StreamGuard - Anti Popup & Right-Click Unlocker

Re-enables right-click, blocks auto-popup ads, and stops anti-DevTools reload/clear on streaming sites.

StreamGuard — Anti-Popup, Right-Click Unlocker & Anti-Tamper for Streaming Sites Take back control of the pages you visit StreamGuard is a lightweight, privacy-respecting Chrome extension built for one simple goal: give you back the normal, expected behavior of your own browser. Modern streaming portals, free sports aggregators, video mirror sites, and link-locker pages have become hostile environments. They disable your right-click menu so you cannot inspect or copy anything, they hijack the very first click on the video player to launch a pop-up or pop-under advertisement, they stack invisible clickable layers on top of the play button, and — most frustrating of all for power users and developers — they actively fight back when you open Developer Tools by spamming the console, freezing the tab with endless debugger statements, or silently reloading the page so your Network log is wiped clean before you can read it. StreamGuard neutralizes every one of those tricks. It re-enables your right-click context menu, blocks advertisements that try to open automatically when you interact with a player, disables transparent overlay traps placed over the video, and stops the anti-DevTools scripts that erase your inspection data. The result is a browser that behaves the way it is supposed to: your clicks do what you intend, your right mouse button works, and the pages stop tampering with your tools. Why StreamGuard exists Most ad blockers focus on filtering network requests against giant block lists. That approach is great for banner ads, but it does almost nothing about the specific, aggressive behaviors that make low-quality streaming sites painful to use. These sites do not just show ads — they weaponize your own interactions. The moment you press play, a script fires window.open() and a new tab full of redirects appears. The right-click menu, your most basic browser affordance, is stripped away with a single oncontextmenu handler so you cannot easily save an image, copy a link, or open DevTools from the menu. And if you do manage to open DevTools to figure out what is happening, the page detects it and reloads itself, throwing away all the evidence. StreamGuard attacks these behaviors directly, at the source, inside the page's own JavaScript environment. It does not rely on a block list that needs constant updating. Instead, it intercepts the exact browser APIs these scripts abuse and makes them behave sanely. This makes StreamGuard small, fast, and resilient: it keeps working even when an ad network rotates to a brand-new domain, because the technique the ad uses has not changed, only the URL. What StreamGuard does, feature by feature 1. Right-click and selection unlocker A huge number of sites disable your context menu to stop you from copying text, saving images, viewing source, or inspecting elements. They do this by listening for the contextmenu event and calling preventDefault(), by assigning inline oncontextmenu="return false" handlers, or by applying user-select: none styling so you cannot even highlight text. StreamGuard restores all of it. It registers its own listeners in the capture phase — meaning its handlers run before the site's handlers ever get a chance — and it stops the site's blocking handlers from executing. It does this for contextmenu, selectstart, copy, cut, and dragstart, so right-clicking, text selection, copying, and dragging all work again. It also actively strips inline on* blocking attributes from the document and forces user-select back to auto, and it re-applies this fix on a short interval because many sites re-attach their blockers after the page finishes loading. The net effect: your right-click menu comes back, you can select and copy text, you can save images, and you can open your browser's tools from the menu — exactly as you could on any well-behaved website. 2. Auto-popup and pop-under ad blocker This is the headline feature for anyone who watches streams. The classic dark-pattern goes like this: the page puts an invisible layer over the video, or attaches a handler to the player itself, and when you click to play, the handler calls window.open() with an advertising URL. Your video does not start — instead a new tab or window full of redirects, fake download buttons, or worse appears. Sometimes it is a "pop-under" that hides behind your current window so you do not notice until later. StreamGuard wraps the page's window.open function with intelligent gating. It tracks whether you recently clicked a genuine link — a real <a href> element, activated by a real, trusted user gesture. Only window.open calls that closely follow such a genuine click are allowed through. Every other call — the ones fired automatically by ad scripts the instant you touch the player — is blocked and logged. Legitimate "open in new tab" links that you actually click still work; the parasitic auto-opens do not. It also covers a sneakier variant: forms with target="_blank" that some scripts submit programmatically to spawn a new window. Those scripted form pop-ups are blocked using the same gesture-based logic. Critically, this protection runs inside the page's own JavaScript context, so it intercepts the site's real window.open calls rather than a useless isolated copy — a subtle but essential implementation detail that many naive "popup blocker" extensions get wrong. 3. Click-hijack overlay killer Even with window.open guarded, some sites place a large, transparent, clickable element — usually an anchor linking to an ad, or a div with a click handler — directly on top of the video player. The first time you click "play," you are really clicking the overlay, which navigates you away or opens an ad. The overlay is often invisible (zero opacity or a transparent background) and sits at a very high stacking order so it always intercepts your clicks. StreamGuard periodically scans the page for elements that match this profile: large (covering most of the viewport), positioned absolutely or fixed, with a high z-index or a pointer cursor, and either transparent or pointing to an external URL. When it finds one, it sets pointer-events: none on it, which makes the overlay click-through — your clicks pass straight to the real player underneath, while the overlay itself becomes harmless. The scan runs on an interval so overlays injected after load are caught too. 4. Anti-anti-DevTools: stop the page from erasing your inspection data This is the feature that sets StreamGuard apart for developers, security researchers, and curious power users — and it directly solves the problem of a page that "wipes all network data a second or two after you start inspecting." Hostile sites use libraries such as disable-devtool and devtools-detector to fight inspection in three main ways, and StreamGuard counters all three: Console spam via console.clear(). Some scripts call console.clear() repeatedly so that any