Tampermonkey®
by Jan Biniok
A100 Both is pretty easy:
In order to install Tampermonkey take a look at this video:
If you want to uninstall Tampermonkey then please check this video:
A101 Tampermonkey is a browser extension. A browser extension is a small software program that extends the functionality of a web browser. These extensions are designed to add specific features or functionality to the browser, such as ad blocking, password management or, in this case, userscript injection.
One common feature of browser extensions is the ability to add an icon next to the URL in the browser's address bar (
).
In some browsers you have to manually pin the icon to see it all the time. Clicking on the icon opens a popup menu, which provides information about the running scripts and a link to open the extension settings.
The background page is another important part of a browser extension. This is a hidden webpage that runs in the background of the browser, allowing the extension to perform tasks or functions without the need for user interaction. This includes things like checking for updates, syncing data, or processing information.
Finally the options page allows to configure Tampermonkey and manage your userscripts. The first tab shows all installed scripts. Click at the script name to edit and setup your scripts. ( video tutorial)
There is second tab that allows you to modify Tampermonkey's settings. Tip: adjust the "Config mode" options to see more settings. ( video tutorial)
The third tab offers script import and export functionality to Zip files and JSON documents.
A102 There are different ways to achieve this:
Go to this page to learn about the different script sources. If you found a page then search for a script, open the script's page and click at the install button. ( video tutorial)
Search GitHub Gist and Github for userscripts. Then click it at the "view raw" link. ( video tutorial)
You can also search for scripts at your preferred search engine. Then search for a link that ends up on ".user.js" and click it
If you have a URL to a script, just paste it to Chrome's Omnibox.
In the Tampermonkey dashboard, click on the "Add a new script" button. This will open a new editor window where you can write or paste your userscript.
Enter the code for your userscript in the editor window. Make sure to include the correct metadata at the top of the script, as this is required for Tampermonkey to recognize it. The metadata should include the @name, @match and @description fields, which specify the name of the script and the URL pattern that it should run on.
Once you have entered your userscript code, click on the "Save" button to save it. Your userscript will now appear in the list of installed scripts in the Tampermonkey dashboard. ( video tutorial)
Go to Chromes extensions page, enable the "Allow access to file URLs" checkbox at the Tampermonkey item, create a file with the file extensions ".user.js" and drag-and-drop it to Chrome.
A103 Sure, just go to the options page and click at the script's name you want to modify. A new tab is opened that shows the script's source code.
Click at the "settings" tab (1) to get the *cludes editor shown at the image above.
Now you can select i.e. a entry from the "Original includes" section (2) and add them as exclude by clicking at "Add as User excludes" (3). The entry now appears at the "user excludes" section (5) and the script will not run at this page anymore.
If you want to make a script run at a page it originally shouldn't you have to use the "Original excludes" section (4). Again select a entry, click a the button bellow the section and the entry will appear at "User includes".
You can also add, edit or remove entries that are manually added by using the buttons (6) below the according User section ("User includes", "User matches" and "User excludes").
If you want to override the orginal includes completely just uncheck the checkbox (7) in front of the according heading.
For example you have to uncheck "Original includes" if you want to disable the directive htt*://*facebook.com/*.
A105 It is very easy to sync your scripts. Please follow this procedure to enable the sync feature:
Tampermonkey supports the following sync services:
@downloadURL tag are processed.
For that purpose both, the http and https protocol can be used.A106 Import and export of scripts is pretty simple. Just go to TM's Dashboard/Options page. If you see a 'Utilities' tab then go there, otherwise set the 'Config Mode' to either 'Beginner' or 'Advanced' in order to see it. At this tab there are different sections depending on your Tampermonkey version and browser support:
A200 Yes it is. If you want to install a script just click at the install link. Tampermonkey now asks you whether to install the script in Tampermonkey or native in Chrome.
