Disabling DOM Injection by Browser Extension


When developping frontend applications now there is some hydratation and comparaison between what the server sent and what the browser has in its DOM. With my React DevTools it always fail with this error:

Warning: Extra attributes from the server: data-bitwarden-watching
    at form
(with a huge stackstrace, flooding my console logs)

Indeed, Bitwarden adds an attribute to tags. A hack for now is to disable any credentials that matches the current development URL. But I see 2 issues:

  • it prevents me to use my credentials into development applications
  • sometimes, for no reason, the error comes back, it seems there is a race condition where Bitwarden will still add the attribute

I investigated to use “excluded domains” in the bitwarden settings but it’s scoped to a domain “localhost” and cannot be selective for a “localhost:3000” for example.

Do you have a solution for this? A known class/attribute that prevents Bitwarden from manipulating the DOM? Hopefully I’m looking for something not specific to Bitwarden since LastPass also have this issue according to Google :slight_smile:

Thank you,


I just wanted to tag @subsiding5348 and @bit, who have previously inquired about the possibility of disabling content script injection (here and here), for different use cases. If they post here to support the feature request and describe their use cases, we can change the Feature Request title to something more general (like “Disabling DOM Injection”).


I’m sorry for the long delay to reply.

Yes, I support an option to disable DOM injection.

Five primary reasons:

  1. Even when Bitwarden is set to not perform any actions when pages load, I sometimes receive browser messages indicating that Bitwarden is slowing down the browser.

  2. I spend much time coding, including front-end coding. Having Bitwarden always injecting into the DOM adds another variable for which I need to account during development, including before the code is ready to be tested for such injections.

  3. The DOM injection slows down some development tools, including integrated browser devtools. This gets amplified on some specific web sites.

  4. Any time code injection takes place, it slows down the browser a little. If the functionality supported by code injection is not being used, it’s best to keep the browser running at 100%.

  5. When troubleshooting a website, it’s another variable that needs to be accounted for. So to effectively troubleshoot an issue, one must manually disable the Bitwarden browser extension every time one begins a debugging session.

Thank you for contributing to the thread, @bit.

I’ve gone ahead and changed the Feature Request topic title to be more general (was: “Allow preventing ‘data-bitwarden-watching’ to be added”).

1 Like

You’re welcome. Thanks for updating the topic title.

I tried voting for this Feature Request, but I’m out of votes. So I removed a vote from another Feature Request, but Discourse still claims I’m out of votes. Odd.

The injected html also makes it far easier to fingerprint web browsers