logs, warnings, or errors vanish before you can read them. StreamGuard redefines console.clear as a no-op function that cannot be overwritten, so your console stays intact. Debugger freeze loops. A common anti-debugging trick is to run setInterval(() => { debugger; }, 100). When DevTools is open, every debugger statement pauses execution, making the tab unusable. StreamGuard wraps setInterval and setTimeout and inspects the source of each callback; if the callback contains a debugger statement or recognizable devtools-detection code (window-size probing, timing checks, React DevTools hooks, and similar patterns), the timer is silently dropped instead of scheduled. The freeze loop never starts. Scripted reloads and redirects that wipe the Network panel. The behavior you saw — the Network log filling in, then suddenly emptying to the "Currently recording network activity" placeholder — happens because the page reloads itself when it detects DevTools. A reload resets the Network panel. StreamGuard intercepts location.reload(), location.assign(), and location.replace(). It allows reloads and navigations that closely follow a genuine user gesture (so your own refresh still works) but blocks reloads and redirects that fire on their own, with no user action behind them. The page can no longer yank the rug out from under your investigation. Together these three protections mean you can open DevTools, watch the Network tab, read the console, and actually study how the page works without it freezing, clearing, or reloading itself out from under you. For the best results, also enable the built-in Preserve log checkbox in the DevTools Network panel — that setting, combined with StreamGuard's reload-blocking, keeps your captured requests visible across anything that slips through. How it works under the hood StreamGuard is built on Manifest V3, the current Chrome extension platform. It ships two coordinated content scripts that run at document_start — the earliest possible moment — in every frame of every page, including embedded iframes where players and ads commonly live. The first script, the bridge, runs in the extension's isolated world, the only place where the chrome.* extension APIs are available. Its sole job is to read your on/off preference from chrome.storage and publish it onto the page's <html> element as a data attribute, then keep it in sync when you flip the toggle. The second script, the core, runs in the page's MAIN world — the same JavaScript context the website's own code lives in. This is the crucial architectural decision. Extensions normally run in an isolated world where they can read and modify the DOM but cannot touch the page's JavaScript objects. If StreamGuard's overrides of window.open, console.clear, setInterval, and location.reload ran in the isolated world, they would override a separate copy of those functions and have zero effect on the site's scripts. By running the core in the MAIN world, StreamGuard's overrides replace the actual functions the website calls, so they genuinely intercept the site's behavior. The core reads the live on/off state from the data attribute the bridge maintains, so toggling protection takes effect immediately. This two-script design — isolated bridge for settings, MAIN-world core for interception — is what makes StreamGuard effective where simpler popup-blocker extensions silently fail. Privacy: StreamGuard collects nothing Privacy is not an afterthought here; it is the default and the whole point. No data collection. StreamGuard does not collect, transmit, log, or sell any information about you, the pages you visit, or what you do on them. There is no analytics, no telemetry, no tracking pixel, no phone-home. No remote servers. The extension has no backend. It never sends a single network request of its own. Everything it does happens locally, in your browser, on the page you are already viewing. No accounts, no sign-in. There is nothing to register for and no login. Install it and it works. Minimal storage. The only thing StreamGuard stores is a single on/off flag for the toggle, kept in your browser's local extension storage. Nothing else is saved. Minimal permissions. It requests storage (to remember the toggle) and host access (so its content scripts can run on the sites where you need protection). It does not request access to your browsing history, your bookmarks, your downloads, your tabs, or anything beyond what is strictly required to modify the page in front of you. You can read every line of what StreamGuard does — it is plain, commented JavaScript with no obfuscation, no minified blobs, and no bundled third-party code. Simple controls StreamGuard stays out of your way. Click the toolbar icon to open a tiny panel with a single switch: Protection on/off. Leave it on for normal use; flip it off temporarily if you ever land on a well-behaved site where you want the page's own click-to-open or reload behavior to function normally. The setting is remembered across browser restarts. After toggling, reload the page so all of the deep protections re-initialize cleanly. Who StreamGuard is for Sports and live-stream viewers tired of a new ad tab opening every time they press play. Everyday users who want their right-click menu, text selection, and image-saving back. Developers and web enthusiasts who want to inspect how a page works without it freezing, clearing the console, or reloading to destroy the evidence. Anyone who believes their browser should obey them, not the website. Honest expectations and limitations StreamGuard is deliberately transparent about what it can and cannot do. It does not remove every ad. It is not a network-level content blocker and does not maintain block lists. Banner ads served inline may still appear; for those, pair StreamGuard with a traditional ad blocker. StreamGuard's specialty is the behavioral attacks — auto-popups, click hijacks, right-click locks, and anti-DevTools tricks. The popup blocker uses an 800-millisecond gesture window to distinguish a genuine click-to-open from an automatic ad. In rare cases a legitimate pop-up that you actually wanted, fired slightly outside that window, may be blocked. If that happens, toggle protection off briefly. The reload guard blocks scripted reloads that occur more than one second after your last interaction. If a site you trust legitimately needs to auto-refresh, toggle protection off for that tab. The overlay killer uses heuristics (size, transparency, stacking, link target). On unusual layouts it may occasionally miss an overlay or neutralize a benign one; toggling off and reloading restores original behavior instantly. Aggressive sites evolve. If a page defeats StreamGuard, the technique can usually be countered with an update. Responsible use Use StreamGuard responsibly and in accordance with the terms of the sites you visit and the laws of your jurisdiction. It re-enables standard browser features and blocks intrusive behaviors; it does not bypass paywalls, defeat DRM, or grant access to content you are not entitled to.