;
A203 Tampermonkey checks whether HTTP headers like "user-agent" or "referer" can be modified by userscripts. If now another extension like a user agent spoofer or an script blocker like ScriptNo modifies this request too the warning is displayed. This should not occur that often when the option "Allow HTTP headers to be modified by scripts" is set to "Yes" (Default) or even never if it is set to "No".
A204 File access for Tampermonkey is only available at Chrome and derivates. In order to enable it open Google Chrome and click on the "More" icon (the three dots) in the top-right corner of the window. From the menu, select "More tools" and then click on "Extensions".
This will open the browser extensions page (chrome://settings/ or edge://extensions), which shows a list of all the extensions that are installed in your browser. Find Tampermonkey and click on the "Details" link to the right of its name.
On the extension's details page, scroll down to the "Permissions" section. Here, you will see a list of all the permissions that the extension has been granted. To enable file access, you will need to check the box next to the "Allow access to file URLs" permission. ( video tutorial)
A205 The location where a Google Chrome extension's data is stored varies depending on the operating system. On Windows, the data is stored in the following location:
C:\Users\[USERNAME]\AppData\Local\Google\Chrome\User Data\Default\Extensions\[EXTENSION_ID]
Replace [USERNAME] with the name of the user who is logged in to the computer, and [EXTENSION_ID] with the unique ID of the extension. This ID can be found in the extension's details page in Chrome, under the "ID" section.
On Linux, the data is stored in the following location:
/home/[USERNAME]/.config/google-chrome/Default/Extensions/[EXTENSION_ID]
Again, replace [USERNAME] with the name of the user who is logged in, and [EXTENSION_ID] with the extension's ID.
On MacOS, the data is stored in the following location:
/Users/[USERNAME]/Library/Application Support/Google/Chrome/Default/Extensions/[EXTENSION_ID]
Here, [USERNAME] should be replaced with the current user's name, and [EXTENSION_ID] should be replaced with the extension's ID.
Please note that the exact location of the data may vary depending on the specific version of the operating system and the Chrome browser that you are using. For example google-chrome or Google\Chrome might also be chromium, Opera Next or another string depending on you browser. If you are unable to find the data at the above locations, you may need to search for the Extensions folder manually on your system.
You can learn more about the concrete extension's ID here.
A206 If your Chrome browser profile has a corrupted extension storage, you can try the following steps to repair it:
A207 In order to solve the issue described above at Q206 Chrome now tries to automatically correct any corruption by removing corrupted parts. Depending on the severity of the corruption it might restore some data, otherwise the database is just empty. Since this can also affect Tampermonkey's data it tries to detect this process and notify you of the possible loss of all or some settings and scripts.
A208 This is caused by a bug in Chromium that causes Tampermonkey's content scripts to run in the wrong order. Unfortunately the order matters and due to timing constraints it is not possible to wait longer for the other content script than already done. This bug "only" happens when the extension is updated from a previous stable version lower than 4.18. To fix the issue simply:
Disabling the extension seems to cleanup things and the content scripts are executed in the right order again.
If it still doesn't work, then please
A209 For users of the Tampermonkey extension in a Chrome-based browser, enabling Developer Mode is a requirement introduced with Manifest V3 updates.
Developer Mode is necessary due to the two-step user authorization for userscripts: the userScripts permission and the Developer Mode option.
The userScripts permission, on its own, does not trigger a user warning upon installation. So this additional step likely reflects Google's intention to ensure that users are making an informed decision to run extensions that use Userscripts.
To enable Developer Mode in Chrome and derivates:
chrome://extensions or edge://extensions in a new browser tab to navigate to the extensions page. 
Click the image to view it in full size
Click at the image to view full size
This action enables the use of the userScripts API through Tampermonkey.
A300 ...like any other chrome extension that has https and http access! This includes extensions like AdBlock, ScriptSafe, Avast Online Security and due to the fact that it is not displayed explicitly when they are downloaded, any userscript that is installed as native Chrome extension.
