Manage Service Workers in Firefox and Chrome
Chrome and Firefox provide users with options to manage registered Service Workers in the browser, including options to remove Service Workers from the browser.
Service Workers are an up and coming feature supported by most modern browsers that enable sites and services to interact with the browser without having to be open in it.
Think of them as on-demand processes that enable the use of push notifications and data synchronization, or make sites work offline.
Web browsers are not designed currently to prompt users all the time when Service Workers are registered in the browser. This happens as a background process most of the time currently.
Manage Service Workers
The Service Worker is registered either automatically, or after the user accepts a prompt. Pinterest is a website that registers one automatically when the site is visited in Chrome or Firefox.
This is not made clear to the user as it happens in the background.
Chrome and Firefox offer no clear information on how to manage Service Workers that were added to the browser previously. While capabilities exist, they are more or less hidden from users at this point in time which is problematic if previously registered workers need to be removed from the browser.
This guide provides you with the means to manage workers in Firefox and Chrome.
Useful information
- Origin is the page the Service Worker was registered from.
- Scope refers to the pages that the Service Worker controls (accepts fetch and message events from).
- Script lists the url of the Service Worker JavaScript file.
Manage Service Workers in Mozilla Firefox
Firefox users can manage all registered Service Workers in the browser in the following way:
- Load about:serviceworkers in a new tab or the current tab, for instance by copying and pasting the address or bookmarking it and loading it this way.
- Firefox displays all registered Service Workers on the page. Each Service Worker is listed with its origin, scope, current worker URL, cache name and other information.
- Click on unregister to remove the Service Worker from Firefox, or update to request an update from its source.
Disable Service Workers in Mozilla Firefox
Firefox users can disable Service Workers in the browser in the following way (via our extensive list of Firefox privacy and security settings guide):
- Load about:config in the browser's address bar and hit enter.
- Confirm that you will be careful if a notification is displayed.
- Use the search field to find dom.service
- Locate dom.serviceWorkers.enabled and double-click on the preference name to set it to false. Doing so disables the Service Workers functionality in Mozilla Firefox.
To undo the change, repeat the process but make sure that the value of the preference is set to true when you are done.
Manage Service Workers in Google Chrome
- You need to load the url chrome://serviceworker-internals/ in the Chrome web browser to open the list of registered workers.
- Chrome displays slightly different information than Firefox, including a console log which may come in handy.
- Hit the unregister button to remove the selected item from the browser, or start to activate it.
Disable Service Workers in Google Chrome
There does not seem to be a way currently to disable the feature in the Chrome browser. Leave a comment below if you have found a way, and I'll update the article asap.
Useful Resources
The following resources offer additional -- usually focused on development -- resources.
- Get Started with Service Worker Google Developers
- Is Service Worker Ready compares browser support
- Service Worker API MDN
- Service Worker Introduction on HTML5 Rocks
- The W3C Service Workers Working Draft
As a web developer with a tabletop gaming player finder website that relies on communication with it’s members, I find the idea of agents to be fascinating. It is very tantalizing.
But as an end-user it terrifies me because of the vast number of ways it can be misused. Aside from annoying pop-ups every time somebody has a notification for you, how long will it be until somebody figures out how to push an install package down the pipe to you.
I’ve found several service workers in my local Chrome install. None of them actually did push notifications, they all had other functions.
Something to note: Service Workers only work on https pages.
Martin said:
“There does not seem to be a way currently to disable the feature in the Chrome browser. Leave a comment below if you have found a way, and I’ll update the article asap.”
If you click the ‘unregister’ button, the service work is removed.
Eduardo, yes you can remove Service Workers once they are registered, but there seems to be no way to disable the entire feature like it is possible in Firefox.
I expect a new class of blockables in uBlock Origin will show up soon just for these types of files.
I dont’t think that a preference to disable Service Workers is really needed. It’s a web standard and probably one of the most important new web standards for the next years. Firefox needs a preference because Service Workers are enabled in Firefox 44 and will be disabled in Firefox ESR 45 because of upcoming spec and implementation changes. In the long term I don’t see any reason to keep the preference.
(But it’s only my opinion and I don’t know of plans to remove the preference)
@ Sören Hentzschel – There HAVE TO BE rhe preference to turn this feature off and disable it completely. I hate the spam notifications and I want the option.
@Anonymous: You didn’t understand my comment / what service sorkers are. Service worker is *not* a synonym for notifications. Notifications are only a part and there *is* a preference to disable notifications *without* disabling the full service workers standard.
@ Sören Hentzschel – Maybe, but Service Workers are the problem for security and privacy. There is little documentation about them. They install silently in background without any notification. They run silently in background. They intercept network traffic. They can come from any website. They don’t need originating website open to be running. What’s more there are still unknown security implications. In past it was: CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287. They improve tracking and targeting. What’s more they could be even used as botnet – https://sakurity.com/blog/2016/12/10/serviceworker_botnet.html
Why would anyone want this? Sounds much worse than cookies to me.
Can you explain your comment? Service Workers and Cookies are totally different things.
Allowing sites to converse with your browser?? Seems a major invasion of privacy. I have yet to read what good it does for the user….Please note, I am very ignorant about most things Internet-related, which is why I come here–to learn.
There is a website from Mozilla:
serviceworke.rs
… where you can find examples what is possible with service workers. Cookies are just a storage. ;)
Mr. Hentzschel , pardon my asking, but are you a website developer??
