diff --git a/webapp/_webapp/package.json b/webapp/_webapp/package.json
index 36700900..5630d99b 100644
--- a/webapp/_webapp/package.json
+++ b/webapp/_webapp/package.json
@@ -6,11 +6,13 @@
   "scripts": {
     "dev": "nodemon --watch src --ext ts,js,tsx,jsx,json --exec 'npm run build'",
     "dev:chat": "vite dev --config vite.config.dev.ts",
-    "build": "tsc -b && npm run _build:default && npm run _build:background && npm run _build:intermediate",
+    "build": "tsc -b && npm run _build:default && npm run _build:background && npm run _build:intermediate && npm run _build:settings && npm run _build:popup",
     "_build": "vite build",
     "_build:default": "VITE_CONFIG=default npm run _build",
     "_build:background": "VITE_CONFIG=background npm run _build",
     "_build:intermediate": "VITE_CONFIG=intermediate npm run _build",
+    "_build:settings": "VITE_CONFIG=settings npm run _build",
+    "_build:popup": "VITE_CONFIG=popup npm run _build",
     "lint": "eslint .",
     "format": "prettier --write .",
     "build:local:chrome": "bash -c 'source ./scripts/build-local-chrome.sh'",
diff --git a/webapp/_webapp/public/images/locator.png b/webapp/_webapp/public/images/locator.png
new file mode 100644
index 00000000..3fabbdcd
Binary files /dev/null and b/webapp/_webapp/public/images/locator.png differ
diff --git a/webapp/_webapp/public/popup.html b/webapp/_webapp/public/popup.html
index 68a152fe..3ec37553 100644
--- a/webapp/_webapp/public/popup.html
+++ b/webapp/_webapp/public/popup.html
@@ -3,112 +3,10 @@
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>PaperDebugger</title>
-    <link href="https://fonts.googleapis.com/css2?family=Exo+2:wght@600&display=swap" rel="stylesheet" />
-    <style>
-      html,
-      body {
-        height: 100%;
-        margin: 0;
-        padding: 0;
-      }
-      body {
-        padding: 1rem;
-        padding-left: 1.5rem;
-        min-width: 280px;
-        max-width: 340px;
-        min-height: 220px;
-        background: #fafafa;
-        color: #222;
-        font-family:
-          "Exo 2",
-          -apple-system,
-          BlinkMacSystemFont,
-          "Segoe UI",
-          Roboto,
-          "Helvetica Neue",
-          Arial,
-          sans-serif;
-        border: 1px solid #ececec;
-        box-sizing: border-box;
-        display: flex;
-        flex-direction: column;
-        justify-content: space-between;
-        height: 100%;
-      }
-      .title {
-        font-size: 1.5rem;
-        font-weight: 600;
-        letter-spacing: 0.02em;
-        text-align: left;
-        font-family: "Exo 2", sans-serif;
-      }
-      .subtitle {
-        font-size: 1rem;
-        font-weight: 600;
-        letter-spacing: 0.02em;
-        text-align: left;
-        font-family: "Exo 2", sans-serif;
-      }
-      .steps {
-        margin: 0.5rem 0 0 0;
-        padding: 0 0rem;
-        flex: 1;
-      }
-      .step {
-        font-size: 0.9rem;
-        font-weight: 400;
-        margin-bottom: 0.7rem;
-        line-height: 1.5;
-        border-left: 3px solid #e0e0e0;
-        padding-left: 0.7em;
-        background: none;
-        border-radius: 0;
-      }
-      .step strong {
-        color: #3b82f6;
-        font-weight: 600;
-        margin-right: 0.3em;
-      }
-      .footer {
-        font-size: 0.75rem;
-        text-align: right;
-        font-weight: 100;
-        color: #888;
-        padding: 0.7rem 1.2rem 1.1rem 0;
-        border-top: 1px solid #ececec;
-        background: none;
-        border-radius: 0;
-        letter-spacing: 0.01em;
-      }
-      .highlight {
-        color: #3b82f6;
-        font-weight: 600;
-      }
-      .noselect {
-        -webkit-user-select: none;
-        -moz-user-select: none;
-        -ms-user-select: none;
-        user-select: none;
-      }
-      .nodrag {
-        -webkit-user-drag: none;
-        -webkit-user-select: none;
-        -webkit-user-select: none;
-      }
-    </style>
+    <title>PaperDebugger Popup</title>
   </head>
-  <body oncontextmenu="return false" class="nodrag">
-    <div oncontextmenu="return false" class="title noselect">PaperDebugger</div>
-    <div class="subtitle noselect">How to use</div>
-    <div class="steps noselect">
-      <div class="step">
-        <strong>1.</strong>In
-        <a class="highlight nodrag" href="https://overleaf.com/project" target="_blank">overleaf.com</a>, open any of
-        your projects.
