- \n
- LinkedIn can scan Chromium-based browsers for known extensions.<\/strong> This is called Active Extension Detection <\/strong>(AED<\/strong>). As of mid-June 2026, LinkedIn\u2019s code probed 4,934 Chrome extension IDs, with the list growing by roughly 12 per day.<\/li>\n\n\n\n
- Cookie-bridge tools create one of the highest-risk setups.<\/strong> These extensions read your LinkedIn
li_at<\/code> session cookie and upload it to the vendor\u2019s cloud, which can then run your account from a data center IP. We found this pattern in code across 9 widely used tools.<\/li>\n\n\n\n- Reading cookies is not the same as exporting your session.<\/strong> Some tools read cookies but keep the session local. The real question is where the cookie value goes, so we traced that path for every tool in this guide.<\/li>\n\n\n\n
- Blocking LinkedIn telemetry can expose the tool instead of hiding it.<\/strong> Some extensions block LinkedIn tracking endpoints. If one endpoint still reports back, LinkedIn may see that other telemetry paths are being blocked.<\/li>\n\n\n\n
- Your device fingerprint can travel with session requests.<\/strong> LinkedIn collects 48 device signals, including graphics, audio, fonts, local IP through Web Real-Time Communication (WebRTC), and automation flags. That fingerprint is encrypted and attached to Application Programming Interface (API) requests during the session.<\/li>\n\n\n\n
- Detection is better understood as a scoring model.<\/strong> Extension presence, code traces, network anomalies, and account behavior can all add risk signals. Conservative daily limits help, but they do not fix a risky architecture.<\/li>\n\n\n\n
- Manual outreach is not restriction-proof.<\/strong> High volume, bulk profile opening, and too many \u201cI don\u2019t know this person\u201d reports can affect manual users too.<\/li>\n\n\n\n
- Cloud tools can leave a visible IP trail.<\/strong> In our 7-tool cloud test, five of the six server-side tools placed accounts behind data center or proxy IPs rated high-risk by an independent fraud database. One vendor gave both test accounts the same IP, and three unrelated tools routed through the same upstream provider.<\/li>\n\n\n\n
- Account safety is not a niche concern.<\/strong> Across nine English-speaking markets, roughly 12,050 monthly searches relate to LinkedIn restrictions, account limitations, identity verification, or bans.<\/li>\n<\/ol>\n\n\n\n
<\/span>Why You Can Trust This Report<\/span><\/h2>\n\n\n\n
This guide is based on three sources of evidence: product history, extension code, and live cloud testing<\/strong>.<\/p>\n\n\n\n
The first source is<\/strong> Alexander Erin, founder of Linked Helper<\/strong>, who has been in that role since October 2016.<\/p>\n\n\n\n
He wrote the first version of Linked Helper, which was a Chrome extension. At its peak, it ranked first for the \u201cLinkedIn\u201d search query in the Chrome Web Store and had an audience of about 80,000 users. He also saw LinkedIn\u2019s early detection systems affect competing extensions. In August 2019, he had three days to patch Linked Helper against a second detection wave.<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.linkedhelper.com\/blog\/wp-content\/uploads\/2026\/06\/image-4-1024x457.png\")
<\/figure>\n\n\n\nAfter that, the team decided to leave the Chrome Web Store and rebuild Linked Helper as a standalone desktop application.<\/p>\n\n\n\n
The second source is code.<\/strong><\/p>\n\n\n\n
For this report, we downloaded the real published extensions of 16 competing tools, de-minified them, and traced what they do with your LinkedIn session. We checked the code file by file and kept line references where the behavior could be verified.<\/p>\n\n\n\n
We also used the BrowserGate investigation<\/a>, which analyzed LinkedIn\u2019s production JavaScript from December 2025 to March 2026. That work documented detection systems that our expert had already described from the defender\u2019s side since 2019.<\/p>\n\n\n\n
The third source is a live test.<\/strong><\/p>\n\n\n\n
Code can show what an extension can do, but it cannot show which IP address a cloud service assigns after your session reaches its servers. To check that part, we signed up for 7 cloud tools using two accounts per tool from the same country, France.<\/p>\n\n\n\n
