Web extensions for security consistency have a comprehensive impact. It defines the effect of security model capacity in the Web Attacker, Network Attacker and Gadget Attacker. Web extension model proposed the concept of a Web browser, server, protocol type, properties and methods. Finally, it studied using the extended model intruder server redirects the request to cross-origin resource sharing security mechanisms, and the same-origin site refer validation security mechanism, analysis of the vulnerability of the two mechanisms, and proposes ignore redirect request and suppress all outgoing refer solutions.