-      </div>
-      <div class="step"><strong>2.</strong>PaperDebugger is in the <b>top left</b> of the project page.</div>
-    </div>
-    <div class="footer noselect">Happy writing!</div>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="popup.js"></script>
   </body>
 </html>
diff --git a/webapp/_webapp/public/settings.html b/webapp/_webapp/public/settings.html
new file mode 100644
index 00000000..d491382c
--- /dev/null
+++ b/webapp/_webapp/public/settings.html
@@ -0,0 +1,12 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>PaperDebugger Settings</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="settings.js"></script>
+  </body>
+</html>
diff --git a/webapp/_webapp/src/background.ts b/webapp/_webapp/src/background.ts
index cda95898..74847df2 100644
--- a/webapp/_webapp/src/background.ts
+++ b/webapp/_webapp/src/background.ts
@@ -17,6 +17,7 @@
 import { getAllCookies } from "./libs/browser";
 import { HANDLER_NAMES } from "./shared/constants";
 import { blobToBase64 } from "./libs/helpers";
+import { registerContentScripts } from "./libs/permissions";
 
 export type Handler<A, T> = {
   name: string;
@@ -78,12 +79,50 @@ export const fetchImageHandler: Handler<string, string> = {
   },
 };
 
+const registerContentScriptsIfPermitted = async () => {
+  try {
+    const { origins = [] } = await chrome.permissions.getAll();
+    if (!origins.length) {
+      console.log("[PaperDebugger] No origins found, skipping content script registration");
+      return;
+    }
+    await registerContentScripts(origins);
+  } catch (error) {
+    console.error("[PaperDebugger] Unable to register content scripts", error);
+  }
+};
+
+export const requestHostPermissionHandler: Handler<string, boolean> = {
+  name: HANDLER_NAMES.REQUEST_HOST_PERMISSION,
+  handler: async (origin, sendResponse) => {
+    const granted = await chrome.permissions.request({ origins: [origin] });
+    if (granted) {
+      // chrome.permissions.request requires a user gesture context, the requestHostPermissionHandler is in the background script
+      // and called via async messaging from the settings page.
+      // Here we must register content scripts because when a message is sent through chrome.runtime.sendMessage,
+      // the user gesture context is not preserved in the background script handler,
+      // causing the permission request to fail with "This function must be called during a user gesture."
+      // The permission request needs to be called directly from the settings page where the user click occurs,
+      // not delegated to the background script.
+      // Therefore, we must register content scripts here.
+      await registerContentScriptsIfPermitted();
+    }
+    sendResponse(granted);
+  },
+};
+
 // @ts-expect-error: browser may not be defined in all environments
 const browserAPI = typeof browser !== "undefined" ? browser : chrome;
 
 browserAPI.runtime?.onMessage?.addListener(
   (request: { action: string; args: unknown }, _: unknown, sendResponse: (response: unknown) => void) => {
-    const handlers = [getCookiesHandler, getUrlHandler, getOrCreateSessionIdHandler, fetchImageHandler];
+    const handlers = [
+      getCookiesHandler,
+      getUrlHandler,
+      getOrCreateSessionIdHandler,
+      fetchImageHandler,
+      requestHostPermissionHandler,
+    ];
 
     const handler = handlers.find((h) => h.name === request.action) as HandlerAny;
     if (!handler) {
@@ -100,3 +139,5 @@ browserAPI.runtime?.onMessage?.addListener(
     return true;
   },
 );
+
+registerContentScriptsIfPermitted();
diff --git a/webapp/_webapp/src/intermediate.ts b/webapp/_webapp/src/intermediate.ts
index 5c3c5afd..70d2b617 100644
--- a/webapp/_webapp/src/intermediate.ts
+++ b/webapp/_webapp/src/intermediate.ts
@@ -104,3 +104,4 @@ export { getCookies };
 export const getUrl = makeFunction<string, string>(HANDLER_NAMES.GET_URL);
 export const getOrCreateSessionId = makeFunction<void, string>(HANDLER_NAMES.GET_OR_CREATE_SESSION_ID);
 export const fetchImage = makeFunction<string, string>(HANDLER_NAMES.FETCH_IMAGE);
+export const requestHostPermission = makeFunction<string, boolean>(HANDLER_NAMES.REQUEST_HOST_PERMISSION);
diff --git a/webapp/_webapp/src/libs/manifest.ts b/webapp/_webapp/src/libs/manifest.ts
index e472aad8..2965ecd0 100644
--- a/webapp/_webapp/src/libs/manifest.ts
+++ b/webapp/_webapp/src/libs/manifest.ts
@@ -10,6 +10,9 @@ export function getManifest() {
   // This is the version on github tag.