For each account, we recorded the exit IP, the IP\u2019s reputation in IPQualityScore<\/a> (IPQS), the device type, the operating system (OS) shown by the cloud, and whether the companion extension appeared on LinkedIn\u2019s scan list. IPQS is an independent fraud-intelligence database, and IPQS lists LinkedIn among its customers on its website.<\/p>\n\n\n\n
By the end of this guide, you will have three practical outputs:<\/p>\n\n\n\n
- \n
- A risk map of the main automation architectures<\/li>\n\n\n\n
- A code-level checklist for auditing any extension<\/li>\n\n\n\n
- Safer operating benchmarks for cases where benchmarks still apply<\/li>\n<\/ol>\n\n\n\n
<\/span>Why Account Safety Is the Main Issue<\/span><\/h3>\n\n\n\n
LinkedIn account restrictions remain a major concern for sales teams, recruiters, founders, agencies, and growth teams. Every month, people search for answers about restrictions, identity checks, invitation limits, and sudden account enforcement.<\/p>\n\n\n\n
Most advice stops at daily activity limits and message volume. Those are important, but they are only part of the risk picture. LinkedIn can also observe technical signals, including browser extensions, device fingerprints, cloud-session environments, and IP reputation.<\/p>\n\n\n\n
This report focuses on that technical layer. Instead of guessing what LinkedIn may detect, we look at how automation tools are built, what signals they expose, and how each architecture can affect account risk.<\/p>\n\n\n\n
\n\n\n\n<\/span>1. The Architectures Behind LinkedIn Automation Risk<\/span><\/h2>\n\n\n\n
Marketing labels such as \u201ccloud,\u201d \u201cAI,\u201d \u201cChrome extension,\u201d and \u201csafe\u201d do not explain account risk on their own.<\/p>\n\n\n\n
The real questions are:<\/p>\n\n\n\n
- \n
- How does the tool access your account?<\/li>\n\n\n\n
- Where does the work run?<\/li>\n\n\n\n
- Where does your data go?<\/li>\n\n\n\n
- What traces does the setup leave behind?<\/li>\n<\/ol>\n\n\n\n
Most LinkedIn automation tools can be mapped to the building blocks below. Some tools use one model, while others combine several models inside the same product.<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.linkedhelper.com\/blog\/wp-content\/uploads\/2026\/06\/image-5-1024x401.png\")
<\/figure>\n\n\n\nDux-Soup Chrome Extension Data Flow. Red nodes show your LinkedIn session or data leaving for a vendor\u2019s cloud. Grey nodes show data that stays in your browser.<\/em><\/p>\n\n\n\n
<\/span>1.1 Browser Extensions That Run Inside Your Browser<\/span><\/h3>\n\n\n\n
A browser extension can combine several automation patterns. The difference between those patterns matters because some keep your session local, while others move session data into a vendor cloud.<\/p>\n\n\n\n
<\/span>a) Local Scraping Through Your Own Session<\/span><\/h4>\n\n\n\n
In this model, your LinkedIn session stays on your machine. The extension calls LinkedIn\u2019s internal API, known as Voyager, directly from your browser while using your existing LinkedIn login.<\/p>\n\n\n\n
Technically, this can look like
fetch(..., {credentials: \"same-origin\"})<\/code> with aCSRF token<\/code> header derived from yourJSESSIONID<\/code> cookie. Cross-Site Request Forgery (CSRF) tokens help prove that a request belongs to the current logged-in browser session.<\/p>\n\n\n\nOnly the scraped results, such as profiles or emails, are uploaded to the vendor. Your session token itself is not exported.<\/p>\n\n\n\n
Verified examples from our audit include Octopus CRM, GetProspect, Findymail, Apollo, and Dux-Soup on its Turbo, Pro, and Free plans. Octopus CRM had the cleanest implementation in this group because it did not request the Chrome
cookies<\/code> permission and used local Voyager calls such asfetch(voyager, {credentials:\"same-origin\", \"CSRF-token\": U()})<\/code>.<\/p>\n\n\n\nThe upside is that your IP, browser session, and device fingerprint stay consistent. Your session token does not leave your browser.<\/p>\n\n\n\n
The risk comes from the requests<\/strong> themselves.<\/p>\n\n\n\n
- \n
- A bare Voyager request without the surrounding page traffic can create an unnatural request pattern, which we cover in \u00a72.7<\/a>.<\/li>\n\n\n\n
- The extension can also remain visible to LinkedIn\u2019s extension scanners, which we cover in \u00a72.1<\/a> and \u00a72.2<\/a>.<\/li>\n<\/ul>\n\n\n\n
There is also a maintenance risk<\/strong>.<\/p>\n\n\n\n
