diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
new file mode 100644
index 0000000..3657b0b
--- /dev/null
+++ b/.github/workflows/build-release.yml
@@ -0,0 +1,35 @@
+name: Build and Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Build XPI
+        run: |
+          # Create the .xpi file by zipping contents associated with the extension
+          # Exclude git directories, DS_Store, node_modules, and the xpi itself if it exists
+          zip -r rep-plus.xpi * -x "*.git*" -x "*.DS_Store" -x "node_modules/*" -x "*.xpi" -x ".github/*"
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: rep-plus.xpi
+          draft: false
+          prerelease: false
+          generate_release_notes: true
diff --git a/README.md b/README.md
index 77a7898..2b887c8 100644
--- a/README.md
+++ b/README.md
@@ -34,11 +34,10 @@ rep+ is a lightweight Firefox DevTools extension inspired by Burp Suite's Repeat
 
 ## 🚀 Install rep+ Extension
 
-### Chrome
-[![rep+](https://img.shields.io/badge/rep%2B%20Chrome%20Extension-Install%20Now-4285F4?style=for-the-badge&logo=googlechrome&logoColor=white)](https://chromewebstore.google.com/detail/rep+/dhildnnjbegaggknfkagdpnballiepfm)
-
 ### Firefox
-Firefox install coming soon! 🦊
+🦊 **Now Available!** Clone and load manually (see [Installation](#installation) below).
+
+> **Note:** This Firefox port includes all features from the Chrome version, plus Auth Analyzer improvements.
 
 
 ## Table of Contents
@@ -65,6 +64,9 @@ Firefox install coming soon! 🦊
 - Starring for requests, pages, and domains (auto-star for new matches).
 - Timeline view (flat, chronological) to see what loaded before a request.
 - Filters: method, domain, color tags, text search, regex mode.
+- **Global Static Filter**: Toggle in "More Menu" to hide static files (images, JS, CSS) from the main list.
+- **Resizable Panels**: Main sidebar and Auth Analyzer panel can be resized by dragging the edge.
+- **Vertical Comparison**: Auth Analyzer results show Original vs Swapped responses stacked vertically for better readability.
 
 ### Views & Editing
 - Pretty / Raw / Hex views; layout toggle (horizontal/vertical).
@@ -80,6 +82,50 @@ Firefox install coming soon! 🦊
 - Mark positions with `§`, configure payloads, pause/resume long runs.
 - Response diff view to spot changes between baseline and attempts.
 
+### 🔐 Auth Analyzer (Firefox Enhanced)
+Comprehensive authentication and authorization testing toolkit inspired by Burp Suite's Auth Analyzer extension.
+
+#### Key Features
+- **Automatic Cookie Swapping**: Replay requests with different session tokens to detect authorization bypasses
+- **Real-time Analysis**: Automatically analyze all captured requests (optional with domain scope filtering)
+- **Manual Testing**: "Test Auth" button for on-demand single request analysis
+- **Response Comparison Engine**:
+  - **SAME** (🔴 Bypass): Identical responses indicate potential authorization bypass
+  - **SIMILAR** (🟡 Warning): Same status code but slightly different content (90-98% similar)
+  - **DIFFERENT** (🟢 Secure): Properly denied access
+- **Smart Normalization**: Removes dynamic content (timestamps, CSRF tokens, script tags) for accurate comparison
+- **Token Similarity Algorithm**: Uses Jaccard index on word tokens for content-aware comparison
+- **Bulk Replay**: Analyze all captured requests against a different session in one click
+- **Session Management**: Import/export session configurations
+- **Filtering Options**: Scope restriction by domain/URL pattern
+- **Static File Exclusion**: Automatically skip CSS, JS, images, and other static resources
+
+#### Workflow
+1. Configure victim/test session cookie in Auth Analyzer settings
+2. Browse application with privileged account (original session)
+3. Auth Analyzer replays each request with the victim cookie
+4. Results panel shows color-coded analysis:
+   - 🔴 **SAME**: Critical! Unauthorized access granted (potential bypass)
+   - 🟡 **SIMILAR**: Warning! Nearly identical response (investigate further)
+   - 🟢 **DIFFERENT**: Secure! Access properly denied
+
+#### Use Cases
+- **Privilege Escalation Testing**: Test if low-privilege users can access admin endpoints
+- **Horizontal Privilege Escalation**: Test cross-user data access (IDOR)
+- **Session Testing**: Verify endpoints properly check authorization
+- **Bug Bounty Automation**: Bulk test applications for authorization flaws
+
+#### Comparison Engine
+Our Firefox implementation uses an **advanced content-aware comparison** approach:
+- **Normalization**: Removes `<script>`, `<style>`, hidden inputs, timestamps before comparison
+- **Similarity Metric**: Jaccard index (token overlap) instead of byte-level comparison
+- **Advantages over Burp's Auth Analyzer**:
+  - More resilient to dynamic content (timestamps, session IDs, CSRF tokens)
+  - Fewer false positives on modern SPAs and dynamic web applications
+  - Configurable similarity thresholds (98% for SAME, 90% for SIMILAR)
+
+See [Auth Analyzer Documentation](#auth-analyzer-setup) for detailed setup and usage.
+
 ### Extractors & Search
 - Unified Extractor: secrets, endpoints, and parameters from captured JS.
 - **Secret Scanner**: entropy + patterns with confidence scores; pagination and domain filter.
@@ -193,6 +239,7 @@ Firefox install coming soon! 🦊
 1. **Clone the repository**:
    ```bash
    git clone https://github.com/bscript/rep.git
+   cd rep-firefox
    ```
 2. **Open Firefox Debugging**:
    - Navigate to `about:debugging` in your browser.
@@ -212,6 +259,30 @@ Firefox install coming soon! 🦊
 
 This combo makes rep+ handy for bug bounty hunters and vulnerability researchers who want Burp-like iteration without the heavyweight UI. Install the extension, open DevTools, head to the rep+ panel, and start hacking. 😎
 
+### Making the Extension Permanent (for Developers)
+
+The "Temporary Add-on" method requires reloading the extension every time you restart Firefox. To make it persistent:
+
+#### Option A: Firefox Developer Edition / Nightly (Recommended)
+1. Use **Firefox Developer Edition** or **Nightly**.
+2. Go to `about:config` in the address bar.
+3. Search for `xpinstall.signatures.required`.
+4. Toggle it to **false**.
+5. Zip the `rep-firefox` folder contents (select all files -> compress).
+6. Rename the `.zip` file to `rep-plus.xpi`.
+7. Go to `about:addons` -> Gear Icon -> **Install Add-on From File...**.
+8. Select your `rep-plus.xpi`.
+
+#### Option B: Standard Firefox (Self-Signing)
+If you use standard Firefox, you must sign the extension:
+1. Zip the extension files.
+2. Go to the [Mozilla Developer Hub](https://addons.mozilla.org/en-US/developers/).
+3. Login and select **"Submit a New Add-on"**.
+4. Choose **"On your own"** (Self-distribution) when asked how you want to distribute.
+5. Upload your zip file.
+6. Once the automated review passes (usually seconds), download the signed `.xpi` file.
+7. Install this signed file in your regular Firefox browser.
+
 ### Local Model (Ollama) Setup
 If you use a local model (e.g., Ollama) you must allow Firefox extensions to call it, otherwise you'll see 403/CORS errors.
 
@@ -229,6 +300,61 @@ If you use a local model (e.g., Ollama) you must allow Firefox extensions to cal
 4. Reload the extension and try again. If you still see 403, check Ollama logs for details.
 
 
+## Auth Analyzer Setup
+
+### Quick Start
+1. **Click the 🔒 Lock icon** in the sidebar to open Auth Analyzer Results panel
+2. **Click the ⚙️ Settings icon** in the results panel header to configure
+3. **Enter victim/test session cookie** (e.g., `session=abc123; role=user`)
+   - You can paste the entire `Cookie:` header line - it will be auto-sanitized
+   - Or just the cookie value
+4. **Enable Realtime Analysis** (optional):
+   - Toggle ON to automatically analyze all requests
+   - Add scope filter (e.g., `api.example.com`) to limit analysis to specific domains
+5. **Click "Save & Enable"**
+
+### Testing Methods
+
+#### Manual Testing (Recommended for Precision)
+1. Select a request in the main list
+2. Click **"Test Auth"** button (next to Send button)
+3. Request is replayed with your test session
+4. Results appear in Auth Analyzer panel
+
+#### Automatic Testing (High Coverage)
+1. Enable "Realtime Analysis" in settings
+2. Browse the application normally with your privileged account
+3. Auth Analyzer automatically tests each request with the victim session
+4. Review results in real-time
+
+#### Bulk Testing (Retroactive)
+1. Capture requests normally (browse the app)
+2. Open Auth Analyzer Settings
+3. Scroll to "Bulk Replay" section
+4. Enter target domains (comma-separated, optional)
+5. Click **"Run Bulk Replay"**
+6. All matching requests are tested against the victim session
+
+### Reading Results
+- **🔴 SAME**: Response identical to original → **Potential Authorization Bypass!**
+  - Same status code (e.g., 200 OK)
+  - Same response body (after normalization)
+  - **Action**: Investigate immediately - likely unauthorized access
+- **🟡 SIMILAR**: Response very similar (90-98%) → **Warning**
+  - Same status code
+  - Slight content differences (may be timestamps, dynamic IDs)
+  - **Action**: Manual review recommended
+- **🟢 DIFFERENT**: Response differs → **Properly Secured**
+  - Different status code (e.g., 403 vs 200) OR
+  - Significantly different body content
+  - **Action**: Authorization working correctly
+
+### Tips
+- **Clear Cookie Headers**: The tool automatically removes existing cookie headers before swapping to avoid conflicts
+- **Static Files**: Use the "Filter Static Files" checkbox in Auth Analyzer Config OR the global toggle in the "More Menu" to ignore static resources
+- **Scope**: Use realtime scope filtering to focus on specific API endpoints or subdomains
+- **Export Results**: Results are stored per session - you can export via Storage API
+
 ## Permissions & Privacy
 - **Optional**: `webRequest` + `<all_urls>` only when you enable multi-tab capture.  
 - **Data**: Stored locally; no tracking/analytics.  
@@ -248,7 +374,7 @@ rep+ is best for quick testing, replaying, and experimenting — not full low-le
 
 ## Star History
 
-[![Star History Chart](https://api.star-history.com/svg?repos=repplus/rep-firefox&type=date)](https://www.star-history.com/#repplus/rep-firefox&type=date)
+[![Star History Chart](https://api.star-history.com/svg?repos=bscript/rep&type=date)](https://www.star-history.com/#bscript/rep&type=date)
 