   manifestJSON.version = semver.clean(version || "") || "0.0.0";
 
+  // @ts-expect-error we don't use this variable permissions_explanation
+  delete manifestJSON.permissions_explanation;
+
   if (betaBuild === "true") {
     manifestJSON.version_name = `v${manifestJSON.version}-${monorepoRevision}-beta`;
     manifestJSON.name = "PaperDebugger BETA";
diff --git a/webapp/_webapp/src/libs/permissions.ts b/webapp/_webapp/src/libs/permissions.ts
new file mode 100644
index 00000000..fc2d5eeb
--- /dev/null
+++ b/webapp/_webapp/src/libs/permissions.ts
@@ -0,0 +1,37 @@
+// can not running in content_script. registerContentScripts can only be called in service_worker.
+export async function registerContentScripts(origins?: string[]) {
+  try {
+    const resolvedOrigins = origins ?? (await chrome.permissions.getAll()).origins ?? [];
+    if (resolvedOrigins.length === 0) {
+      console.log("[PaperDebugger] No origins found, skipping content script registration");
+      return;
+    }
+
+    const scriptIds = (await chrome.scripting.getRegisteredContentScripts()).map((script) => script.id);
+    if (scriptIds.length > 0) {
+      console.log("[PaperDebugger] Unregistering dynamic content scripts", scriptIds);
+      await chrome.scripting.unregisterContentScripts({ ids: scriptIds });
+    }
+
+    await chrome.scripting.registerContentScripts([
+      {
+        id: "content-script-main",
+        js: ["paperdebugger.js"],
+        persistAcrossSessions: true,
+        matches: resolvedOrigins,
+        world: "MAIN",
+      },
+      {
+        id: "content-script-intermediate",
+        js: ["intermediate.js"],
+        persistAcrossSessions: true,
+        matches: resolvedOrigins,
+        runAt: "document_start",
+      },
+    ]);
+
+    console.log("[PaperDebugger] Registration complete", resolvedOrigins);
+  } catch (error) {
+    console.error("[PaperDebugger] Failed to register content scripts", error);
+  }
+}
diff --git a/webapp/_webapp/src/main.tsx b/webapp/_webapp/src/main.tsx
index f8678532..f699ded1 100644
--- a/webapp/_webapp/src/main.tsx
+++ b/webapp/_webapp/src/main.tsx
@@ -156,6 +156,8 @@ export const Main = () => {
   );
 };
 
+console.log("[PaperDebugger] PaperDebugger injected, find toolbar-left or ide-redesign-toolbar-menu-bar to add button");
+
 if (!import.meta.env.DEV) {
   onElementAppeared(".toolbar-left .toolbar-item, .ide-redesign-toolbar-menu-bar", () => {
     logInfo("initializing");
diff --git a/webapp/_webapp/src/manifest.json b/webapp/_webapp/src/manifest.json
index 7ca2c9d1..4d060a4f 100644
--- a/webapp/_webapp/src/manifest.json
+++ b/webapp/_webapp/src/manifest.json
@@ -11,29 +11,20 @@
     "48": "images/logo-1024.png"
   },
   "host_permissions": ["*://*.overleaf.com/"],
-  "permissions": ["cookies", "storage"],
+  "optional_host_permissions": ["*://*/*"],
+  "permissions_explanation": "The optional_host_permissions pattern '*://*/*' allows the extension to request access to any website. This is necessary to support self-hosted Overleaf instances and similar use cases. Users will be prompted to grant access only when needed. Please review the extension documentation for details on security and privacy implications.",
+  "permissions": ["cookies", "storage", "scripting", "activeTab"],
+  "options_page": "settings.html",
   "action": {
     "default_popup": "popup.html"
   },
   "background": {
     "service_worker": "background.js"
   },
-  "content_scripts": [
-    {
-      "js": ["paperdebugger.js"],
-      "matches": ["https://*.overleaf.com/project/*"],
-      "world": "MAIN"
-    },
-    {
-      "js": ["intermediate.js"],
-      "matches": ["https://*.overleaf.com/project/*"],
-      "run_at": "document_start"
-    }
-  ],
   "web_accessible_resources": [
     {
       "resources": ["images/*"],
-      "matches": ["https://*.overleaf.com/*"]
+      "matches": ["*://*/*"]
     }
   ],
   "key": "[AUTO-GENERATED]"