If you're interested in this, you can find the access information a the right column of every extension at the Chrome store by searching for "This extension can access". Tampermonkey needs to be able to run at every page, because it doesn't know at what pages your userscripts will run and therefore needs to be able to inject them into every page.
But you're right, userscripts and extensions can harm your privacy and your computer. Nevertheless I think more evil is that Chrome does not display at what pages a userscript wants to run on when install it is installed as native extension. From this point of view Tampermonkey even can bring you some security back, at least if you believe me, that I'm not interested in any of your data. If not, you can open the console (Ctrl-Shift-J) and choose the network tab to investigate what network communication is done. :)
A301 No, Tampermonkey is not infected. Chrome shows this message because the options page tries to load a favicon from a page that Google suspects to be evil.
So this just means that you have script installed that has such an malicious page in its @includes and Tampermonkey loads the favicons from there to give you an overview where your scripts will run.
Click at the image to view full size
In order to fix this issue please configure another "Favicon Service" like "Google" or "DuckDuckGo";
A302 First, please notice that downloading files to your harddisk may be security relevant! Malware might have an easy job once it is downloaded. So please make sure that you only allow the download of non-executable files.
There are a few steps necessary to enable the download feature: ( video tutorial)
Note: Even though GM_download is a powerful function, it's finally more or less just convenience for the userscript autors.
A303 This happens cause you either added the source URL to the "Manual Userscript and @require Blacklist" or it was added to the list maintained by me. You can find the list including the reason for blackisting at the GitHub repo.
If you still want the script to run then you can either increase the "Severity Level" or disable the remote list this way:
Note: If you're a script author and think I made a mistake, then just send me an email or open an issue at GitHub.
A304 Tampermonkey requires the following permissions. Some of them might be optional at some browsers and need to be granted only when used.
GM_notification, Tampermonkey related notificationsGM_xmlhttpRequest@run-at context-menuGM_setClipboardGM_xmlhttpRequest, GM_cookiesGM_downloads, storing Tampermonkey backupsIn Chrome these permissions translate to:
Especially the first one looks a little bit strange. In fact it's not possible for Tampermonkey to get access to your browser history when it is installed. In theory Tampermonkey could access the history of all currently open tabs and store "new" history once installed, but this is neither needed nor done. However, because of this fact the Chrome team maybe thought that printing a too broad warning is better than a too flat one. There also is a bug report for this.
In Firefox this translates to
A305 Chrome has a "feature" that allows third-party software (that has nothing to do with Tampermonkey) to install extensions in the Chrome browser. There are legitimate use cases such as a desktop software that needs an extension to be installed, but malware can also make use of this.
Therefore, please check the settings file and/or the Windows registry keys and remove any unwanted entries.
If Tampermonkey appears again, the problematic software is still on your PC!
Windows users, please open the registry editor and check these two registry keys:
| 32-Bit Windows | HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions |
| 64-Bit Windows | HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions |
The ID of Tampermonkey is dhdgffkkebhmkfjojejmpbldmpobfkfo, further official IDs can be found here.
Important: You should check your system for malware and viruses.
A400 Open Tampermonkey's Dashboard and click at the script's name. Click at the "Storage" if present and check or modify the stored data as needed. If there is no "Storage" tab, then the script has no data stored (yet).
A401 This is a known issue caused by the iframe support of Tampermonkey (and by the way Greasemonkey too ;)). In order to avoid Tampermonkey to check and most probably run scripts at unwished iframes you can do a lot of different things:
Avoid No global includes
Try not to use scripts that @include all pages (http://* and https://*) cause these scripts will run at every tab, every frame and every advertisement.
Note: Tampermonkey outlines such scripts by this icon <i class= *"fa fa-globe fa-lg"* aria-hidden="true"> at their sites column.