Many extensions rely on hard-coded assumptions about LinkedIn\u2019s internal API structure, request formats, headers, and parameters. If LinkedIn changes those expectations, an outdated extension can start sending malformed or unusual requests<\/strong> until the vendor detects the change, ships a fix, and users install the update.<\/p>\n\n\n\n
<\/span>b) Cookie-Bridge or Session-Upload Extensions<\/span><\/h4>\n\n\n\n
In this model, your LinkedIn session leaves your machine. The extension reads the LinkedIn cookie jar through calls such as
chrome.cookies.getAll(...)<\/code>, picks out values such asli_at<\/code>,JSESSIONID<\/code>, orli_a<\/code>, and sends those values to the vendor\u2019s server.<\/p>\n\n\n\nAfter that, the vendor\u2019s cloud can act as your account from its own IP address. As our expert said about one such tool, \u201cthe extension serves as a bridge to pump the cookie out, and has no other purpose<\/em>.\u201d<\/p>\n\n\n\n
The table below shows what we found in the code. It also separates tools that export session data from tools that keep the LinkedIn session local and send only results.<\/p>\n\n\n\n
Tool<\/th> What the Code Does<\/th> Vendor Destination<\/th><\/tr><\/thead> Waalaxy<\/td> Reads all LinkedIn cookies through chrome.cookies.getAll({url:\"https:\/\/www.linkedin.com\"})<\/code>, packages them intoauthDataFromExtension.cookie<\/code>, and uploads the session bundle to the cloud (background.js:91370-91432<\/code>).<\/td>stargate.prod.aws.waalaxy.com<\/code><\/td><\/tr>Kaspr<\/td> Extracts li_a<\/code>,li_at<\/code>,sessionId<\/code>, and LinkedIn identifiers, then sends them to the vendor\u2019s\/linkedin\/sync<\/code> endpoint (background.api.js:157-169<\/code>; cookie collection starts inbackground.events.js:87-89<\/code>).<\/td>api.kaspr.io<\/code><\/td><\/tr>Wiza<\/td> Reads li_at<\/code>,li_a<\/code>, and the LinkedIn cookie jar through Chrome\u2019s cookies API, then hands the data to the Wiza controller for cloud processing (background.ts-D9M8FI6v.js<\/code>).<\/td>wiza.co<\/code> \/wiza.com<\/code><\/td><\/tr>Lemlist<\/td> Reads LinkedIn cookies, converts them into a full name=value<\/code> cookie string, uploads it to\/linkedin\/updateCookie<\/code>, and re-syncs wheneverli_at<\/code> changes (background-D7SnJp7X.js<\/code>).<\/td>app.lemlist.com<\/code><\/td><\/tr>Prospeo<\/td> GET_LINKEDIN_COOKIES<\/code> extractsli_at<\/code> andli_a<\/code> from LinkedIn cookies and forwards requests through the vendor proxy layer (background.js-bab59bf8.js<\/code>).<\/td>prod.prospeo.io<\/code><\/td><\/tr>Surfe<\/td> Collects JSESSIONID<\/code>,li_at<\/code>, andli_a<\/code> from LinkedIn cookies and sends them to Surfe\u2019s backend (background.js<\/code>).<\/td>api.surfe.com<\/code><\/td><\/tr>HeyReach<\/td> Reads li_at<\/code>, maps the LinkedIn cookie jar, and uploads it through\/CreateLinkedInAccountFromCookies<\/code>, marketed as a special login connector (popup.js<\/code>,linkedIn_request_utility.js<\/code>,heyReach_request_utility.js<\/code>).<\/td>api.heyreach.io<\/code><\/td><\/tr>Dux-Soup Cloud plan<\/td> Reads LinkedIn session cookies, including the full LinkedIn cookie jar through cookies.getAll({domain:\"linkedin.com\"})<\/code>, then bundles session state withlocalStorage<\/code>, browser data, and browser fingerprinting data. The package is sent through the cloud-control channel when a Cloud plan is connected, and the transfer happens automatically as part of the cloud-session setup flow (sw.js<\/code>).<\/td>app.dux-soup.com<\/code><\/td><\/tr>Expandi connector ( expandi.io<\/code>)<\/td>Stores li_at<\/code>, intercepts Voyager traffic through injected code, collects profile data, and forwards the session bundle to Expandi\u2019s cloud environment (background.js<\/code>,linkedin\/injected.js<\/code>,content.js<\/code>).<\/td>app.expandi.io<\/code><\/td><\/tr>Apollo<\/td> Does not request cookies permission. It uses LinkedIn through the logged-in browser context with credentials:\"include\"<\/code> or same-origin authentication, without exporting session cookies.<\/td>app.apollo.io<\/code> (results only)<\/td><\/tr>PhantomBuster<\/td> Does not silently upload sessions, but auto-fills LinkedIn cookies into setup fields on PhantomBuster pages for one-click transfer ( contentscript.js<\/code>).<\/td>phantombuster.com<\/code><\/td><\/tr>Expandi AI, non-official ( expandi.ai<\/code>)<\/td>Uses a page bridge that exposes all available cookies to app.expandi.ai<\/code>. The background code calls unfilteredchrome.cookies.getAll({})<\/code>, returning the full browser cookie jar (KonnectorContent.js<\/code>,background.js<\/code>).