diff --git a/webapp/_webapp/src/shared/constants.ts b/webapp/_webapp/src/shared/constants.ts
index 279cda07..37e8ed9c 100644
--- a/webapp/_webapp/src/shared/constants.ts
+++ b/webapp/_webapp/src/shared/constants.ts
@@ -3,4 +3,5 @@ export const HANDLER_NAMES = {
   GET_URL: "getUrl",
   GET_OR_CREATE_SESSION_ID: "getOrCreateSessionId",
   FETCH_IMAGE: "fetchImage",
+  REQUEST_HOST_PERMISSION: "requestHostPermission",
 } as const;
diff --git a/webapp/_webapp/src/views/extension-popup/app.css b/webapp/_webapp/src/views/extension-popup/app.css
new file mode 100644
index 00000000..cbaf285f
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-popup/app.css
@@ -0,0 +1,105 @@
+.popup-shell {
+  font-family:
+    "Inter",
+    system-ui,
+    -apple-system,
+    BlinkMacSystemFont,
+    "Segoe UI",
+    sans-serif;
+  color: #212529;
+  background-color: #ffffff;
+  padding: 14px 12px;
+  max-width: 700px;
+  line-height: 1.2;
+}
+
+.title {
+  margin: 0 0 6px;
+  font-size: 24px;
+  font-weight: 800;
+}
+
+.subtitle {
+  margin: 0 0 18px;
+  font-size: 14px;
+  font-weight: 700;
+  color: #1f2933;
+}
+
+.steps {
+  display: flex;
+  flex-direction: column;
+  gap: 14px;
+}
+
+.step {
+  display: flex;
+  align-items: flex-start;
+  gap: 12px;
+  padding-left: 14px;
+  border-left: 4px solid #e5e7eb;
+}
+
+.step-number {
+  color: #1f7aec;
+  font-weight: 800;
+  font-size: 14px;
+  min-width: 14px;
+}
+
+.step-text {
+  margin: 0;
+  font-size: 14px;
+  color: #1f2933;
+}
+
+.step-link {
+  color: #1f7aec;
+  text-decoration: none;
+}
+
+.step-link:hover {
+  text-decoration: underline;
+}
+
+.cta-button {
+  margin: 16px 0;
+  width: 100%;
+  padding: 12px 14px;
+  border: none;
+  border-radius: 10px;
+  background-color: #1f7aec;
+  color: #ffffff;
+  font-size: 16px;
+  font-weight: 700;
+  cursor: pointer;
+  transition:
+    background-color 0.15s ease,
+    transform 0.1s ease;
+}
+
+.cta-button:hover {
+  background-color: #1664c2;
+  transform: translateY(-1px);
+}
+
+.footnote {
+  font-size: 12px;
+  color: #6c757d;
+  margin-top: 12px;
+}
+
+.noselect {
+  -webkit-touch-callout: none;
+  /* iOS Safari */
+  -webkit-user-select: none;
+  /* Safari */
+  -khtml-user-select: none;
+  /* Konqueror HTML */
+  -moz-user-select: none;
+  /* Firefox */
+  -ms-user-select: none;
+  /* Internet Explorer/Edge */
+  user-select: none;
+  /* Non-prefixed version, currently supported by Chrome and Opera */
+}
diff --git a/webapp/_webapp/src/views/extension-popup/app.tsx b/webapp/_webapp/src/views/extension-popup/app.tsx
new file mode 100644
index 00000000..63fb185d
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-popup/app.tsx
@@ -0,0 +1,25 @@
+import { StrictMode } from "react";
+import { createRoot } from "react-dom/client";
+import { Providers } from "../../providers";
+import { ExtensionPopup } from "./components/ExtensionPopup";
+import "./app.css";
+
+const rootElement = document.getElementById("root");
+if (!rootElement) {
+  throw new Error("Root element not found");
+}
+
+const root = createRoot(rootElement);
+root.render(
+  import.meta.env.DEV ? (
+    <StrictMode>
+      <Providers>
+        <ExtensionPopup />
+      </Providers>
+    </StrictMode>
+  ) : (
+    <Providers>
+      <ExtensionPopup />
+    </Providers>
+  ),
+);
diff --git a/webapp/_webapp/src/views/extension-popup/components/ExtensionPopup.tsx b/webapp/_webapp/src/views/extension-popup/components/ExtensionPopup.tsx
new file mode 100644
index 00000000..11a25638
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-popup/components/ExtensionPopup.tsx
@@ -0,0 +1,69 @@
+import { Steps, Step } from "./Steps";
+
+const steps: Step[] = [
+  {
+    number: 1,
+    content: (
+      <>
+        In{" "}
+        <a className="step-link" href="https://overleaf.com" target="_blank" rel="noreferrer">
+          overleaf.com
+        </a>
+        , open any of your projects.
