This only works for the selected domain and only on the https protocol. Info.plist <key>SFSafariWebsiteAccess</key> <dict> <key>Level</key> <string>All</string> <key>Allowed Domains for Header Injection</key> <array> <string>js-blocker.com</string> </array> </dict> SafariExtensionHandler.swift class SafariExtensionHandler: SFSafariExtensionHandler { override func additionalRequestHeaders(for url: URL, completionHandler: @escaping ([String : String]?) -> Void) { print("FIRE: additionalRequestHeaders") } }

Here is a code example that will explain everything: class SafariExtensionHandler: SFSafariExtensionHandler { override func toolbarItemClicked(in window: SFSafariWindow) { // when: info.plist → SFSafariToolbarItem → Action = Command } override func popoverWillShow(in window: SFSafariWindow) { // when: info.plist → SFSafariToolbarItem → Action = Popover } override func popoverViewController() -> SFSafariExtensionViewController { // when: info.plist → SFSafariToolbarItem → Action = Popover return SafariExtensionViewController.shared } }