Type Array
Mandatory No
"web_accessible_resources": [


Sometimes you will want to package some resources - for example, images, HTML, CSS, or JavaScript - with your extension, and make them available to web pages.

For example, the "beastify" example extension replaces a web page with images of some beasts, by adding some  <img> elements whose src attribute points to the images. The images are packaged with the extension, and for the web page to be able to load them, they must be made web accessible.

The web_accessible_resources key lists all packaged resources that you want to make available to web pages in this way. You specify them as paths relative to the manifest.json file.

Note that content scripts don't need to be listed as web accessible resources.

However, if an extension wants to use the webRequest API to redirect a public (e.g. HTTPS) URL to a page that's packaged in the extension, then the extension must list the page in your web_accessible_resources key.

Using web_accessible_resources

For example, suppose your extension includes an image file at images/my-image.png, like this:


To enable a web page to contain an <img> element whose src attribute points to this image, you could specify "web_accessible_resources" like this:

"web_accessible_resources": ["images/my-image.png"]

The file will then be available using a URL like:


<extension-UUID> is not your extension's ID. It is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed.

The easiest way to get this URL from inside your extension is to use the runtime.getURL API, and give it the path relative to manifest.json:

// something like:
// moz-extension://944cfddf-7a95-3c47-bd9a-663b3ce8d699/images/my-image.png


web_accessible_resources entries can contain wildcards. For example, the following entry would also work to include the resource at "images/my-image.png":

  "web_accessible_resources": ["images/*.png"]


Note that if you make a page web-accessible, then any website may then link or redirect to that page. The page should then treat any input (POST data, for examples) as if it came from an untrusted source, just as a normal web page should.


"web_accessible_resources": ["images/my-image.png"]

Make the file at "images/my-image.png" web accessible.

Browser compatibility

Update compatibility data on GitHub
ChromeEdgeFirefoxOperaFirefox for Android
web_accessible_resourcesChrome Full support YesEdge Full support 14Firefox Full support 48Opera Full support YesFirefox Android Full support 48


Full support  
Full support

Document Tags and Contributors

Last updated by: decadent,