+      </>
+    ),
+  },
+  {
+    number: 2,
+    content: <>PaperDebugger is in the "top left" of the project page.</>,
+  },
+];
+
+export const ExtensionPopup = () => {
+  const openSettingsPage = () => {
+    const runtime = typeof chrome !== "undefined" ? chrome.runtime : undefined;
+    const url = runtime?.getURL?.("settings.html") ?? "/settings.html";
+
+    if (runtime?.openOptionsPage) {
+      runtime.openOptionsPage();
+      return;
+    }
+
+    window.open(url, "_blank", "noopener,noreferrer");
+  };
+
+  const settingsUrl =
+    (typeof chrome !== "undefined" ? chrome.runtime?.getURL?.("settings.html") : undefined) ?? "/settings.html";
+
+  return (
+    <div className="popup-shell noselect">
+      <h1 className="title">PaperDebugger</h1>
+      <h2 className="subtitle">How to use</h2>
+      <Steps steps={steps} />
+
+      <img
+        src="images/locator.png"
+        alt="PaperDebugger Location"
+        style={{
+          width: "100%",
+        }}
+      />
+
+      <p className="footnote" style={{ marginTop: "12px" }}>
+        Self-hosted Overleaf?{" "}
+        <a
+          className="step-link"
+          href={settingsUrl}
+          target="_blank"
+          rel="noreferrer"
+          onClick={(e) => {
+            e.preventDefault();
+            openSettingsPage();
+          }}
+        >
+          Allow PaperDebugger access here.
+        </a>
+      </p>
+    </div>
+  );
+};
diff --git a/webapp/_webapp/src/views/extension-popup/components/StepItem.tsx b/webapp/_webapp/src/views/extension-popup/components/StepItem.tsx
new file mode 100644
index 00000000..2bf7ec68
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-popup/components/StepItem.tsx
@@ -0,0 +1,13 @@
+import { ReactNode } from "react";
+
+type StepItemProps = {
+  number: number;
+  children: ReactNode;
+};
+
+export const StepItem = ({ number, children }: StepItemProps) => (
+  <div className="step">
+    <span className="step-number">{number}.</span>
+    <p className="step-text">{children}</p>
+  </div>
+);
diff --git a/webapp/_webapp/src/views/extension-popup/components/Steps.tsx b/webapp/_webapp/src/views/extension-popup/components/Steps.tsx
new file mode 100644
index 00000000..df60b53f
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-popup/components/Steps.tsx
@@ -0,0 +1,21 @@
+import { ReactNode } from "react";
+import { StepItem } from "./StepItem";
+
+export type Step = {
+  number: number;
+  content: ReactNode;
+};
+
+type StepsProps = {
+  steps: Step[];
+};
+
+export const Steps = ({ steps }: StepsProps) => (
+  <div className="steps">
+    {steps.map((step) => (
+      <StepItem key={step.number} number={step.number}>
+        {step.content}
+      </StepItem>
+    ))}
+  </div>
+);
diff --git a/webapp/_webapp/src/views/extension-settings/app.tsx b/webapp/_webapp/src/views/extension-settings/app.tsx
new file mode 100644
index 00000000..9deeb968
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-settings/app.tsx
@@ -0,0 +1,25 @@
+import { StrictMode } from "react";
+import { createRoot } from "react-dom/client";
+import { Providers } from "../../providers";
+import { ExtensionSettings } from "./components/ExtensionSettings";
+import "../../index.css";
+
+const rootElement = document.getElementById("root");
+if (!rootElement) {
+  throw new Error("Root element not found");
+}
+
+const root = createRoot(rootElement);
+root.render(
+  import.meta.env.DEV ? (
+    <StrictMode>
+      <Providers>
+        <ExtensionSettings />
+      </Providers>
+    </StrictMode>
+  ) : (
+    <Providers>
+      <ExtensionSettings />
+    </Providers>
+  ),
+);
diff --git a/webapp/_webapp/src/views/extension-settings/components/ExtensionSettings.tsx b/webapp/_webapp/src/views/extension-settings/components/ExtensionSettings.tsx
new file mode 100644
index 00000000..7db58afb
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-settings/components/ExtensionSettings.tsx
@@ -0,0 +1,12 @@
+import { HostPermissionWidget } from "./HostPermissionWidget/HostPermissionWidget";
+
