Skip to main content
Y
YakovVoloch
New Member
January 19, 2026
Solved

Find a way to block Incognito if specific extension isn't allowed in Incognito

  • January 19, 2026
  • 1 reply
  • 2 views

Our product is for AI security and one of the main challenges we have is how do we make sure the extension will always run even in Incogntio mode.
I'm talking about the Chrome browser.
There is a flag that seems to be not supported MandatoryExtensionsForIncognitoNavigation while Edge do support this. 

This is very critical to us and I assume all enterprises that would like to keep Incognito mode but still keep security.

If this is no an option can we at least have a formal way to check from command line if an extension is allowed in Incognito mode so we can disable Incognito for these users if our ext isn't allowed?  

Best answer by Lynda

Hi @YakovVoloch 

 

It's a valid and critical point for any organization that wants to ensure security and compliance, even when users are in Incognito mode.

 

Based on the information you provided and some additional research, here’s a breakdown of the options available to you:

 

Forcing extensions in Incognito Mode:

You are correct that you cannot directly force an extension to be enabled in Incognito mode in the same way you can for a regular browsing session. However, if the organisation is using managed devices via ChromeOS, there is a ChromeOS policy that achieves a very similar outcome, which you mentioned in your post: MandatoryExtensionsForIncognitoNavigation.

 

For ChromeOS admins the MandatoryExtensionsForIncognitoNavigation policy allows you to specify a list of extension IDs that are required for browsing in Incognito mode. 

If a user has not allowed all the extensions on this list to run in Incognito, they will not be able to navigate in Incognito. This effectively makes the extension "mandatory" for Incognito use.

 

However I do appreciate if your users are trying to achieve this with Windows or Mac devices, the above will not resolve. And so I see you aired this request within the open Chromium thread here. Hopefully this will gain traction. Other relevant thread to keep an eye on here.

 

Checking if an extension is allowed in Incognito

Regarding your second question, while there isn't a command-line tool for an administrator to check if an extension is enabled in Incognito on a user's machine, your extension can check for itself.

As an extension developer, you should be able to use the chrome.extension.inIncognitoContext property. 

 

This will return true if the extension is running in an Incognito tab, and false otherwise. You could potentially use this to alter the behavior of your extension or to notify the user if it's not running in Incognito, though it would not be able to force Incognito mode to close.

 

Disabling Incognito mode

If ensuring your extension is always active is a top priority and the MandatoryExtensionsForIncognitoNavigation policy doesn't work for your use case, you always have the option to disable Incognito mode entirely for certain users or organizational units using the https://support.google.com/chrome/a/answer/13130396?hl=en

I hope this information is helpful! 

1 reply

Lynda
LyndaAnswer
Community Manager
January 28, 2026

Hi @YakovVoloch 

 

It's a valid and critical point for any organization that wants to ensure security and compliance, even when users are in Incognito mode.

 

Based on the information you provided and some additional research, here’s a breakdown of the options available to you:

 

Forcing extensions in Incognito Mode:

You are correct that you cannot directly force an extension to be enabled in Incognito mode in the same way you can for a regular browsing session. However, if the organisation is using managed devices via ChromeOS, there is a ChromeOS policy that achieves a very similar outcome, which you mentioned in your post: MandatoryExtensionsForIncognitoNavigation.

 

For ChromeOS admins the MandatoryExtensionsForIncognitoNavigation policy allows you to specify a list of extension IDs that are required for browsing in Incognito mode. 

If a user has not allowed all the extensions on this list to run in Incognito, they will not be able to navigate in Incognito. This effectively makes the extension "mandatory" for Incognito use.

 

However I do appreciate if your users are trying to achieve this with Windows or Mac devices, the above will not resolve. And so I see you aired this request within the open Chromium thread here. Hopefully this will gain traction. Other relevant thread to keep an eye on here.

 

Checking if an extension is allowed in Incognito

Regarding your second question, while there isn't a command-line tool for an administrator to check if an extension is enabled in Incognito on a user's machine, your extension can check for itself.

As an extension developer, you should be able to use the chrome.extension.inIncognitoContext property. 

 

This will return true if the extension is running in an Incognito tab, and false otherwise. You could potentially use this to alter the behavior of your extension or to notify the user if it's not running in Incognito, though it would not be able to force Incognito mode to close.

 

Disabling Incognito mode

If ensuring your extension is always active is a top priority and the MandatoryExtensionsForIncognitoNavigation policy doesn't work for your use case, you always have the option to disable Incognito mode entirely for certain users or organizational units using the https://support.google.com/chrome/a/answer/13130396?hl=en

I hope this information is helpful! 

Terms & ConditionsCookie settingsAccessibility statement