 
 ## Found a Bug or Issue?
diff --git a/background.js b/background.js
index 3e610b9..800338e 100644
--- a/background.js
+++ b/background.js
@@ -23,17 +23,17 @@ browser.runtime.onConnect.addListener((port) => {
             // Handle local model request via port
             const requestId = msg.requestId || `local-${Date.now()}-${Math.random()}`;
             console.log('Background: Received local model request', requestId, 'URL:', msg.url, 'Body:', JSON.stringify(msg.body).substring(0, 100));
-            
+
             // Check if port is still connected before making request
             if (!port || !port.onDisconnect) {
                 console.error('Background: Port already disconnected');
                 return;
             }
-            
+
             // Proxy the request to localhost
             // Note: Background scripts need host_permissions for localhost in MV3
             // Support both old format (prompt) and new format (messages array)
-            const requestBody = msg.body.messages 
+            const requestBody = msg.body.messages
                 ? {
                     model: msg.body.model,
                     messages: msg.body.messages,
@@ -44,9 +44,9 @@ browser.runtime.onConnect.addListener((port) => {
                     prompt: msg.body.prompt,
                     stream: msg.body.stream !== undefined ? msg.body.stream : true
                 };
-            
+
             console.log('Background: Sending fetch request to', msg.url, 'with body:', JSON.stringify(requestBody).substring(0, 200));
-            
+
             // Try to match curl's request format exactly
             fetch(msg.url, {
                 method: 'POST',
@@ -59,123 +59,123 @@ browser.runtime.onConnect.addListener((port) => {
                 credentials: 'omit',
                 referrerPolicy: 'no-referrer'
             })
-            .then(response => {
-                console.log('Background: Fetch response status', response.status);
-                // Log response headers for debugging
-                const responseHeaders = {};
-                response.headers.forEach((value, key) => {
-                    responseHeaders[key] = value;
-                });
-                console.log('Background: Response headers:', responseHeaders);
-                
-                if (!response.ok) {
-                    return response.text().then(text => {
-                        console.error('Background: Fetch failed with status', response.status, 'Response body length:', text?.length || 0, 'Response body:', text || '(empty)');
-                        // Provide more helpful error message
-                        let errorMsg = `Request failed with status ${response.status}`;
-                        if (text && text.trim()) {
-                            try {
-                                const errorData = JSON.parse(text);
-                                errorMsg = errorData.error || errorData.message || errorMsg;
-                            } catch (e) {
-                                errorMsg = text.length > 200 ? text.substring(0, 200) + '...' : text;
-                            }
-                        } else if (response.status === 403) {
-                            errorMsg = '403 Forbidden: Ollama is blocking the request. ' +
-                                'This might be due to CORS or security settings. ' +
-                                'Try restarting Ollama with: OLLAMA_ORIGINS="*" ollama serve ' +
-                                'Or check Ollama configuration for access restrictions.';
-                        }
-                        throw new Error(errorMsg);
+                .then(response => {
+                    console.log('Background: Fetch response status', response.status);
+                    // Log response headers for debugging
+                    const responseHeaders = {};
+                    response.headers.forEach((value, key) => {
+                        responseHeaders[key] = value;
                     });
-                }
-                return response.body;
-            })
-            .then(body => {
-                if (!body) {
-                    throw new Error('No response body received');
-                }
-                
-                // Stream the response back via this specific port
-                const reader = body.getReader();
-                const decoder = new TextDecoder();
-                let hasError = false;
-                
-                function readChunk() {
-                    if (hasError) return;
-                    
-                    reader.read().then(({ done, value }) => {
-                        if (done) {
-                            // Send final message
+                    console.log('Background: Response headers:', responseHeaders);
+
+                    if (!response.ok) {
+                        return response.text().then(text => {
+                            console.error('Background: Fetch failed with status', response.status, 'Response body length:', text?.length || 0, 'Response body:', text || '(empty)');
+                            // Provide more helpful error message
+                            let errorMsg = `Request failed with status ${response.status}`;
+                            if (text && text.trim()) {
+                                try {
+                                    const errorData = JSON.parse(text);
+                                    errorMsg = errorData.error || errorData.message || errorMsg;
+                                } catch (e) {
+                                    errorMsg = text.length > 200 ? text.substring(0, 200) + '...' : text;
+                                }
+                            } else if (response.status === 403) {
+                                errorMsg = '403 Forbidden: Ollama is blocking the request. ' +
+                                    'This might be due to CORS or security settings. ' +
+                                    'Try restarting Ollama with: OLLAMA_ORIGINS="*" ollama serve ' +
+                                    'Or check Ollama configuration for access restrictions.';
+                            }
+                            throw new Error(errorMsg);
+                        });
+                    }
+                    return response.body;
+                })
+                .then(body => {
+                    if (!body) {
+                        throw new Error('No response body received');
+                    }
+
+                    // Stream the response back via this specific port
+                    const reader = body.getReader();
+                    const decoder = new TextDecoder();
+                    let hasError = false;
+
+                    function readChunk() {
+                        if (hasError) return;
+
+                        reader.read().then(({ done, value }) => {
+                            if (done) {
+                                // Send final message
+                                try {
+                                    port.postMessage({
+                                        type: 'local-model-stream-done',
+                                        requestId: requestId
+                                    });
+                                    console.log('Background: Sent stream-done for', requestId);
+                                } catch (e) {
+                                    console.error('Background: Error sending stream-done', e);
+                                    hasError = true;
+                                }
+                                return;
+                            }
+
+                            const chunk = decoder.decode(value, { stream: true });
+                            // Send chunk message
                             try {
-                                port.postMessage({ 
-                                    type: 'local-model-stream-done',
+                                port.postMessage({
+                                    type: 'local-model-stream-chunk',
+                                    chunk: chunk,
                                     requestId: requestId
                                 });
-                                console.log('Background: Sent stream-done for', requestId);
                             } catch (e) {
-                                console.error('Background: Error sending stream-done', e);
+                                console.error('Background: Port disconnected during streaming', e);
                                 hasError = true;
+                                reader.cancel().catch(() => { });
+                                return;
                             }
-                            return;
-                        }
-                        
-                        const chunk = decoder.decode(value, { stream: true });
-                        // Send chunk message
-                        try {
-                            port.postMessage({ 
-                                type: 'local-model-stream-chunk', 
-                                chunk: chunk,
-                                requestId: requestId
-                            });
-                        } catch (e) {
-                            console.error('Background: Port disconnected during streaming', e);
+
+                            // Continue reading
+                            readChunk();
+                        }).catch(error => {
+                            console.error('Background: Error reading chunk', error);
                             hasError = true;
-                            reader.cancel().catch(() => {});
-                            return;
-                        }
-                        
-                        // Continue reading
-                        readChunk();
-                    }).catch(error => {
-                        console.error('Background: Error reading chunk', error);
-                        hasError = true;
-                        try {
-                            port.postMessage({ 
-                                type: 'local-model-stream-error', 
-                                error: error.message,
-                                requestId: requestId
-                            });
-                        } catch (e) {
-                            console.error('Background: Error sending error message', e);
-                        }
-                    });
-                }
-                
-                readChunk();
-            })
-            .catch(error => {
-                console.error('Background: Fetch error', error, error.stack);
-                let errorMessage = error.message || 'Failed to fetch from local model API';
-                
-                // Provide helpful error message for CORS issues
-                if (errorMessage.includes('CORS') || errorMessage.includes('Failed to fetch')) {
-                    errorMessage = 'CORS error: Ollama needs to allow CORS. ' +
-                        'Start Ollama with: OLLAMA_ORIGINS="moz-extension://*" ollama serve ' +
-                        'Or configure your Ollama server to send CORS headers. ' +
-                        'Original error: ' + errorMessage;
-                }
-                
-                try {
-                    port.postMessage({ 
-                        type: 'local-model-error', 
-                        error: errorMessage,
-                        requestId: requestId
-                    });
-                } catch (e) {
-                    console.error('Background: Port disconnected, cannot send error', e);
-                }
-            });
+                            try {
+                                port.postMessage({
+                                    type: 'local-model-stream-error',
+                                    error: error.message,
+                                    requestId: requestId
+                                });
+                            } catch (e) {
+                                console.error('Background: Error sending error message', e);
+                            }
+                        });
+                    }
+
+                    readChunk();
+                })
+                .catch(error => {
+                    console.error('Background: Fetch error', error, error.stack);
+                    let errorMessage = error.message || 'Failed to fetch from local model API';
+
+                    // Provide helpful error message for CORS issues
+                    if (errorMessage.includes('CORS') || errorMessage.includes('Failed to fetch')) {
+                        errorMessage = 'CORS error: Ollama needs to allow CORS. ' +
+                            'Start Ollama with: OLLAMA_ORIGINS="moz-extension://*" ollama serve ' +
+                            'Or configure your Ollama server to send CORS headers. ' +
+                            'Original error: ' + errorMessage;
+                    }
+
+                    try {
+                        port.postMessage({
+                            type: 'local-model-error',
+                            error: errorMessage,
+                            requestId: requestId
+                        });
+                    } catch (e) {
+                        console.error('Background: Port disconnected, cannot send error', e);
+                    }
+                });
         }
     });
 });
@@ -184,7 +184,7 @@ browser.runtime.onConnect.addListener((port) => {
 browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
     if (request.type === 'local-model-request') {
         const requestId = request.requestId || `local-${Date.now()}-${Math.random()}`;
-        
+
         // Proxy the request to localhost (service workers can bypass CORS)
         fetch(request.url, {
             method: 'POST',
@@ -193,27 +193,44 @@ browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
             },
             body: JSON.stringify(request.body)
         })
-        .then(response => {
-            if (!response.ok) {
-                return response.text().then(text => {
-                    throw new Error(text || 'Request failed');
-                });
-            }
-            return response.body;
-        })
-        .then(body => {
-            // Stream the response back via port connections (for DevTools panels)
-            const reader = body.getReader();
-            const decoder = new TextDecoder();
-            
-            function readChunk() {
-                reader.read().then(({ done, value }) => {
-                    if (done) {
-                        // Send final message to all connected ports
+            .then(response => {
+                if (!response.ok) {
+                    return response.text().then(text => {
+                        throw new Error(text || 'Request failed');
+                    });
+                }
+                return response.body;
+            })
+            .then(body => {
+                // Stream the response back via port connections (for DevTools panels)
+                const reader = body.getReader();
+                const decoder = new TextDecoder();
+
+                function readChunk() {
+                    reader.read().then(({ done, value }) => {
+                        if (done) {
+                            // Send final message to all connected ports
+                            ports.forEach(port => {
+                                try {
+                                    port.postMessage({
+                                        type: 'local-model-stream-done',
+                                        requestId: requestId
+                                    });
+                                } catch (e) {
+                                    // Port might be disconnected, remove it
+                                    ports.delete(port);
+                                }
+                            });
+                            return;
+                        }
+
+                        const chunk = decoder.decode(value, { stream: true });
+                        // Send chunk message to all connected ports
                         ports.forEach(port => {
                             try {
-                                port.postMessage({ 
-                                    type: 'local-model-stream-done',
+                                port.postMessage({
+                                    type: 'local-model-stream-chunk',
+                                    chunk: chunk,
                                     requestId: requestId
                                 });
                             } catch (e) {
@@ -221,57 +238,40 @@ browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
                                 ports.delete(port);
                             }
                         });
-                        return;
-                    }
-                    
-                    const chunk = decoder.decode(value, { stream: true });
-                    // Send chunk message to all connected ports
-                    ports.forEach(port => {
-                        try {
-                            port.postMessage({ 
-                                type: 'local-model-stream-chunk', 
-                                chunk: chunk,
-                                requestId: requestId
-                            });
-                        } catch (e) {
-                            // Port might be disconnected, remove it
-                            ports.delete(port);
-                        }
-                    });
-                    
-                    // Continue reading
-                    readChunk();
-                }).catch(error => {
-                    ports.forEach(port => {
-                        try {
-                            port.postMessage({ 
-                                type: 'local-model-stream-error', 
-                                error: error.message,
-                                requestId: requestId
-                            });
-                        } catch (e) {
-                            ports.delete(port);
-                        }
-                    });
-                });
-            }
-            
-            readChunk();
-        })
-        .catch(error => {
-            ports.forEach(port => {
-                try {
-                    port.postMessage({ 
-                        type: 'local-model-error', 
-                        error: error.message,
-                        requestId: requestId
+
+                        // Continue reading
+                        readChunk();
+                    }).catch(error => {
+                        ports.forEach(port => {
+                            try {
+                                port.postMessage({
+                                    type: 'local-model-stream-error',
+                                    error: error.message,
+                                    requestId: requestId
+                                });
+                            } catch (e) {
+                                ports.delete(port);
+                            }
+                        });
                     });
-                } catch (e) {
-                    ports.delete(port);
                 }
+
+                readChunk();
+            })
+            .catch(error => {
+                ports.forEach(port => {
+                    try {
+                        port.postMessage({
+                            type: 'local-model-error',
+                            error: error.message,
+                            requestId: requestId
+                        });
+                    } catch (e) {
+                        ports.delete(port);
+                    }
+                });
             });
-        });
-        
+
         // Return true to indicate we'll send responses asynchronously
         return true;
     }
@@ -327,11 +327,36 @@ function handleBeforeRequest(details) {
 }
 