+export const ExtensionSettings = () => {
+  return (
+    <div className="min-h-screen bg-gray-50 p-5">
+      <div className="max-w-4xl mx-auto bg-white rounded-lg shadow-md p-8">
+        <h1 className="text-2xl font-semibold mb-2 text-gray-900">PaperDebugger Settings</h1>
+        <HostPermissionWidget />
+      </div>
+    </div>
+  );
+};
diff --git a/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionInput.tsx b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionInput.tsx
new file mode 100644
index 00000000..7986d078
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionInput.tsx
@@ -0,0 +1,52 @@
+import { Button, Input } from "@heroui/react";
+import React, { useCallback } from "react";
+import { getMessageClassName, useHostPermissionStore } from "./useHostPermissionStore";
+
+export const HostPermissionInput = () => {
+  const { permissionUrl, setPermissionUrl, submitPermissionRequest, isSubmitting, message } = useHostPermissionStore();
+
+  const handleKeyPress = useCallback(
+    (e: React.KeyboardEvent<HTMLInputElement>) => {
+      if (e.key === "Enter" && !isSubmitting) {
+        submitPermissionRequest();
+      }
+    },
+    [isSubmitting, submitPermissionRequest],
+  );
+
+  return (
+    <>
+      <div className="mb-4">
+        <Input
+          label="Website URL:"
+          variant="bordered"
+          color="primary"
+          radius="sm"
+          placeholder="https://www.example.com/ or https://*.example.com/*"
+          value={permissionUrl}
+          onChange={(e) => setPermissionUrl(e.target.value)}
+          onKeyDown={handleKeyPress}
+          classNames={{
+            input: "font-mono",
+          }}
+        />
+        <p className="mt-2">
+          Example: <code>*://*.overleaf.com/*</code>{" "}
+        </p>
+        <p className="mt-1">
+          Example: <code>*://sharelatex.gwdg.de/*</code>{" "}
+        </p>
+      </div>
+
+      <div className="flex gap-3 mb-4">
+        <Button onPress={submitPermissionRequest} disabled={isSubmitting} color="primary">
+          {isSubmitting ? "Requesting..." : "Request Permission"}
+        </Button>
+      </div>
+
+      {message && (
+        <div className={`p-3 rounded-md text-sm mb-4 ${getMessageClassName(message.type)}`}>{message.text}</div>
+      )}
+    </>
+  );
+};
diff --git a/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionList.tsx b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionList.tsx
new file mode 100644
index 00000000..9a7ee55d
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionList.tsx
@@ -0,0 +1,27 @@
+import { HostPermissionListItem } from "./HostPermissionListItem";
+import { useHostPermissionStore } from "./useHostPermissionStore";
+
+export const HostPermissionList = () => {
+  const { permissions, isLoadingPermissions } = useHostPermissionStore();
+
+  if (isLoadingPermissions) {
+    return <p className="text-gray-500 text-sm">Loading permissions...</p>;
+  }
+
+  if (permissions.length === 0) {
+    return (
+      <div>
+        <p className="text-gray-500 text-sm">No permissions granted yet.</p>
+        <p className="text-gray-500 text-sm">Please request permission for the website you want to use.</p>
+      </div>
+    );
+  }
+
+  return (
+    <div className="space-y-4">
+      {permissions.map((item) => (
+        <HostPermissionListItem key={item.origin} item={item} />
+      ))}
+    </div>
+  );
+};
diff --git a/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionListItem.tsx b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionListItem.tsx
new file mode 100644
index 00000000..c053a53f
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionListItem.tsx
@@ -0,0 +1,17 @@
+import { PermissionItem } from "./hostPermissionTypes";
+
+interface HostPermissionItemProps {
+  item: PermissionItem;
+}
+
+export const HostPermissionListItem = ({ item }: HostPermissionItemProps) => {
+  return (
+    <div className="bg-gray-50 border border-gray-200 rounded-md p-4 flex justify-between items-center">
+      <div className="flex-1">