Make Tampermonkey not run at social buttons Open TM's options page, make sure the "Config mode" is at least set to "Beginner", go to "Settings" and extend the "Blacklisted Pages" text area like this
*://apis.google.com/_/+1/*button*
*://www.facebook.com/plugins/*
*://platform.twitter.com/widgets/*
Exclude advertisements You can try your own excludes based on this:
*://*.doubleclick.*/*
*://*advertising*
*://*banner*
A402 There are multiple possible ways:
@require the local copy@require tag with the path to the local file that you want to include in the script.
For example, if the file is located at C:\Users\[USERNAME]\Documents\myscript.js, you would add the following line to the script:// @require file://C:/Users/[USERNAME]/Documents/myscript.js
A403
This is pretty simple. Just go to chrome://flags.
Now a page with all experimental Chrome featues is shown - search for 'Javascript'.
Click 'Enable' and 'Relaunch now' at the bottom of the page.
@sandbox value should I use?A404 @sandbox supports the following values: "raw", "JavaScript" and "DOM"
@sandbox is omitted.There is also an option to configure the available sandbox modes which can be used by userscripts. Attention: any option that enables "DOM" mode is potentially unsecure. Userscripts that run in extension context have almost full extension permissions and can even modify and install new userscripts.
A405 Unfortunately Chrome does not allow code injection into frames at the right time.
That's why Tampermonkey needs to be injected into every page, because only pre-defined content scripts will be executed at document-start for sure.
After the injection, it asks the main application whether to run a script at this URL, and if not, it unloads itself to free all resources.
You can help to improve this and tell the Chrome developers how important this feature is for you
by starring this and this issue at Chrome's bug tracker.
Just login with you Google Account and click at the star in front of the issue heading. Thanks.
A406 Tampermonkey supports several browsers and therefore there are different versions of Tampermonkey. The following versions exist:
| Name | ID | Browsers | Sources | Notes |
|---|---|---|---|---|
| Tampermonkey | dhdgffkkebhmkfjojejmpbldmpobfkfo | Google Chrome Opera Microsoft Edge |
Chrome Web Store crx |
MV3 |
| Tampermonkey BETA | gcalenpjmijncebpfijmoaglllgpjagf | Google Chrome Opera Microsoft Edge |
Chrome Web Store crx |
MV3 |
| Tampermonkey | iikmkjmpaadaobahmlepeloendndfphd | Microsoft Edge Microsoft Edge |
Microsoft Edge Add-ons | MV2 |
| Tampermonkey BETA | fcmfnpggmnlmfebfghbfnillijihnkoh | Microsoft Edge Edge Canary |
Microsoft Edge Add-ons | MV3 |
| Tampermonkey | firefox@tampermonkey.net | Firefox Firefox Android |
Firefox Add-ons | MV2 |
| Tampermonkey BETA | firefoxbeta@tampermonkey.net | Firefox Firefox Android |
xpi | MV2 |
| Tampermonkey | mfdhdgbonjidekjkjmjaneanmdmpmidf | Opera | Opera Add-ons | MV2 |
| Tampermonkey Legacy | lcmhijbkigalmkeommnijlpobloojgfn | Google Chrome Opera Microsoft Edge Kiwi |
Chrome Web Store crx |
MV2 |
| Tampermonkey Legacy | bnimknkampfeeemccidiigealnpoheap** | Google Chrome Opera Microsoft Edge |
crx | MV2 |
| Tampermonkey | net.tampermonkey.SafariApp | Safari | Mac App Store |
Note: downloaded files need manual installation
Android users can simply:
A407 There a different packages available for Tampermonkey. Please check Q406 for more information on where to get them.