 function handleBeforeSendHeaders(details) {
-    if (ports.size === 0) return;
-    const req = requestMap.get(details.requestId);
-    if (req) {
-        req.requestHeaders = details.requestHeaders;
+    const headers = details.requestHeaders;
+
+    // Store for captured requests
+    if (ports.size > 0) {
+        const req = requestMap.get(details.requestId);
+        if (req) {
+            req.requestHeaders = headers;
+        }
     }
+
+    // COOKIE INJECTION: Check if this is a replayed request
+    const isReplay = headers.some(h => h.name === 'X-Rep-Plus-Replay' && h.value === 'true');
+    if (!isReplay) return;
+
+    // Find custom cookie header
+    const cookieIdx = headers.findIndex(h => h.name === 'X-Rep-Plus-Cookie');
+    if (cookieIdx === -1) return;
+
+    const cookieValue = headers[cookieIdx].value;
+    headers.splice(cookieIdx, 1); // Remove custom header
+
+    // Remove browser cookies
+    const existingIdx = headers.findIndex(h => h.name.toLowerCase() === 'cookie');
+    if (existingIdx !== -1) headers.splice(existingIdx, 1);
+
+    // Inject our cookie
+    headers.push({ name: 'Cookie', value: cookieValue });
+    console.log('[Cookie Injection] ✅ Injected for:', details.url.substring(0, 60));
+
+    return { requestHeaders: headers };
 }
 
 function handleCompleted(details) {
@@ -374,11 +399,21 @@ function setupListeners() {
             );
         }
         if (!browser.webRequest.onBeforeSendHeaders.hasListener(handleBeforeSendHeaders)) {
-            browser.webRequest.onBeforeSendHeaders.addListener(
-                handleBeforeSendHeaders,
-                { urls: ["<all_urls>"] },
-                ["requestHeaders"]
-            );
+            try {
+                browser.webRequest.onBeforeSendHeaders.addListener(
+                    handleBeforeSendHeaders,
+                    { urls: ["<all_urls>"] },
+                    ["blocking", "requestHeaders", "extraHeaders"]
+                );
+                console.log("✅ Cookie injection enabled (blocking + extraHeaders)");
+            } catch (e) {
+                browser.webRequest.onBeforeSendHeaders.addListener(
+                    handleBeforeSendHeaders,
+                    { urls: ["<all_urls>"] },
+                    ["blocking", "requestHeaders"]
+                );
+                console.log("✅ Cookie injection enabled (blocking mode)");
+            }
         }
         if (!browser.webRequest.onCompleted.hasListener(handleCompleted)) {
             browser.webRequest.onCompleted.addListener(
@@ -399,6 +434,80 @@ function setupListeners() {
     }
 }
 
+/**
+ * Intercept replayed requests to inject Cookie header from request text
+ * This bypasses Firefox's forbidden header restriction
+ */
+function handleCookieInjection(details) {
+    const headers = details.requestHeaders;
+
+    // Check if this is a replayed request
+    const isReplay = headers.some(h =>
+        h.name === 'X-Rep-Plus-Replay' && h.value === 'true'
+    );
+
+    if (!isReplay) {
+        return {}; // Not a replayed request, do nothing
+    }
+
+    // Find our custom cookie header
+    const cookieHeaderIndex = headers.findIndex(h =>
+        h.name === 'X-Rep-Plus-Cookie'
+    );
+
+    if (cookieHeaderIndex === -1) {
+        return {}; // No custom cookie, do nothing
+    }
+
+    const cookieValue = headers[cookieHeaderIndex].value;
+
+    // Remove the custom header (don't send it to server)
+    headers.splice(cookieHeaderIndex, 1);
+
+    // Remove existing Cookie header from browser jar (if any)
+    const existingCookieIndex = headers.findIndex(h =>
+        h.name.toLowerCase() === 'cookie'
+    );
+    if (existingCookieIndex !== -1) {
+        headers.splice(existingCookieIndex, 1);
+    }
+
+    // Inject our Cookie header from request text
+    headers.push({
+        name: 'Cookie',
+        value: cookieValue
+    });
+
+    console.log('[Cookie Injection] Injected cookie for:', details.url.substring(0, 80));
+
+    return { requestHeaders: headers };
+}
+
+// Register cookie injection listener with BLOCKING mode
+if (browser.webRequest) {
+    try {
+        browser.webRequest.onBeforeSendHeaders.addListener(
+            handleCookieInjection,
+            { urls: ["<all_urls>"] },
+            ["blocking", "requestHeaders", "extraHeaders"]
+        );
+        console.log("Cookie injection listener registered");
+    } catch (e) {
+        console.error("Failed to register cookie injection listener:", e);
+        // Fallback without extraHeaders if not supported
+        try {
+            browser.webRequest.onBeforeSendHeaders.addListener(
+                handleCookieInjection,
+                { urls: ["<all_urls>"] },
+                ["blocking", "requestHeaders"]
+            );
+            console.log("Cookie injection listener registered (without extraHeaders)");
+        } catch (e2) {
+            console.error("Failed to register cookie injection listener (fallback):", e2);
+        }
+    }
+}
+
 // Initial setup
 setupListeners();
 