+        <div className="font-medium mb-1 text-gray-900">Host Permission</div>
+        <div className="font-mono text-sm text-blue-600">{item.origin}</div>
+      </div>
+      <div className="ml-4 px-2 py-1 bg-green-100 text-green-800 text-xs rounded font-medium">Granted</div>
+    </div>
+  );
+};
diff --git a/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionWidget.tsx b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionWidget.tsx
new file mode 100644
index 00000000..8e962086
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/HostPermissionWidget.tsx
@@ -0,0 +1,32 @@
+import { useEffect } from "react";
+import { HostPermissionInput } from "./HostPermissionInput";
+import { HostPermissionList } from "./HostPermissionList";
+import { useHostPermissionStore } from "./useHostPermissionStore";
+
+export const HostPermissionWidget = () => {
+  const { message, loadPermissions, clearMessage } = useHostPermissionStore();
+
+  useEffect(() => {
+    loadPermissions();
+  }, [loadPermissions]);
+
+  useEffect(() => {
+    if (!message) return;
+    const timer = setTimeout(() => clearMessage(), 5000);
+    return () => clearTimeout(timer);
+  }, [message, clearMessage]);
+
+  return (
+    <div className="border-b border-gray-200 pb-8 mb-8">
+      <div className="text-lg font-semibold mb-2 text-gray-800">Host Permissions</div>
+      <p className="text-gray-600 text-sm mb-5 leading-relaxed">
+        Add your self-hosted Overleaf domain so PaperDebugger can interact with it.
+      </p>
+      <HostPermissionInput />
+
+      <div className="mt-5">
+        <HostPermissionList />
+      </div>
+    </div>
+  );
+};
diff --git a/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/hostPermissionTypes.ts b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/hostPermissionTypes.ts
new file mode 100644
index 00000000..7a9ea52c
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/hostPermissionTypes.ts
@@ -0,0 +1,11 @@
+export type MessageType = "success" | "error" | "info";
+
+export interface PermissionMessage {
+  text: string;
+  type: MessageType;
+}
+
+export interface PermissionItem {
+  origin: string;
+  granted: boolean;
+}
diff --git a/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/useHostPermissionStore.ts b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/useHostPermissionStore.ts
new file mode 100644
index 00000000..780e91e9
--- /dev/null
+++ b/webapp/_webapp/src/views/extension-settings/components/HostPermissionWidget/useHostPermissionStore.ts
@@ -0,0 +1,139 @@
+import { create } from "zustand";
+import { requestHostPermission } from "../../../../intermediate";
+import { PermissionItem, PermissionMessage } from "./hostPermissionTypes";
+
+const normalizeWildcardPattern = (url: string) => {
+  const trimmed = url.trim();
+  if (!trimmed) {
+    return { valid: false as const, error: "Please enter a URL" };
+  }
+
+  // Chrome host permission pattern: <scheme>://<host><path>
+  // scheme: *, http, https
+  // host: can include wildcard like *.example.com or specific domain
+  // path: must include at least /, typically /*
+  const hostPermissionPattern = /^(\*|https?):\/\/((?:\*\.)?[^/\s]+)(\/.*)?$/i;
+  const match = trimmed.match(hostPermissionPattern);
+
+  if (match) {
+    const scheme = match[1].toLowerCase();
+    const host = match[2];
+    const path = match[3] || "/*";
+    
+    // Normalize scheme (keep * as is, normalize http/https)
+    const normalizedScheme = scheme === "*" ? "*" : scheme;
+    // Ensure path ends with /* if it's just /
+    const normalizedPath = path === "/" ? "/*" : path.endsWith("/*") ? path : `${path}/*`;
+    
+    return { valid: true as const, origin: `${normalizedScheme}://${host}${normalizedPath}` };
+  }
+
+  // Try parsing as regular URL if pattern doesn't match
+  try {
+    const urlObj = new URL(trimmed);
+    if (!["http:", "https:"].includes(urlObj.protocol)) {
+      return { valid: false as const, error: "URL must start with http://, https://, or *://" };
+    }
+    return { valid: true as const, origin: `${urlObj.protocol}//${urlObj.host}/*` };