Yes. That’s my job. ;-)
When I exit from a site (a domain) it is not to have it stick to my browser session afterwards.
Consequently, in conformity with Pants’ work published here at ‘Ghacks user.js Firefox privacy and security list’ :
// disable service workers
user_pref(“dom.serviceWorkers.enabled”, false);
// disable push notifications – push requires serviceWorkers to be enabled – I push on double-locking!
user_pref(“dom.push.enabled”, false);
user_pref(“dom.push.connection.enabled”, false);
user_pref(“dom.push.serverURL”, “”);
user_pref(“dom.push.udp.wakeupEnabled”, false);
user_pref(“dom.push.userAgentID”, “”);
// disable web/push notifications
user_pref(“dom.webnotifications.enabled”, false);
user_pref(“dom.webnotifications.serviceworker.enabled”, false);
May be useful, but not for me, thanks. A gadget IMO, not to mention privacy issues (have a look at dom.push.userAgentID : I don’t like IDs).
And thanks (once again) to Martin for clarifying this service (and in no way for discrediting it).
All I have in Service Workers in Chrome 64-bit is Google Plus and Facebook. I haven’t received any spam from them so far. For now I’ll leave them registered until I see them causing problems.
Check out “Clear Service Worker” – The chrome extension to clear service workers easily
https://chrome.google.com/webstore/detail/clear-service-worker/kkbncldhbdallogkalmfgijpinjggboh?utm_source=gmail
Maybe paranoid but aren’t those service workers misused to track you? As soon as you open the browser a background connection to the registered services could be reopened even if you are not using Google Plus or Facebook at the moment. That’s why they must be unregistered each and every time when the corresponding website is closed with no exceptions other than I explicitly allow. No reasons at all for me to use service workers since there are 6 or more open CVE security holes which I’ve read somewhere else.
My webmail (tutanota.com) installs one. I queried it with them and they advised me that without it the code used to encrypt mails would have to be downloaded every time I logged into the site which is fair enough.
The latest Waterfox disables them by default so I had to re-enable the setting manually today.
It’s easy enough to remove them though and all a user needs to do is to use the context menu option: “Forget about this site” in the History menu although that removes all the links as well of course.
This “standard” feature is disturbingly insecure. https://blog.acolyer.org/2019/04/12/master-of-web-puppets-abusing-web-browsers-for-persistent-and-stealthy-computation/
tx ghacks, google was constantly using upwards of 25% of my cpu power just browsing on their site and not even watching videos; i disabled service workers and the problem went away… i was curious if they are utilizing spectre or other side channel attacks via these mechanisms; given my speculation has been so wrong in the past ill take that with a healthy dose of skepticism but who knows.
by google i mean youtube btw
Yes, each service worker uses another thread, and all the overhead that implies for process management. I deleted all service workers from sites I rarely visit, and got rid of mysterious desktop notification ads, and reduced Chrome memory usage from about 2.5Gb to 1.1Gb. If EU legislators get of hold of this, I expect another law. This is much worse than cookies. Imagine if every site you visit installs its own cyrptocurrency miner to generate revenue, or worse hijacks your bandwidth for a geoblocker, spam engine, or vpn?
Cures for the Service Worker “Overload”.
Please amplify and correct :)
1. Possibility:
File Explorer:
C:\Users\Your Profilename\AppData\Roaming\Opera Software\Opera Stable\Service Worker
There folders:
CacheStorage (biggest?)
ScriptCache
Database
To sort files for size i use the XYplorer.
Here you could always watch the
index.txt
to see which site (mis)uses your HD space.
So i discovered plus 100MB eg from nytimes.com, where i didnt go for years.
Deleted at once. But this is too time-consuming for evey folder.
2. Poss.:
Simplier with the address bar:
opera:serviceworker-internals
Here you can manualy click unregister per Domain.
I cleaned all up but important folders like Googlemail, Opera, etc.
Success: More than 200 MB so of 50% shrunked my Service Worker! :D
But: this won’t be permanent.
3.Poss:
Opera developer tools :
CTRL+Shift+I, Application, Service Worker, Service workers from other origins.
I did not use this.
4. Poss.:
Deactivation of Service Worker in the Opera Browser per Addon uMatrix:
Click on the 3 points points on top of each other to the right of On/Off: Forbid Webworker.
5. Poss.:
opera://flags
Search for “service worker”.
Enable/Disable:
– Service worker on UI thread
– Prefetch request properties are updated to be privacy-preserving
Could be permanent, but this seams to be too unspecific und risky for many sites who do profit from that.
Conclusion:
Options 2 an 4:
opera:serviceworker-internals
Addon uMatrix
They seem to be a good team: First delete non important and then block this permantly by an addon.
But you got to look regularly in your Opera Profile folder “service Worker”, otherwise it would blow up too much.
And the problem stays that you can not simply get rid off this data waste. :(
Not to talk of probably important security risks.
Yes, for website performance or while staying offline the Service Worker might be useful and necessary, but i never read something positive about it.
Who has got sources? :)
the following userscript disables the creation of new ServiceWorkers. Tested in chrome using violentMoney. It’s set to block on all sites, but you can change the @match rules to blacklist whatever you like.
// ==UserScript==
// @name disableServiceWorkerRegistration
// @namespace globalScripts
// @description disableServiceWorkerRegistration
// @run-at document-start
// @match http://*/*
// @match https://*/*
// @grant none
// ==/UserScript==
ServiceWorkerContainer.prototype.register= ()=>{}