diff --git a/background.js.bak b/background.js.bak
new file mode 100644
index 0000000..886ba7a
--- /dev/null
+++ b/background.js.bak
@@ -0,0 +1,525 @@
+// Background script
+const ports = new Set();
+const requestMap = new Map();
+
+// Handle connections from DevTools panels
+browser.runtime.onConnect.addListener((port) => {
+    if (port.name !== "rep-panel") return;
+    console.log("DevTools panel connected");
+    ports.add(port);
+
+    port.onDisconnect.addListener(() => {
+        console.log("DevTools panel disconnected");
+        ports.delete(port);
+    });
+
+    // Listen for messages from panel (e.g. to toggle capture, local model requests)
+    port.onMessage.addListener((msg) => {
+        console.log('Background: Received port message:', msg.type);
+        if (msg.type === 'ping') {
+            console.log('Background: Responding to ping');
+            port.postMessage({ type: 'pong' });
+        } else if (msg.type === 'local-model-request' || msg.type === 'local-model-chat') {
+            // Handle local model request via port
+            const requestId = msg.requestId || `local-${Date.now()}-${Math.random()}`;
+            console.log('Background: Received local model request', requestId, 'URL:', msg.url, 'Body:', JSON.stringify(msg.body).substring(0, 100));
+
+            // Check if port is still connected before making request
+            if (!port || !port.onDisconnect) {
+                console.error('Background: Port already disconnected');
+                return;
+            }
+
+            // Proxy the request to localhost
+            // Note: Background scripts need host_permissions for localhost in MV3
+            // Support both old format (prompt) and new format (messages array)
+            const requestBody = msg.body.messages
+                ? {
+                    model: msg.body.model,
+                    messages: msg.body.messages,
+                    stream: msg.body.stream !== undefined ? msg.body.stream : true
+                }
+                : {
+                    model: msg.body.model,
+                    prompt: msg.body.prompt,
+                    stream: msg.body.stream !== undefined ? msg.body.stream : true
+                };
+
+            console.log('Background: Sending fetch request to', msg.url, 'with body:', JSON.stringify(requestBody).substring(0, 200));
+
+            // Try to match curl's request format exactly
+            fetch(msg.url, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'Accept': 'application/json'
+                },
+                body: JSON.stringify(requestBody),
+                // Don't send credentials or referrer that might trigger security
+                credentials: 'omit',
+                referrerPolicy: 'no-referrer'
+            })
+                .then(response => {
+                    console.log('Background: Fetch response status', response.status);
+                    // Log response headers for debugging
+                    const responseHeaders = {};
+                    response.headers.forEach((value, key) => {
+                        responseHeaders[key] = value;
+                    });
+                    console.log('Background: Response headers:', responseHeaders);
+
+                    if (!response.ok) {
+                        return response.text().then(text => {
+                            console.error('Background: Fetch failed with status', response.status, 'Response body length:', text?.length || 0, 'Response body:', text || '(empty)');
+                            // Provide more helpful error message
+                            let errorMsg = `Request failed with status ${response.status}`;
+                            if (text && text.trim()) {
+                                try {
+                                    const errorData = JSON.parse(text);
+                                    errorMsg = errorData.error || errorData.message || errorMsg;
+                                } catch (e) {
+                                    errorMsg = text.length > 200 ? text.substring(0, 200) + '...' : text;
+                                }
+                            } else if (response.status === 403) {
+                                errorMsg = '403 Forbidden: Ollama is blocking the request. ' +
+                                    'This might be due to CORS or security settings. ' +
+                                    'Try restarting Ollama with: OLLAMA_ORIGINS="*" ollama serve ' +
+                                    'Or check Ollama configuration for access restrictions.';
+                            }
+                            throw new Error(errorMsg);
+                        });
+                    }
+                    return response.body;
+                })
+                .then(body => {
+                    if (!body) {
+                        throw new Error('No response body received');
+                    }
+
+                    // Stream the response back via this specific port
+                    const reader = body.getReader();
+                    const decoder = new TextDecoder();
+                    let hasError = false;
+
+                    function readChunk() {
+                        if (hasError) return;
+
+                        reader.read().then(({ done, value }) => {
+                            if (done) {
+                                // Send final message
+                                try {
+                                    port.postMessage({
+                                        type: 'local-model-stream-done',
+                                        requestId: requestId
+                                    });
+                                    console.log('Background: Sent stream-done for', requestId);
+                                } catch (e) {
+                                    console.error('Background: Error sending stream-done', e);
+                                    hasError = true;
+                                }
+                                return;
+                            }
+
+                            const chunk = decoder.decode(value, { stream: true });
+                            // Send chunk message
+                            try {
+                                port.postMessage({
+                                    type: 'local-model-stream-chunk',
+                                    chunk: chunk,
+                                    requestId: requestId
+                                });
+                            } catch (e) {
+                                console.error('Background: Port disconnected during streaming', e);
+                                hasError = true;
+                                reader.cancel().catch(() => { });
+                                return;
+                            }
+
+                            // Continue reading
+                            readChunk();
+                        }).catch(error => {
+                            console.error('Background: Error reading chunk', error);
+                            hasError = true;
+                            try {
+                                port.postMessage({
+                                    type: 'local-model-stream-error',
+                                    error: error.message,
+                                    requestId: requestId
+                                });
+                            } catch (e) {
+                                console.error('Background: Error sending error message', e);
+                            }
+                        });
+                    }
+
+                    readChunk();
+                })
+                .catch(error => {
+                    console.error('Background: Fetch error', error, error.stack);
+                    let errorMessage = error.message || 'Failed to fetch from local model API';
+
+                    // Provide helpful error message for CORS issues
+                    if (errorMessage.includes('CORS') || errorMessage.includes('Failed to fetch')) {
+                        errorMessage = 'CORS error: Ollama needs to allow CORS. ' +
+                            'Start Ollama with: OLLAMA_ORIGINS="moz-extension://*" ollama serve ' +
+                            'Or configure your Ollama server to send CORS headers. ' +
+                            'Original error: ' + errorMessage;
+                    }
+
+                    try {
+                        port.postMessage({
+                            type: 'local-model-error',
+                            error: errorMessage,
+                            requestId: requestId
+                        });
+                    } catch (e) {
+                        console.error('Background: Port disconnected, cannot send error', e);
+                    }
+                });
+        }
+    });
+});
+
+// Handle local model API requests (bypass CORS)
+browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
+    if (request.type === 'local-model-request') {
+        const requestId = request.requestId || `local-${Date.now()}-${Math.random()}`;
+
+        // Proxy the request to localhost (service workers can bypass CORS)
+        fetch(request.url, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify(request.body)
+        })
+            .then(response => {
+                if (!response.ok) {
+                    return response.text().then(text => {
+                        throw new Error(text || 'Request failed');
+                    });
+                }
+                return response.body;
+            })
+            .then(body => {
+                // Stream the response back via port connections (for DevTools panels)
+                const reader = body.getReader();
+                const decoder = new TextDecoder();
+
+                function readChunk() {
+                    reader.read().then(({ done, value }) => {
+                        if (done) {
+                            // Send final message to all connected ports
+                            ports.forEach(port => {
+                                try {
+                                    port.postMessage({
+                                        type: 'local-model-stream-done',
+                                        requestId: requestId
+                                    });
+                                } catch (e) {
+                                    // Port might be disconnected, remove it
+                                    ports.delete(port);
+                                }
+                            });
+                            return;
+                        }
+
+                        const chunk = decoder.decode(value, { stream: true });
+                        // Send chunk message to all connected ports
+                        ports.forEach(port => {
+                            try {
+                                port.postMessage({
+                                    type: 'local-model-stream-chunk',
+                                    chunk: chunk,
+                                    requestId: requestId
+                                });
+                            } catch (e) {
+                                // Port might be disconnected, remove it
+                                ports.delete(port);
+                            }
+                        });
+
+                        // Continue reading
+                        readChunk();
+                    }).catch(error => {
+                        ports.forEach(port => {
+                            try {
+                                port.postMessage({
+                                    type: 'local-model-stream-error',
+                                    error: error.message,
+                                    requestId: requestId
+                                });
+                            } catch (e) {
+                                ports.delete(port);
+                            }
+                        });
+                    });
+                }
+
+                readChunk();
+            })
+            .catch(error => {
+                ports.forEach(port => {
+                    try {
+                        port.postMessage({
+                            type: 'local-model-error',
+                            error: error.message,
+                            requestId: requestId
+                        });
+                    } catch (e) {
+                        ports.delete(port);
+                    }
+                });
+            });
+
+        // Return true to indicate we'll send responses asynchronously
+        return true;
+    }
+});
+
+// Helper to process request body
+function parseRequestBody(requestBody) {
+    if (!requestBody) return null;
+
+    if (requestBody.raw && requestBody.raw.length > 0) {
+        try {
+            const decoder = new TextDecoder('utf-8');
+            return requestBody.raw.map(bytes => {
+                if (bytes.bytes) {
+                    return decoder.decode(bytes.bytes);
+                }
+                return '';
+            }).join('');
+        } catch (e) {
+            console.error('Error decoding request body:', e);
+            return null;
+        }
+    }
+
+    if (requestBody.formData) {
+        // Convert formData object to URL encoded string
+        const params = new URLSearchParams();
+        for (const [key, values] of Object.entries(requestBody.formData)) {
+            values.forEach(value => params.append(key, value));
+        }
+        return params.toString();
+    }
+
+    return null;
+}
+
+// Listener functions
+function handleBeforeRequest(details) {
+    if (ports.size === 0) return;
+    // Filter out Firefox extension URLs
+    if (details.url.startsWith('moz-extension://')) return;
+
+    requestMap.set(details.requestId, {
+        requestId: details.requestId,
+        url: details.url,
+        method: details.method,
+        type: details.type,
+        timeStamp: Date.now(),
+        requestBody: parseRequestBody(details.requestBody),
+        tabId: details.tabId,
+        initiator: details.initiator
+    });
+}
+
+function handleBeforeSendHeaders(details) {
+    if (ports.size === 0) return;
+    const req = requestMap.get(details.requestId);
+    if (req) {
+        req.requestHeaders = details.requestHeaders;
+    }
+
+    // COOKIE INJECTION: Check if this is a replayed request with custom cookie
+    const headers = details.requestHeaders;
+    const isReplay = headers.some(h =>
+        h.name === 'X-Rep-Plus-Replay' && h.value === 'true'
+    );
+
+    if (isReplay) {
+        // Find our custom cookie header
+        const cookieHeaderIndex = headers.findIndex(h =>
+            h.name === 'X-Rep-Plus-Cookie'
+        );
+
+        if (cookieHeaderIndex !== -1) {
+            const cookieValue = headers[cookieHeaderIndex].value;
+
+            // Remove the custom header (don't send it to server)
+            headers.splice(cookieHeaderIndex, 1);
+
+            // Remove existing Cookie header from browser jar (if any)
+            const existingCookieIndex = headers.findIndex(h =>
+                h.name.toLowerCase() === 'cookie'
+            );
+            if (existingCookieIndex !== -1) {
+                headers.splice(existingCookieIndex, 1);
+            }
+
+            // Inject our Cookie header from request text
+            headers.push({
+                name: 'Cookie',
+                value: cookieValue
+            });
+
+            console.log('[Cookie Injection] Injected cookie for:', details.url.substring(0, 80));
+
+            return { requestHeaders: headers };
+        }
+    }
+}
+
+function handleCompleted(details) {
+    if (ports.size === 0) return;
+    const req = requestMap.get(details.requestId);
+    if (req) {
+        req.statusCode = details.statusCode;
+        req.statusLine = details.statusLine;
+        req.responseHeaders = details.responseHeaders;
+
+        const message = {
+            type: 'captured_request',
+            data: req
+        };
+
+        ports.forEach(p => {
+            try {
+                p.postMessage(message);
+            } catch (e) {
+                console.error('Error sending to port:', e);
+                ports.delete(p);
+            }
+        });
+
+        requestMap.delete(details.requestId);
+    }
+}
+
+function handleErrorOccurred(details) {
+    requestMap.delete(details.requestId);
+}
+
+function setupListeners() {
+    if (browser.webRequest) {
+        if (!browser.webRequest.onBeforeRequest.hasListener(handleBeforeRequest)) {
+            browser.webRequest.onBeforeRequest.addListener(
+                handleBeforeRequest,
+                { urls: ["<all_urls>"] },
+                ["requestBody"]
+            );
+        }
+        if (!browser.webRequest.onBeforeSendHeaders.hasListener(handleBeforeSendHeaders)) {
+            browser.webRequest.onBeforeSendHeaders.addListener(
+                handleBeforeSendHeaders,
+                { urls: ["<all_urls>"] },