+  } catch (e) {
+    return {
+      valid: false as const,
+      error:
+        "Invalid URL. Use a full URL (e.g., https://example.com) or a wildcard pattern (e.g., https://*.example.com/*, *://*.example.com/*)",
+    };
+  }
+};
+
+interface HostPermissionState {
+  permissionUrl: string;
+  permissions: PermissionItem[];
+  isSubmitting: boolean;
+  isLoadingPermissions: boolean;
+  message: PermissionMessage | null;
+  setPermissionUrl: (value: string) => void;
+  clearMessage: () => void;
+  loadPermissions: () => Promise<void>;
+  submitPermissionRequest: () => Promise<void>;
+}
+
+const handleError = (error: unknown, defaultMessage: string): string => {
+  console.error(defaultMessage, error);
+  return error instanceof Error ? error.message : defaultMessage;
+};
+
+export const useHostPermissionStore = create<HostPermissionState>((set, get) => ({
+  permissionUrl: "",
+  permissions: [],
+  isSubmitting: false,
+  isLoadingPermissions: true,
+  message: null,
+  setPermissionUrl: (value) => set({ permissionUrl: value }),
+  clearMessage: () => set({ message: null }),
+  loadPermissions: async () => {
+    set({ isLoadingPermissions: true });
+    
+    const chromePermissions = await chrome.permissions.getAll().catch((error) => {
+      const errorMessage = handleError(error, "Error loading permissions.");
+      set({ message: { text: errorMessage, type: "error" } });
+      return null;
+    });
+
+    const origins = chromePermissions?.origins || [];
+    const permissions: PermissionItem[] = origins.map((origin) => ({ origin, granted: true }));
+    
+    set({ permissions, isLoadingPermissions: false });
+  },
+  submitPermissionRequest: async () => {
+    const { permissionUrl } = get();
+
+    if (!permissionUrl) {
+      set({ message: { text: "Please enter a URL", type: "error" } });
+      return;
+    }
+
+    const validation = normalizeWildcardPattern(permissionUrl);
+    if (!validation.valid) {
+      set({ message: { text: validation.error, type: "error" } });
+      return;
+    }
+
+    set({ message: null, isSubmitting: true });
+    const origin = validation.origin;
+
+    const alreadyGranted = await chrome.permissions.contains({ origins: [origin] }).catch(() => false);
+    if (alreadyGranted) {
+      set({ message: { text: `Permission for ${origin} is already granted.`, type: "info" }, isSubmitting: false });
+      await get().loadPermissions();
+      return;
+    }
+
+    const granted = await requestHostPermission(origin).catch((error) => {
+      const errorMessage = handleError(error, "Error requesting permission");
+      set({ message: { text: `Error: ${errorMessage}`, type: "error" }, isSubmitting: false });
+      return false;
+    });
+
+    if (granted) {
+      set({ message: { text: `Permission granted for ${origin}`, type: "success" } });
+      await get().loadPermissions();
+    } else {
+      set({ message: { text: `Permission denied for ${origin}`, type: "error" } });
+    }
+    
+    set({ isSubmitting: false });
+  },
+}));
+
+export const getMessageClassName = (type: PermissionMessage["type"]): string => {
+  switch (type) {
+    case "success":
+      return "bg-green-100 text-green-800 border border-green-300";
+    case "error":
+      return "bg-red-100 text-red-800 border border-red-300";
+    case "info":
+      return "bg-blue-100 text-blue-800 border border-blue-300";
+    default:
+      return "";
+  }
+};
+
diff --git a/webapp/_webapp/vite.config.ts b/webapp/_webapp/vite.config.ts
index c398aea8..eb0b189f 100644
--- a/webapp/_webapp/vite.config.ts
+++ b/webapp/_webapp/vite.config.ts
@@ -67,6 +67,8 @@ const configs: Record<string, UserConfig> = {
   }),
   background: generateConfig("./src/background.ts", "background"),
   intermediate: generateConfig("./src/intermediate.ts", "intermediate"),
+  settings: generateConfig("./src/views/extension-settings/app.tsx", "settings"),
+  popup: generateConfig("./src/views/extension-popup/app.tsx", "popup"),
 };
 
 const viteConfig = process.env.VITE_CONFIG || "default";