A408 There a many reasons why you might want to continue running a Manifest V2 version of Tampermonkey. For example, you might have a userscript that is not compatible with the newest version of Tampermonkey or your browser might not support the newest version of Tampermonkey. Here are the steps to continue running a Manifest V2 version of Tampermonkey:
| Name | ID | Browsers | Link |
|---|---|---|---|
| Tampermonkey | dhdgffkkebhmkfjojejmpbldmpobfkfo | Google Chrome, Opera, MS Edge | crx |
| Tampermonkey Legacy | lcmhijbkigalmkeommnijlpobloojgfn | Google Chrome, Opera, MS Edge | Chrome Web Store | crx |
| Tampermonkey Legacy | bnimknkampfeeemccidiigealnpoheap* | Google Chrome, Opera, MS Edge | crx |
* not signed by the official store
Please note that if you install Tampermonkey version ID dhdg on a Chrome browser version 120 or higher, you will need to disable the automatic updates somehow (link, link). Otherwise, Tampermonkey will automatically update to the newest Manifest V3 version.
If you are using a Tampermonkey version that is not signed by the official store, you will need to enable the "Developer mode" switch at the top right of the extensions page in your browser. Then you can drag and drop the downloaded CRX file into the extensions page as explaind in Q407.
Furthermore, if using a Chrome browser version 120 or higher, you will need to enable ExtensionManifestV2Availability
Windows
Either make a shortcut to Chrome and add --enable-features=ExtensionManifestV2Availability to the target field or run the following command in the command prompt:
chrome.exe --enable-features=ExtensionManifestV2Availability
or add the following registry keys:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave]
"ExtensionManifestV2Availability"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Chromium]
"ExtensionManifestV2Availability"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"ExtensionManifestV2Availability"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"ExtensionManifestV2Availability"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Vivaldi]
"ExtensionManifestV2Availability"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\YandexBrowser]
"ExtensionManifestV2Availability"=dword:00000002
macOS
Run the following command in the terminal:
open -a "Google Chrome" --args --enable-features=ExtensionManifestV2Availability
or check this link for an alternative solution.
Linux
Run the following command in the terminal:
google-chrome --enable-features=ExtensionManifestV2Availability
or add policy file named ExtensionManifestV2Availability.json to the following directory and add the following content to the:
{
"ExtensionManifestV2Availability": true
}
here:
/etc/opt/chrome/policies/managed//etc/opt/edge/policies/managed//etc/chromium/policies/managed/A500 Thanks! :) This is pretty easy.
Just clone or fork the i18n repository from Github, apply your changes and send me the file or create a pull request.
More information how internationalization of extensions works can be found at Google's Extension Development Documentation.
Tip: you can attach an additional file called about.txt that will be delivered from now on with the extension.
A501 You can use Tampermonkey and report bugs if you've found one, make a small contribution or give Tampermonkey a 5-star rating here.
Thanks. 😅
A600 Before getting the output you have to enable debug output. Just click at the Tampermonkey icon, choose "Dashboard", select the "Settings" tab and set "Logging Level" to "Debug"". ( video tutorial)
There are 3 different consoles that Tampermonkey might write log messages to.
First the background page console which can accessed this way:
In Google Chrome, go to the extensions page by clicking on the "More" icon (the three dots) in the top-right corner of the window, selecting "More tools", and then clicking on "Extensions". On the extensions page, find the extension that you want to access the background page console for, and click on the "Details" link to the right of its name. On the extension's details page, click on the "background page" link under the "Inspect views" section. This will open the background page in a new window or tab. ( video tutorial)
In Firefox, go to the extensions page by clicking on the "More" icon (the three minuses) in the top-right corner of the window, selecting "Add-ons and Themes". Click at the gear icon at the upper right corner and choose "Debug Add-ons". On the debugging page find the Tampermonkey entry and click "Inspect". Finally select the "Console" tab.
The second one is the option page console.
You can open it this way: right click at the Tampermonkey icon and choose "Dashboard". At the new tab press "Ctrl-Shift-J" or "F12" and select the "Console" tab.
Last but not least every web page has a console.
This one can be opened by "Ctrl-Shift-J" when viewing the page. ( video tutorial)