+                ["requestHeaders"]
+            );
+        }
+        if (!browser.webRequest.onCompleted.hasListener(handleCompleted)) {
+            browser.webRequest.onCompleted.addListener(
+                handleCompleted,
+                { urls: ["<all_urls>"] },
+                ["responseHeaders"]
+            );
+        }
+        if (!browser.webRequest.onErrorOccurred.hasListener(handleErrorOccurred)) {
+            browser.webRequest.onErrorOccurred.addListener(
+                handleErrorOccurred,
+                { urls: ["<all_urls>"] }
+            );
+        }
+        console.log("WebRequest listeners registered");
+    } else {
+        console.log("WebRequest permission not granted");
+    }
+}
+
+/**
+ * Intercept replayed requests to inject Cookie header from request text
+ * This bypasses Firefox's forbidden header restriction
+ */
+function handleCookieInjection(details) {
+    const headers = details.requestHeaders;
+
+    // Check if this is a replayed request
+    const isReplay = headers.some(h =>
+        h.name === 'X-Rep-Plus-Replay' && h.value === 'true'
+    );
+
+    if (!isReplay) {
+        return {}; // Not a replayed request, do nothing
+    }
+
+    // Find our custom cookie header
+    const cookieHeaderIndex = headers.findIndex(h =>
+        h.name === 'X-Rep-Plus-Cookie'
+    );
+
+    if (cookieHeaderIndex === -1) {
+        return {}; // No custom cookie, do nothing
+    }
+
+    const cookieValue = headers[cookieHeaderIndex].value;
+
+    // Remove the custom header (don't send it to server)
+    headers.splice(cookieHeaderIndex, 1);
+
+    // Remove existing Cookie header from browser jar (if any)
+    const existingCookieIndex = headers.findIndex(h =>
+        h.name.toLowerCase() === 'cookie'
+    );
+    if (existingCookieIndex !== -1) {
+        headers.splice(existingCookieIndex, 1);
+    }
+
+    // Inject our Cookie header from request text
+    headers.push({
+        name: 'Cookie',
+        value: cookieValue
+    });
+
+    console.log('[Cookie Injection] Injected cookie for:', details.url.substring(0, 80));
+
+    return { requestHeaders: headers };
+}
+
+// Register cookie injection listener with BLOCKING mode
+if (browser.webRequest) {
+    try {
+        browser.webRequest.onBeforeSendHeaders.addListener(
+            handleCookieInjection,
+            { urls: ["<all_urls>"] },
+            ["blocking", "requestHeaders", "extraHeaders"]
+        );
+        console.log("Cookie injection listener registered");
+    } catch (e) {
+        console.error("Failed to register cookie injection listener:", e);
+        // Fallback without extraHeaders if not supported
+        try {
+            browser.webRequest.onBeforeSendHeaders.addListener(
+                handleCookieInjection,
+                { urls: ["<all_urls>"] },
+                ["blocking", "requestHeaders"]
+            );
+            console.log("Cookie injection listener registered (without extraHeaders)");
+        } catch (e2) {
+            console.error("Failed to register cookie injection listener (fallback):", e2);
+        }
+    }
+}
+
+// Initial setup
+setupListeners();
+
+// Periodic cleanup of stale requests (older than 1 minute)
+setInterval(() => {
+    const now = Date.now();
+    for (const [id, req] of requestMap.entries()) {
+        if (now - req.timeStamp > 60000) {
+            requestMap.delete(id);
+        }
+    }
+}, 30000);
diff --git a/css/auth-analyzer-config-panel.css b/css/auth-analyzer-config-panel.css
new file mode 100644
index 0000000..a4585c4
--- /dev/null
+++ b/css/auth-analyzer-config-panel.css
@@ -0,0 +1,286 @@
+/* Auth Analyzer Configuration Panel - Modal Style */
+#auth-analyzer-config-panel {
+    position: fixed;
+    top: 50%;
+    left: 50%;
+    transform: translate(-50%, -50%) scale(0.95);
+    width: 600px;
+    max-width: 90vw;
+    height: auto;
+    max-height: 85vh;
+    background: #1a1a1a;
+    /* Solid background to prevent transparency */
+    border: 1px solid var(--border-color);
+    border-radius: 8px;
+    display: none;
+    flex-direction: column;
+    z-index: 2000;
+    box-shadow: 0 10px 30px rgba(0, 0, 0, 0.5);
+    opacity: 0;
+    transition: opacity 0.2s ease-out, transform 0.2s ease-out;
+}
+
+#auth-analyzer-config-panel.visible {
+    display: flex;
+    opacity: 1;
+    transform: translate(-50%, -50%) scale(1);
+}
+
+/* Modal Overlay Backdrop */
+#auth-analyzer-config-panel::before {
+    content: '';
+    position: fixed;
+    top: -100vh;
+    left: -100vw;
+    width: 300vw;
+    height: 300vh;
+    background: rgba(0, 0, 0, 0.5);
+    z-index: -1;
+    pointer-events: none;
+}
+
+.auth-config-header {
+    padding: 16px 20px;
+    background: var(--bg-primary);
+    border-bottom: 1px solid var(--border-color);
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    border-radius: 8px 8px 0 0;
+}
+
+.auth-config-header h3 {
+    margin: 0;
+    font-size: 16px;
+    font-weight: 600;
+    color: var(--text-primary);
+    display: flex;
+    align-items: center;
+    gap: 10px;
+}
+
+.auth-config-close {
+    background: transparent;
+    border: none;
+    color: var(--text-secondary);
+    cursor: pointer;
+    padding: 4px;
+    font-size: 24px;
+    line-height: 1;
+    transition: color 0.2s;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 32px;
+    height: 32px;
+    border-radius: 4px;
+}
+
+.auth-config-close:hover {
+    color: var(--text-primary);
+    background: var(--bg-hover);
+}
+
+.auth-config-content {
+    flex: 1;
+    overflow-y: auto;
+    padding: 24px;
+    background: var(--bg-secondary);
+}
+
+.auth-config-section {
+    margin-bottom: 24px;
+    background: var(--bg-primary);
+    padding: 16px;
+    border-radius: 6px;
+    border: 1px solid var(--border-color);
+}
+
+.auth-config-section:last-child {
+    margin-bottom: 0;
+}
+
+.auth-config-section h4 {
+    margin: 0 0 12px 0;
+    font-size: 14px;
+    font-weight: 600;
+    color: var(--text-primary);
+    border-bottom: 1px solid var(--border-color);
+    padding-bottom: 8px;
+}
+
+.auth-config-description {
+    font-size: 13px;
+    color: var(--text-secondary);
+    margin-bottom: 16px;
+    line-height: 1.5;
+}
+
+.auth-config-label {
+    display: block;
+    font-size: 13px;
+    font-weight: 500;
+    color: var(--text-primary);
+    margin-bottom: 8px;
+}
+
+.auth-config-input {
+    width: 100%;
+    min-height: 100px;
+    padding: 12px;
+    background: var(--bg-secondary);
+    border: 1px solid var(--border-color);
+    border-radius: 4px;
+    color: var(--text-primary);
+    font-family: 'Courier New', monospace;
+    font-size: 12px;
+    resize: vertical;
+    box-sizing: border-box;
+    line-height: 1.4;
+}
+
+.auth-config-input:focus {
+    outline: none;
+    border-color: #2196f3;
+    box-shadow: 0 0 0 2px rgba(33, 150, 243, 0.2);
+}
+
+.auth-config-input::placeholder {
+    color: var(--text-secondary);
+    opacity: 0.6;
+}
+
+.auth-config-hint {
+    font-size: 12px;
+    color: var(--text-secondary);
+    margin-top: 8px;
+    font-style: italic;
+}
+
+.auth-config-example {
+    background: var(--bg-secondary);
+    border: 1px solid var(--border-color);
+    border-radius: 4px;
+    padding: 12px;
+    margin-top: 12px;
+    font-family: 'Courier New', monospace;
+    font-size: 11px;
+    color: var(--text-secondary);
+    word-break: break-all;
+}
+
+.auth-config-status {
+    display: flex;
+    align-items: center;
+    gap: 12px;
+    padding: 16px;
+    background: var(--bg-secondary);
+    border: 1px solid var(--border-color);
+    border-radius: 6px;
+    font-size: 13px;
+    margin-bottom: 20px;
+}
+
+/* Removed opacity property to fix transparency issues */
+.auth-config-status.enabled {
+    background: #1b5e20;
+    border-color: #4caf50;
+    color: #e8f5e9;
+}
+
+.auth-config-status.disabled {
+    background: #424242;
+    border-color: #757575;
+    color: #e0e0e0;
+}
+
+.auth-config-status-icon {
+    font-size: 20px;
+}
+
+.auth-config-footer {
+    padding: 20px;
+    background: var(--bg-primary);
+    border-top: 1px solid var(--border-color);
+    display: flex;
+    gap: 12px;
+    justify-content: flex-end;
+    border-radius: 0 0 8px 8px;
+}
+
+.auth-config-btn {
+    padding: 10px 20px;
+    border: none;
+    border-radius: 4px;
+    font-size: 14px;
+    font-weight: 500;
+    cursor: pointer;
+    transition: all 0.2s;
+    min-width: 100px;
+}
+
+.auth-config-btn-primary {
+    background: #2196f3;
+    color: white;
+}
+
+.auth-config-btn-primary:hover {
+    background: #1976d2;
+    box-shadow: 0 2px 4px rgba(0, 0, 0, 0.2);
+}
+
+.auth-config-btn-secondary {
+    background: transparent;
+    color: var(--text-primary);
+    border: 1px solid var(--border-color);
+}
+
+.auth-config-btn-secondary:hover {
+    background: var(--bg-hover);
+    border-color: var(--text-secondary);
+}
+
+.auth-config-btn:disabled {
+    opacity: 0.6;
+    cursor: not-allowed;
+    background: var(--bg-hover);
+    color: var(--text-secondary);
+    box-shadow: none;
+}
+
+/* Updated Help Box - Solid Background */
+.auth-config-help {
+    background: #1565c0;
+    /* Solid blue */
+    border: 1px solid #42a5f5;
+    border-radius: 6px;
+    padding: 16px;
+    margin-top: 24px;
+}
+
+.auth-config-help-title {
+    font-size: 13px;
+    font-weight: 700;
+    color: #ffffff;
+    margin-bottom: 10px;
+    display: flex;
+    align-items: center;
+    gap: 8px;
+}
+
+.auth-config-help-text {
+    font-size: 12px;
+    color: #e3f2fd;
+    line-height: 1.6;
+}
+
+.auth-config-help-list {
+    margin: 10px 0 0 0;
+    padding-left: 20px;
+    font-size: 12px;
+    color: #e3f2fd;
+}
+
+.auth-config-help-list li {
+    margin-bottom: 6px;
+}
\ No newline at end of file
diff --git a/css/auth-analyzer-panel.css b/css/auth-analyzer-panel.css
new file mode 100644
index 0000000..ddcf3ad
--- /dev/null
+++ b/css/auth-analyzer-panel.css
@@ -0,0 +1,273 @@
+/* Auth Analyzer Results Panel */
+#auth-analyzer-panel {
+    position: fixed;
+    top: 0;
+    right: 0;
+    width: 400px;
+    height: 100vh;
+    /* Use main application background color for solid appearance */
+    background: var(--bg-color, #202124);
+    /* Add solid fallback just in case variable is missing or transparent */
+    background-color: #202124;
+    border-left: 1px solid var(--border-color);
+    display: none;
+    flex-direction: column;
+    z-index: 1000;
+    overflow: hidden;
+    /* Box shadow for depth */
+    box-shadow: -4px 0 12px rgba(0, 0, 0, 0.3);
+}
+
+/* Ensure no transparency on visible state */
+#auth-analyzer-panel.visible {
+    display: flex;
+    opacity: 1;
+}
+
+.auth-analyzer-header {
+    padding: 12px 16px;
+    background: var(--sidebar-bg, #292a2d);
+    border-bottom: 1px solid var(--border-color);
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+}
+
+.auth-analyzer-header h3 {
+    margin: 0;
+    font-size: 14px;
+    font-weight: 600;
+    color: var(--text-primary);
+}
+
+.auth-analyzer-close {
+    background: transparent;
+    border: none;
+    color: var(--text-secondary);
+    cursor: pointer;
+    padding: 4px 8px;
+    font-size: 18px;
+    line-height: 1;
+}
+
+.auth-analyzer-close:hover {
+    color: var(--text-primary);
+}
+
+.auth-analyzer-content {
+    flex: 1;
+    overflow-y: auto;
+    padding: 8px;
+    /* Ensure content background is distinct if needed, but solid */
+    background: var(--bg-color, #202124);
+}
+
+.auth-analyzer-stats {
+    display: flex;
+    gap: 8px;
+    padding: 8px;
+    background: var(--sidebar-bg, #292a2d);
+    border-radius: 4px;
+    margin-bottom: 12px;
+    border: 1px solid var(--border-color);
+}
+
+.auth-stat {
+    flex: 1;
+    text-align: center;
+    padding: 8px;
+    border-radius: 4px;
+    font-size: 12px;
+}
+
+/* Updated Stat Colors to be solid/opaque but tinted */
+.auth-stat.critical {
+    background: #3c1f1f;
+    /* Dark red background for contrast */
+    border: 1px solid #f44336;
+}
+
+.auth-stat.warning {
+    background: #3e2723;
+    /* Dark orange background */
+    border: 1px solid #ff9800;
+}
+
+.auth-stat.success {
+    background: #1b3320;
+    /* Dark green background */
+    border: 1px solid #4caf50;
+}
+
+.auth-stat-count {
+    display: block;
+    font-size: 20px;
+    font-weight: bold;
+    margin-bottom: 4px;
+}
+
+.auth-stat.critical .auth-stat-count {
+    color: #f44336;
+}
+
+.auth-stat.warning .auth-stat-count {
+    color: #ff9800;
+}
+
+.auth-stat.success .auth-stat-count {
+    color: #4caf50;
+}
+
+.auth-stat-label {
+    display: block;
+    opacity: 0.8;
+    font-size: 11px;
+    color: var(--text-secondary);
+}
+
+/* Result Items */
+.auth-result-item {
+    background: var(--sidebar-bg, #292a2d);
+    border: 1px solid var(--border-color);
+    border-radius: 4px;
+    margin-bottom: 8px;
+    overflow: hidden;
+}
+
+.auth-result-summary {
+    padding: 10px 12px;
+    cursor: pointer;
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    gap: 8px;
+}
+
+.auth-result-summary:hover {
+    background: var(--bg-hover);
+}
+
+.auth-result-info {
+    flex: 1;
+    min-width: 0;
+}
+
+/* Method Badges */
+.auth-result-method {
+    display: inline-block;
+    padding: 2px 6px;
+    border-radius: 3px;
+    font-size: 10px;
+    font-weight: bold;
+    margin-right: 6px;
+}
+
+.auth-result-method.POST {
+    background: #ff9800;
+    color: white;
+}
+
+.auth-result-method.GET {
+    background: #4caf50;
+    color: white;
+}
+
+.auth-result-method.PUT {
+    background: #2196f3;
+    color: white;
+}
+
+.auth-result-method.DELETE {
+    background: #f44336;
+    color: white;
+}
+
+.auth-result-url {
+    font-size: 12px;
+    color: var(--text-primary);
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+
+.auth-result-status {
+    font-size: 11px;
+    color: var(--text-secondary);
+    margin-top: 4px;
+}
+
+.auth-result-toggle {
+    color: var(--text-secondary);
+    font-size: 12px;
+    transition: transform 0.2s;
+}
+
+.auth-result-item.expanded .auth-result-toggle {
+    transform: rotate(90deg);
+}
+
+.auth-result-details {
+    display: none;
+    border-top: 1px solid var(--border-color);
+    padding: 12px;
+    background: var(--bg-color, #202124);
+}
+
+.auth-result-item.expanded .auth-result-details {
+    display: block;
+}
+
+.auth-response-section {
+    margin-bottom: 12px;
+}
+
+.auth-response-body {
+    background: var(--code-bg, #000000);
+    border: 1px solid var(--border-color);
+    border-radius: 4px;
+    padding: 8px;
+    font-family: 'Courier New', monospace;
+    font-size: 11px;
+    max-height: 200px;
+    overflow-y: auto;
+    white-space: pre-wrap;
+    word-break: break-all;
+    color: var(--text-primary);
+}
+
+/* Helper Text */
+.auth-no-results {
+    text-align: center;
+    padding: 40px 20px;
+    color: var(--text-secondary);
+    font-size: 13px;
+}
+
+.auth-no-results-icon {
+    font-size: 48px;
+    margin-bottom: 12px;
+    opacity: 0.3;
+}
+
+/* Adjust main content when panel is visible */
+body.auth-analyzer-panel-open .main-content {
+    margin-right: 400px;
+}
+/* Resize Handle */
+.auth-panel-resize-handle {
+    position: absolute;
+    left: 0;
+    top: 0;
+    bottom: 0;
+    width: 6px; /* Width of the interactive area */
+    cursor: ew-resize;
+    z-index: 1001; /* Above panel content */
+    background: transparent;
+    transition: background 0.2s;
+}
+
+.auth-panel-resize-handle:hover,
+.auth-panel-resize-handle.active {
+    background: var(--accent-color, #2196f3); /* Highlight on hover/active */
+    opacity: 0.5;
+}
diff --git a/css/panel.css b/css/panel.css
index 6e50e8e..0cb54c9 100644
--- a/css/panel.css
+++ b/css/panel.css
@@ -8,32 +8,32 @@
     --error-color: #f28b82;
     --input-bg: #171717;
     --hover-bg: #35363a;
-    
+
     /* Modern Design Tokens */
     --theme-transition-duration: 0.3s;
     --theme-transition-timing: cubic-bezier(0.4, 0, 0.2, 1);
-    
+
     /* Spacing */
     --spacing-xs: 4px;
     --spacing-sm: 8px;
     --spacing-md: 12px;
     --spacing-lg: 16px;
     --spacing-xl: 24px;
-    
+
     /* Border Radius */
     --radius-sm: 6px;
     --radius-md: 8px;
     --radius-lg: 12px;
     --radius-xl: 16px;
     --radius-full: 9999px;
-    
+
     /* Shadows */
     --shadow-sm: 0 1px 2px 0 rgba(0, 0, 0, 0.05);
     --shadow-md: 0 4px 6px -1px rgba(0, 0, 0, 0.1), 0 2px 4px -1px rgba(0, 0, 0, 0.06);
     --shadow-lg: 0 10px 15px -3px rgba(0, 0, 0, 0.1), 0 4px 6px -2px rgba(0, 0, 0, 0.05);
     --shadow-xl: 0 20px 25px -5px rgba(0, 0, 0, 0.1), 0 10px 10px -5px rgba(0, 0, 0, 0.04);
     --shadow-inner: inset 0 2px 4px 0 rgba(0, 0, 0, 0.06);
-    
+
     /* Focus rings */
     --focus-ring: 0 0 0 3px rgba(138, 180, 248, 0.2);
     --focus-ring-offset: 2px;
@@ -52,19 +52,19 @@ body {
     display: flex;
     flex-direction: column;
     line-height: 1.5;
-    
+
     /* Smooth theme transition */
     transition: background-color var(--theme-transition-duration) var(--theme-transition-timing),
-                color var(--theme-transition-duration) var(--theme-transition-timing);
+        color var(--theme-transition-duration) var(--theme-transition-timing);
 }
 
