal service worker
Honey's own service worker (h0.js) makes attribution calls from inside Honey's process. Chrome's architecture prevents one extension from blocking another extension's service worker requests. HoneyKiller blocks page-context calls but not this internal path.
Unlisted merchant sites
Content script only runs on the merchant domains listed in the extension's host permissions (Amazon, eBay, ShareASale, CJ, Pepperjam, Awin, ClickBank, Impact). Honey can still claim commission on unlisted shopping sites. The network-level DNR rules do apply globally.
Coupon site last-click theft
When a reader searches for coupons on Honey's website (not the extension), the coupon site can still claim last-click attribution at the network level. This is outside the scope of a browser extension and is not solved in v1.
No data reporting yet
V1 stores block counts locally only. Connection to your ProtectAffiliate dashboard (to see which of your readers are protected) is a v2 feature. Coming after Chrome Web Store approval.
Is it safe to install?
โ Fully open source โ every line of code is public on GitHub. Read it yourself before installing.
โ Minimal permissions โ only requests access to specific merchant checkout domains. Not your email, not your bank, not your history.
โ Zero data collection โ block counts live in your browser. Nothing is ever sent to any server in v1.
โ MIT licensed โ you can fork it, audit it, run your own build.
Built by ProtectAffiliate ยท Privacy Policy ยท MIT License
Are you a blogger or affiliate creator?
HoneyKiller protects your readers. ProtectAffiliate protects your entire site โ scanning every affiliate link for broken redirects, stripped tags, and dead destinations before they cost you revenue.
Protect your site with ProtectAffiliate โ