<\/td>app.expandi.ai<\/code><\/td><\/tr>Octopus CRM<\/td> Does not request cookies permission. It uses local Voyager requests with browser-managed authentication and sends only results to the vendor API ( content.js<\/code>,main-es2018...js<\/code>).<\/td>api.octopuscrm.io<\/code> (results only)<\/td><\/tr>GetProspect<\/td> Does not request cookies permission. It performs local Voyager requests through browser session state and does not export li_at<\/code> (foreground.bundle.js<\/code>, manifest audit).<\/td>api.getprospect.com<\/code> (results only)<\/td><\/tr>Findymail<\/td> Derives CSRF tokens from local JSESSIONID<\/code> access throughdocument.cookie<\/code>. It does not request cookies permission and does not export the LinkedIn session (salesnav_profile.js<\/code>,manifest.json<\/code>).<\/td>app.findymail.com<\/code> (results only)<\/td><\/tr>Lusha<\/td> Has no LinkedIn cookie access. It uses authenticated requests against Lusha-owned services only ( background.js<\/code>,manifest.json<\/code>).<\/td>plugin-services.lusha.com<\/code><\/td><\/tr>ZoomInfo<\/td> Does not request cookies permission and showed no LinkedIn session access in the manifest or audit traces.<\/td> zoominfo.com<\/code> (results only)<\/td><\/tr>Dux-Soup Turbo, Pro, and Free<\/td> Uses local-browser automation mode. Voyager interception happens in the user\u2019s browser, with no cloud session upload found in this mode.<\/td> Not applicable<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n <\/span>Expandi: The Most Interesting Case in the Dataset<\/span><\/h3>\n\n\n\n
Expandi<\/strong> (via Expandi connector extension<\/strong>) deserves a closer look because it shows several techniques used in the LinkedIn automation market. Those techniques may reduce some risks, but they can also leave signals that detection systems can observe.<\/p>\n\n\n\n
Understanding how those techniques work and where they still leave signals behind provides a useful framework for evaluating every other automation tool.<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.linkedhelper.com\/blog\/wp-content\/uploads\/2026\/06\/image-6-1024x295.png\")
<\/figure>\n\n\n\nExpandi Connector Chrome Extension Data Flow, reconstructed by code audit. Red nodes show your LinkedIn session or data leaving for a vendor\u2019s cloud. Grey nodes show data that stays in your browser.<\/em><\/p>\n\n\n\n
<\/span>Technique 1: Inject a Script Into LinkedIn\u2019s Page Context<\/span><\/h4>\n\n\n\n
A content script normally lives in an isolated world and cannot touch the page\u2019s
XMLHttpRequest<\/code>.<\/p>\n\n\n\nTo work around that limit, Expandi injects a real
<script src=\"chrome-extension:\/\/ohcplcf\u2026\/linkedin\/injected.js\"><\/code> node into the live DOM (linkedin\/content.js:2-7<\/code>).<\/p>\n\n\n\nThat node carries a literal
chrome-extension:\/\/<\/code> URL inside the page. LinkedIn\u2019s Spectroscopy scanner (\u00a72.2<\/a>) can passively walk the DOM, look for that substring, extract the 32-character extension ID, and report it.<\/p>\n\n\n\nNo target list is needed for this detection path. A claim such as \u201cwe\u2019re not on the AED list\u201d does not settle the issue if the extension injects a visible
chrome-extension:\/\/<\/code> resource. In that case, the delivery method becomes the footprint.<\/p>\n\n\n\nConfidence:<\/strong> Found in code. The injection is explicit, and the Spectroscopy mechanism is documented in the BrowserGate production-code analysis.<\/p>\n\n\n\n
<\/span>Technique 2: Monkey-Patch
XMLHttpRequest.prototype.send<\/code><\/span><\/h4>\n\n\n\nExpandi\u2019s
injected.js:3-27<\/code> overrides the page\u2019s nativesend<\/code> method, so every Voyager API response your browser fetches can be copied out to the extension. The patch runs in the same global context as LinkedIn\u2019s own JavaScript, which is the point of injecting the script into the page.<\/p>\n\n\n\nA patched
- The extension can also remain visible to LinkedIn\u2019s extension scanners, which we cover in \u00a72.1<\/a> and \u00a72.2<\/a>.<\/li>\n<\/ul>\n\n\n\n
- A bare Voyager request without the surrounding page traffic can create an unnatural request pattern, which we cover in \u00a72.7<\/a>.<\/li>\n\n\n\n
- Cookie-bridge tools create one of the highest-risk setups.<\/strong> These extensions read your LinkedIn