 /* Apply smooth transitions to elements that use CSS variables */
 body.theme-transitioning,
 body.theme-transitioning * {
     transition: background-color var(--theme-transition-duration) var(--theme-transition-timing),
-                color var(--theme-transition-duration) var(--theme-transition-timing),
-                border-color var(--theme-transition-duration) var(--theme-transition-timing),
-                box-shadow var(--theme-transition-duration) var(--theme-transition-timing) !important;
+        color var(--theme-transition-duration) var(--theme-transition-timing),
+        border-color var(--theme-transition-duration) var(--theme-transition-timing),
+        box-shadow var(--theme-transition-duration) var(--theme-transition-timing) !important;
 }
 
 /* Exclude elements that shouldn't transition */
@@ -132,7 +132,8 @@ body.theme-transitioning img {
 .container {
     display: flex;
     flex: 1;
-    min-height: 0; /* allow children to flex/scroll within remaining space */
+    min-height: 0;
+    /* allow children to flex/scroll within remaining space */
 }
 
 /* Sidebar */
@@ -175,12 +176,12 @@ body.theme-transitioning img {
     .search-container {
         gap: var(--spacing-sm);
     }
-    
+
     .primary-actions {
         flex-wrap: wrap;
         gap: var(--spacing-xs);
     }
-    
+
     .search-input-wrapper {
         min-width: 120px;
     }
@@ -192,21 +193,21 @@ body.theme-transitioning img {
         flex-direction: column;
         align-items: stretch;
     }
-    
+
     .search-input-wrapper {
         min-width: 100%;
         width: 100%;
     }
-    
+
     .primary-actions {
         width: 100%;
         justify-content: space-between;
     }
-    
+
     .more-menu-wrapper {
         width: 100%;
     }
-    
+
     .more-menu {
         right: auto;
         left: 0;
@@ -259,6 +260,7 @@ body.theme-transitioning img {
         opacity: 0;
         transform: translateY(-8px);
     }
+
     to {
         opacity: 1;
         transform: translateY(0);
@@ -496,6 +498,7 @@ body.theme-transitioning img {
         opacity: 0;
         transform: translateY(-8px);
     }
+
     to {
         opacity: 1;
         transform: translateY(0);
@@ -2725,20 +2728,24 @@ pre {
 
 /* Light Theme Syntax Highlighting Adjustments - Improved contrast */
 .light-theme .http-method {
-    color: #d73a49; /* Bright red - clear and readable */
+    color: #d73a49;
+    /* Bright red - clear and readable */
     font-weight: 600;
 }
 
 .light-theme .http-path {
-    color: #005cc5; /* Strong blue - good contrast */
+    color: #005cc5;
+    /* Strong blue - good contrast */
 }
 
 .light-theme .http-version {
-    color: #6a737d; /* Medium gray - readable */
+    color: #6a737d;
+    /* Medium gray - readable */
 }
 
 .light-theme .http-header-name {
-    color: #032f62; /* Dark blue - excellent contrast */
+    color: #032f62;
+    /* Dark blue - excellent contrast */
     font-weight: 500;
 }
 
@@ -2747,28 +2754,34 @@ pre {
 }
 
 .light-theme .http-header-value {
-    color: #24292e; /* Very dark - maximum readability */
+    color: #24292e;
+    /* Very dark - maximum readability */
 }
 
 .light-theme .json-key {
-    color: #005cc5; /* Blue - clear distinction */
+    color: #005cc5;
+    /* Blue - clear distinction */
     font-weight: 500;
 }
 
 .light-theme .json-string {
-    color: #032f62; /* Dark blue - readable on light */
+    color: #032f62;
+    /* Dark blue - readable on light */
 }
 
 .light-theme .json-number {
-    color: #e36209; /* Orange - good contrast */
+    color: #e36209;
+    /* Orange - good contrast */
 }
 
 .light-theme .json-boolean {
-    color: #d73a49; /* Red - clear */
+    color: #d73a49;
+    /* Red - clear */
 }
 
 .light-theme .json-null {
-    color: #6a737d; /* Gray - subtle */
+    color: #6a737d;
+    /* Gray - subtle */
 }
 
 .light-theme .param-key {
@@ -3958,12 +3971,14 @@ pre {
 
 /* Syntax Highlighting for Modern Dark Theme */
 .theme-modern-dark .http-method {
-    color: #c586c0; /* Purple - VS Code style */
+    color: #c586c0;
+    /* Purple - VS Code style */
     font-weight: 600;
 }
 
 .theme-modern-dark .http-path {
-    color: #4ec9b0; /* Cyan - clear */
+    color: #4ec9b0;
+    /* Cyan - clear */
 }
 
 .theme-modern-dark .http-version {
@@ -3971,28 +3986,34 @@ pre {
 }
 
 .theme-modern-dark .http-header-name {
-    color: #569cd6; /* Blue */
+    color: #569cd6;
+    /* Blue */
     font-weight: 500;
 }
 
 .theme-modern-dark .http-header-value {
-    color: #ce9178; /* Orange */
+    color: #ce9178;
+    /* Orange */
 }
 
 .theme-modern-dark .json-key {
-    color: #9cdcfe; /* Light blue */
+    color: #9cdcfe;
+    /* Light blue */
 }
 
 .theme-modern-dark .json-string {
-    color: #ce9178; /* Orange */
+    color: #ce9178;
+    /* Orange */
 }
 
 .theme-modern-dark .json-number {
-    color: #b5cea8; /* Green */
+    color: #b5cea8;
+    /* Green */
 }
 
 .theme-modern-dark .json-boolean {
-    color: #569cd6; /* Blue */
+    color: #569cd6;
+    /* Blue */
 }
 
 .theme-modern-dark .json-null {
@@ -4017,12 +4038,14 @@ pre {
 
 /* Syntax Highlighting for Modern Light Theme */
 .theme-modern-light .http-method {
-    color: #cf222e; /* Bright red - GitHub style */
+    color: #cf222e;
+    /* Bright red - GitHub style */
     font-weight: 600;
 }
 
 .theme-modern-light .http-path {
-    color: #0969da; /* Blue */
+    color: #0969da;
+    /* Blue */
 }
 
 .theme-modern-light .http-version {
@@ -4030,28 +4053,34 @@ pre {
 }
 
 .theme-modern-light .http-header-name {
-    color: #0550ae; /* Dark blue */
+    color: #0550ae;
+    /* Dark blue */
     font-weight: 500;
 }
 
 .theme-modern-light .http-header-value {
-    color: #24292f; /* Very dark */
+    color: #24292f;
+    /* Very dark */
 }
 
 .theme-modern-light .json-key {
-    color: #0969da; /* Blue */
+    color: #0969da;
+    /* Blue */
 }
 
 .theme-modern-light .json-string {
-    color: #0a3069; /* Dark blue */
+    color: #0a3069;
+    /* Dark blue */
 }
 
 .theme-modern-light .json-number {
-    color: #cf222e; /* Red */
+    color: #cf222e;
+    /* Red */
 }
 
 .theme-modern-light .json-boolean {
-    color: #8250df; /* Purple */
+    color: #8250df;
+    /* Purple */
 }
 
 .theme-modern-light .json-null {
@@ -4076,12 +4105,14 @@ pre {
 
 /* Syntax Highlighting for Blue Theme */
 .theme-blue .http-method {
-    color: #ff79c6; /* Pink - good contrast on blue */
+    color: #ff79c6;
+    /* Pink - good contrast on blue */
     font-weight: 600;
 }
 
 .theme-blue .http-path {
-    color: #8be9fd; /* Cyan */
+    color: #8be9fd;
+    /* Cyan */
 }
 
 .theme-blue .http-version {
@@ -4089,28 +4120,34 @@ pre {
 }
 
 .theme-blue .http-header-name {
-    color: #50fa7b; /* Green */
+    color: #50fa7b;
+    /* Green */
     font-weight: 500;
 }
 
 .theme-blue .http-header-value {
-    color: #f1fa8c; /* Yellow */
+    color: #f1fa8c;
+    /* Yellow */
 }
 
 .theme-blue .json-key {
-    color: #8be9fd; /* Cyan */
+    color: #8be9fd;
+    /* Cyan */
 }
 
 .theme-blue .json-string {
-    color: #f1fa8c; /* Yellow */
+    color: #f1fa8c;
+    /* Yellow */
 }
 
 .theme-blue .json-number {
-    color: #bd93f9; /* Purple */
+    color: #bd93f9;
+    /* Purple */
 }
 
 .theme-blue .json-boolean {
-    color: #ff79c6; /* Pink */
+    color: #ff79c6;
+    /* Pink */
 }
 
 .theme-blue .json-null {
@@ -4135,12 +4172,14 @@ pre {
 
 /* Syntax Highlighting for High Contrast Theme */
 .theme-high-contrast .http-method {
-    color: #ffff00; /* Bright yellow */
+    color: #ffff00;
+    /* Bright yellow */
     font-weight: 700;
 }
 
 .theme-high-contrast .http-path {
-    color: #00ffff; /* Cyan */
+    color: #00ffff;
+    /* Cyan */
 }
 
 .theme-high-contrast .http-version {
@@ -4148,29 +4187,35 @@ pre {
 }
 
 .theme-high-contrast .http-header-name {
-    color: #00ff00; /* Green */
+    color: #00ff00;
+    /* Green */
     font-weight: 600;
 }
 
 .theme-high-contrast .http-header-value {
-    color: #ffffff; /* White */
+    color: #ffffff;
+    /* White */
 }
 
 .theme-high-contrast .json-key {
-    color: #00ffff; /* Cyan */
+    color: #00ffff;
+    /* Cyan */
     font-weight: 600;
 }
 
 .theme-high-contrast .json-string {
-    color: #ffffff; /* White */
+    color: #ffffff;
+    /* White */
 }
 
 .theme-high-contrast .json-number {
-    color: #ffff00; /* Yellow */
+    color: #ffff00;
+    /* Yellow */
 }
 
 .theme-high-contrast .json-boolean {
-    color: #00ff00; /* Green */
+    color: #00ff00;
+    /* Green */
 }
 
 .theme-high-contrast .json-null {
@@ -4195,12 +4240,14 @@ pre {
 
 /* Syntax Highlighting for Terminal Theme */
 .theme-terminal .http-method {
-    color: #58a6ff; /* Blue */
+    color: #58a6ff;
+    /* Blue */
     font-weight: 600;
 }
 
 .theme-terminal .http-path {
-    color: #79c0ff; /* Light blue */
+    color: #79c0ff;
+    /* Light blue */
 }
 
 .theme-terminal .http-version {
@@ -4208,28 +4255,34 @@ pre {
 }
 
 .theme-terminal .http-header-name {
-    color: #58a6ff; /* Blue */
+    color: #58a6ff;
+    /* Blue */
     font-weight: 500;
 }
 
 .theme-terminal .http-header-value {
-    color: #c9d1d9; /* Light gray */
+    color: #c9d1d9;
+    /* Light gray */
 }
 
 .theme-terminal .json-key {
-    color: #79c0ff; /* Light blue */
+    color: #79c0ff;
+    /* Light blue */
 }
 
 .theme-terminal .json-string {
-    color: #a5d6ff; /* Very light blue */
+    color: #a5d6ff;
+    /* Very light blue */
 }
 
 .theme-terminal .json-number {
-    color: #3fb950; /* Green */
+    color: #3fb950;
+    /* Green */
 }
 
 .theme-terminal .json-boolean {
-    color: #58a6ff; /* Blue */
+    color: #58a6ff;
+    /* Blue */
 }
 
 .theme-terminal .json-null {
@@ -4456,6 +4509,7 @@ pre {
         opacity: 0;
         transform: translateY(10px);
     }
+
     to {
         opacity: 1;
         transform: translateY(0);
@@ -4550,7 +4604,8 @@ pre {
 /* Ensure pre elements with code blocks are positioned relative */
 .chat-message pre {
     position: relative;
-    padding-top: 40px; /* Make room for copy button */
+    padding-top: 40px;
+    /* Make room for copy button */
 }
 
 .chat-message pre code {
@@ -4777,10 +4832,21 @@ pre {
     animation: aiSparkle 1.5s ease-in-out infinite;
 }
 
-.ai-icon-btn.active .ai-sparkle-1 { animation-delay: 0s; }
-.ai-icon-btn.active .ai-sparkle-2 { animation-delay: 0.3s; }
-.ai-icon-btn.active .ai-sparkle-3 { animation-delay: 0.6s; }
-.ai-icon-btn.active .ai-sparkle-4 { animation-delay: 0.9s; }
+.ai-icon-btn.active .ai-sparkle-1 {
+    animation-delay: 0s;
+}
+
+.ai-icon-btn.active .ai-sparkle-2 {
+    animation-delay: 0.3s;
+}
+
+.ai-icon-btn.active .ai-sparkle-3 {
+    animation-delay: 0.6s;
+}
+
+.ai-icon-btn.active .ai-sparkle-4 {
+    animation-delay: 0.9s;
+}
 
 /* Sparkles hidden when inactive */
 .ai-sparkle {
@@ -4789,19 +4855,25 @@ pre {
 }
 
 @keyframes aiGlow {
-    0%, 100% {
+
+    0%,
+    100% {
         filter: drop-shadow(0 0 4px var(--accent-color));
     }
+
     50% {
         filter: drop-shadow(0 0 8px var(--accent-color)) drop-shadow(0 0 12px rgba(138, 180, 248, 0.5));
     }
 }
 
 @keyframes aiSparkle {
-    0%, 100% {
+
+    0%,
+    100% {
         opacity: 0.6;
         transform: scale(1);
     }
+
     50% {
         opacity: 1;
         transform: scale(1.3);
@@ -4978,6 +5050,7 @@ pre {
         opacity: 0;
         transform: translateY(-10px);
     }
+
     to {
         opacity: 1;
         transform: translateY(0);
@@ -5080,15 +5153,15 @@ pre {
 .request-modifying {
     position: relative;
     animation: requestModifyMagic 1.2s cubic-bezier(0.4, 0, 0.2, 1);
-    background: linear-gradient(135deg, 
-        rgba(138, 180, 248, 0.15) 0%,
-        rgba(138, 180, 248, 0.05) 50%,
-        rgba(138, 180, 248, 0.15) 100%);
+    background: linear-gradient(135deg,
+            rgba(138, 180, 248, 0.15) 0%,
+            rgba(138, 180, 248, 0.05) 50%,
+            rgba(138, 180, 248, 0.15) 100%);
     border-radius: var(--radius-sm);
     overflow: hidden;
     box-shadow: 0 0 20px rgba(138, 180, 248, 0.3),
-                0 0 40px rgba(138, 180, 248, 0.2),
-                inset 0 0 20px rgba(138, 180, 248, 0.1);
+        0 0 40px rgba(138, 180, 248, 0.2),
+        inset 0 0 20px rgba(138, 180, 248, 0.1);
 }
 
 .request-modifying::before {
@@ -5099,11 +5172,11 @@ pre {
     width: 100%;
     height: 100%;
     background: linear-gradient(90deg,
-        transparent 0%,
-        rgba(255, 255, 255, 0.5) 30%,
-        rgba(255, 255, 255, 0.7) 50%,
-        rgba(255, 255, 255, 0.5) 70%,
-        transparent 100%);
+            transparent 0%,
+            rgba(255, 255, 255, 0.5) 30%,
+            rgba(255, 255, 255, 0.7) 50%,
+            rgba(255, 255, 255, 0.5) 70%,
+            transparent 100%);
     animation: shimmerSweep 1.2s cubic-bezier(0.4, 0, 0.2, 1);
     pointer-events: none;
     z-index: 1;
@@ -5118,9 +5191,9 @@ pre {
     height: 0;
     border-radius: 50%;
     background: radial-gradient(circle,
-        rgba(138, 180, 248, 0.6) 0%,
-        rgba(138, 180, 248, 0.3) 40%,
-        transparent 70%);
+            rgba(138, 180, 248, 0.6) 0%,
+            rgba(138, 180, 248, 0.3) 40%,
+            transparent 70%);
     animation: rippleExpand 1.2s cubic-bezier(0.4, 0, 0.2, 1);
     pointer-events: none;
     z-index: 0;
@@ -5140,9 +5213,9 @@ pre {
     right: 0;
     bottom: 0;
     background: linear-gradient(135deg,
-        rgba(129, 201, 149, 0.2) 0%,
-        rgba(129, 201, 149, 0.1) 50%,
-        rgba(129, 201, 149, 0.2) 100%);
+            rgba(129, 201, 149, 0.2) 0%,
+            rgba(129, 201, 149, 0.1) 50%,
+            rgba(129, 201, 149, 0.2) 100%);
     border-radius: var(--radius-sm);
     animation: successGlow 1.5s cubic-bezier(0.4, 0, 0.2, 1);
     pointer-events: none;
@@ -5155,29 +5228,33 @@ pre {
         opacity: 0.8;
         filter: blur(2px);
     }
+
     20% {
         transform: scale(1.01);
         filter: blur(0px);
     }
+
     40% {
         transform: scale(1);
         box-shadow: 0 0 30px rgba(138, 180, 248, 0.4),
-                    0 0 60px rgba(138, 180, 248, 0.3),
-                    inset 0 0 30px rgba(138, 180, 248, 0.15);
+            0 0 60px rgba(138, 180, 248, 0.3),
+            inset 0 0 30px rgba(138, 180, 248, 0.15);
     }
+
     60% {
         transform: scale(1.005);
         box-shadow: 0 0 25px rgba(138, 180, 248, 0.35),
-                    0 0 50px rgba(138, 180, 248, 0.25),
-                    inset 0 0 25px rgba(138, 180, 248, 0.12);
+            0 0 50px rgba(138, 180, 248, 0.25),
+            inset 0 0 25px rgba(138, 180, 248, 0.12);
     }
+
     100% {
         transform: scale(1);
         opacity: 1;
         filter: blur(0px);
         box-shadow: 0 0 20px rgba(138, 180, 248, 0.3),
-                    0 0 40px rgba(138, 180, 248, 0.2),
-                    inset 0 0 20px rgba(138, 180, 248, 0.1);
+            0 0 40px rgba(138, 180, 248, 0.2),
+            inset 0 0 20px rgba(138, 180, 248, 0.1);
     }
 }
 
@@ -5185,9 +5262,11 @@ pre {
     0% {
         left: -100%;
     }
+
     50% {
         left: 100%;
     }
+
     100% {
         left: 100%;
     }
@@ -5199,11 +5278,13 @@ pre {
         height: 0;
         opacity: 0.8;
     }
+
     50% {
         width: 300px;
         height: 300px;
         opacity: 0.4;
     }
+
     100% {
         width: 500px;
         height: 500px;
@@ -5215,22 +5296,25 @@ pre {
     0% {
         transform: scale(1);
         box-shadow: 0 0 20px rgba(129, 201, 149, 0.3),
-                    0 0 40px rgba(129, 201, 149, 0.2);
+            0 0 40px rgba(129, 201, 149, 0.2);
     }
+
     30% {
         transform: scale(1.02);
         box-shadow: 0 0 30px rgba(129, 201, 149, 0.5),
-                    0 0 60px rgba(129, 201, 149, 0.3);
+            0 0 60px rgba(129, 201, 149, 0.3);
     }
+
     60% {
         transform: scale(1);
         box-shadow: 0 0 25px rgba(129, 201, 149, 0.4),
-                    0 0 50px rgba(129, 201, 149, 0.25);
+            0 0 50px rgba(129, 201, 149, 0.25);
     }
+
     100% {
         transform: scale(1);
         box-shadow: 0 0 15px rgba(129, 201, 149, 0.2),
-                    0 0 30px rgba(129, 201, 149, 0.15);
+            0 0 30px rgba(129, 201, 149, 0.15);
     }
 }
 
@@ -5238,12 +5322,15 @@ pre {
     0% {
         opacity: 0;
     }
+
     30% {
         opacity: 0.6;
     }
+
     60% {
         opacity: 0.4;
     }
+
     100% {
         opacity: 0;
     }
@@ -5254,10 +5341,12 @@ pre {
         background: rgba(var(--success-color-rgb, 76, 175, 80), 0);
         box-shadow: 0 0 0 0 rgba(var(--success-color-rgb, 76, 175, 80), 0.4);
     }
+
     50% {
         background: rgba(var(--success-color-rgb, 76, 175, 80), 0.1);
         box-shadow: 0 0 0 4px rgba(var(--success-color-rgb, 76, 175, 80), 0);
     }
+
     100% {
         background: rgba(var(--success-color-rgb, 76, 175, 80), 0);
         box-shadow: 0 0 0 0 rgba(var(--success-color-rgb, 76, 175, 80), 0);
@@ -5269,9 +5358,9 @@ pre {
         opacity: 0;
         transform: translateX(-10px);
     }
+
     to {
         opacity: 1;
         transform: translateX(0);
     }
-}
-
+}
\ No newline at end of file
diff --git a/css/rep-config-panel.css b/css/rep-config-panel.css
new file mode 100644
index 0000000..14f4d47
--- /dev/null
+++ b/css/rep-config-panel.css
@@ -0,0 +1,33 @@
+/* rep+ Configuration Panel - Centered Modal Style (same as Auth Analyzer) */
+#rep-config-panel {
+    position: fixed;
+    top: 50%;
+    left: 50%;
+    transform: translate(-50%, -50%) scale(0.95);
+    width: 500px;
+    max-width: 90vw;
+    height: auto;
+    max-height: 85vh;
+    background: #1a1a1a;
+    border: 1px solid var(--border-color);
+    border-radius: 8px;
+    display: none;
+    flex-direction: column;
+    z-index: 2000;
+    box-shadow: 0 10px 30px rgba(0, 0, 0, 0.5);
+    opacity: 0;
+    transition: opacity 0.2s ease-out, transform 0.2s ease-out;
+}
+
+/* Modal Overlay Backdrop */
+#rep-config-panel::before {
+    content: '';
+    position: fixed;
+    top: -100vh;
+    left: -100vw;
+    width: 300vw;
+    height: 300vh;
+    background: rgba(0, 0, 0, 0.5);
+    z-index: -1;
+    pointer-events: none;
+}
\ No newline at end of file
diff --git a/js/core/state/actions.js b/js/core/state/actions.js
index 753acc2..efa8db3 100644
--- a/js/core/state/actions.js
+++ b/js/core/state/actions.js
@@ -24,7 +24,7 @@ export const requestActions = {
      */
     isDuplicate(newRequest, existingRequests) {
         if (!newRequest || !newRequest.request) return false;
-        
+
         const newReq = newRequest.request;
         const newMethod = (newReq.method || 'GET').toUpperCase().trim();
         const newUrl = (newReq.url || '').trim();
@@ -32,11 +32,11 @@ export const requestActions = {
         const newHeaders = this.normalizeHeaders(newReq.headers);
         const newPageUrl = (newRequest.pageUrl || '').trim();
         const newSignature = `${newMethod}|${newUrl}|${newHeaders}|${newBody}|${newPageUrl}`;
-        
+
         // Check against existing requests
         for (const existing of existingRequests) {
             if (!existing || !existing.request) continue;
-            
+
             const existingReq = existing.request;
             const existingMethod = (existingReq.method || 'GET').toUpperCase().trim();
             const existingUrl = (existingReq.url || '').trim();
@@ -44,16 +44,16 @@ export const requestActions = {
             const existingHeaders = this.normalizeHeaders(existingReq.headers);
             const existingPageUrl = (existing.pageUrl || '').trim();
             const existingSignature = `${existingMethod}|${existingUrl}|${existingHeaders}|${existingBody}|${existingPageUrl}`;
-            
+
             // Compare signatures
             if (newSignature === existingSignature) {
                 return true;
             }
         }
-        
+
         return false;
     },
-    
+
     /**
      * Normalize headers for comparison
      * @param {Array|Object} headers - Headers in array or object format
@@ -61,7 +61,7 @@ export const requestActions = {
      */
     normalizeHeaders(headers) {
         if (!headers) return '';
-        
+
         let headerArray = [];
         if (Array.isArray(headers)) {
             headerArray = headers;
@@ -70,7 +70,7 @@ export const requestActions = {
         } else {
             return '';
         }
-        
+
         // Filter out pseudo-headers (HTTP/2) and normalize
         const normalized = headerArray
             .filter(h => {
@@ -85,10 +85,10 @@ export const requestActions = {
             })
             .sort()
             .join('|');
-        
+
         return normalized;
     },
-    
+
     /**
      * Remove duplicate requests from state
      * @returns {number} Number of duplicates removed
@@ -96,37 +96,37 @@ export const requestActions = {
     removeDuplicates() {
         const originalLength = state.requests.length;
         if (originalLength === 0) return 0;
-        
+
         const uniqueRequests = [];
         const seen = new Set();
-        
+
         for (const request of state.requests) {
             if (!request || !request.request) {
                 // Invalid request, keep it but don't check for duplicates
                 uniqueRequests.push(request);
                 continue;
             }
-            
+
             const req = request.request;
             const method = (req.method || 'GET').toUpperCase().trim();
             const url = (req.url || '').trim();
             const body = (req.postData && req.postData.text) ? String(req.postData.text).trim() : '';
-            
+
             // Normalize headers using the helper method
             const headers = this.normalizeHeaders(req.headers);
-            
+
             // Include pageUrl in signature to differentiate requests from different websites/tabs
             // This ensures requests from different contexts are not treated as duplicates
             const pageUrl = (request.pageUrl || '').trim();
-            
+
             // Create signature (includes pageUrl to preserve context)
             const signature = `${method}|${url}|${headers}|${body}|${pageUrl}`;
-            
+
             // Debug: log first few signatures to diagnose issues
             if (seen.size < 3) {
                 console.log(`Signature ${seen.size + 1}:`, signature.substring(0, 100) + '...');
             }
-            
+
             if (!seen.has(signature)) {
                 seen.add(signature);
                 uniqueRequests.push(request);
@@ -134,17 +134,17 @@ export const requestActions = {
                 console.log('Duplicate found:', signature.substring(0, 100) + '...');
             }
         }
-        
+
         console.log(`removeDuplicates: ${originalLength} total, ${seen.size} unique, ${originalLength - seen.size} duplicates`);
-        
+
         const removedCount = originalLength - uniqueRequests.length;
-        
+
         if (removedCount > 0) {
             // Store selected request reference before clearing
             const selectedRequestRef = state.selectedRequest;
-            
+
             state.requests = uniqueRequests;
-            
+
             // Clear selection if selected request was removed
             if (selectedRequestRef && !uniqueRequests.includes(selectedRequestRef)) {
                 state.selectedRequest = null;
@@ -155,26 +155,26 @@ export const requestActions = {
                 // in case the array was recreated (though in this case it's the same object)
                 state.selectedRequest = selectedRequestRef;
             }
-            
+
             // Clear the request list UI
             const requestList = document.getElementById('request-list');
             if (requestList) {
                 requestList.innerHTML = '';
             }
-            
+
             // Re-render all unique requests from scratch
             // We need to emit REQUEST_RENDERED for each request to rebuild the DOM
             uniqueRequests.forEach((request, index) => {
                 events.emit(EVENT_NAMES.REQUEST_RENDERED, { request, index });
             });
-            
+
             // Also trigger filterRequests to handle grouping and filtering
             events.emit(EVENT_NAMES.UI_UPDATE_REQUEST_LIST);
         }
-        
+
         return removedCount;
     },
-    
+
     /**
      * Add a new request to state
      * @param {Object} request - Request object to add
@@ -187,23 +187,23 @@ export const requestActions = {
         if (typeof request.name !== 'string') {
             request.name = null;
         }
-        
+
         // Check for duplicates if enabled (default: true)
         const removeDuplicatesEnabled = localStorage.getItem('rep_remove_duplicates') !== 'false';
         if (removeDuplicatesEnabled && this.isDuplicate(request, state.requests)) {
             // Skip adding duplicate
             return null;
         }
-        
+
         state.requests.push(request);
         const index = state.requests.length - 1;
-        
+
         // Emit event automatically
         events.emit(EVENT_NAMES.REQUEST_RENDERED, { request, index });
-        
+
         return index;
     },
-    
+
     /**
      * Select a request
      * @param {Object|null} request - Request object to select, or null to deselect
@@ -211,11 +211,11 @@ export const requestActions = {
      */
     select(request, index) {
         state.selectedRequest = request;
-        
+
         // Emit event automatically
         events.emit(EVENT_NAMES.REQUEST_SELECTED, { request, index });
     },
-    
+
     /**
      * Clear all requests and reset related state
      */
@@ -233,12 +233,12 @@ export const requestActions = {
         // Clear starred pages and domains
         state.starredPages.clear();
         state.starredDomains.clear();
-        
+
         // Emit events
         events.emit(EVENT_NAMES.STATE_REQUESTS_CLEARED);
         events.emit(EVENT_NAMES.UI_CLEAR_ALL);
     },
-    
+
     /**
      * Toggle star status of a request
      * @param {Object} request - Request object to toggle
@@ -246,10 +246,10 @@ export const requestActions = {
      */
     toggleStar(request, index) {
         request.starred = !request.starred;
-        
+
         // Emit result event (not action event - action events are for triggering actions, not results)
         events.emit(EVENT_NAMES.REQUEST_STAR_UPDATED, { request, index });
-        
+
         // If star filter is active, trigger filter update
         if (state.starFilterActive) {
             const requestList = document.getElementById('request-list');
@@ -257,7 +257,7 @@ export const requestActions = {
             events.emit('request:filtered', { preserveScroll: true, scrollTop });
         }
     },
-    
+
     /**
      * Toggle star for all requests in a group
      * @param {string} type - 'page' or 'domain'
@@ -266,7 +266,7 @@ export const requestActions = {
      */
     toggleGroupStar(type, hostname, starred) {
         const isPage = type === 'page';
-        
+
         // Update starring state
         if (isPage) {
             if (starred) {
@@ -281,12 +281,12 @@ export const requestActions = {
                 state.starredDomains.delete(hostname);
             }
         }
-        
+
         // Update all matching requests
         state.requests.forEach((req, index) => {
             const reqPageHostname = req.pageUrl ? new URL(req.pageUrl).hostname : null;
             const reqHostname = new URL(req.request.url).hostname;
-            
+
             let shouldUpdate = false;
             if (isPage) {
                 // Only update if it belongs to the page AND is first-party (same hostname)
@@ -294,17 +294,17 @@ export const requestActions = {
             } else {
                 if (reqHostname === hostname) shouldUpdate = true;
             }
-            
+
             if (shouldUpdate && req.starred !== starred) {
                 req.starred = starred;
                 events.emit('request:star-updated', { index, starred });
             }
         });
-        
+
         // Emit events
         events.emit(EVENT_NAMES.REQUEST_FILTERED);
     },
-    
+
     /**
      * Set color for a request
      * @param {number} index - Index of the request
@@ -313,12 +313,12 @@ export const requestActions = {
     setColor(index, color) {
         if (index >= 0 && index < state.requests.length) {
             state.requests[index].color = color;
-            
+
             // Emit event
             events.emit(EVENT_NAMES.REQUEST_COLOR_CHANGED, { index, color });
         }
     },
-    
+
     /**
      * Delete a request
      * @param {number} index - Index of the request to delete
@@ -327,18 +327,18 @@ export const requestActions = {
         if (index >= 0 && index < state.requests.length) {
             const request = state.requests[index];
             state.requests.splice(index, 1);
-            
+
             // If deleted request was selected, clear selection
             if (state.selectedRequest === request) {
                 state.selectedRequest = null;
                 events.emit(EVENT_NAMES.REQUEST_SELECTED, { request: null, index: -1 });
             }
-            
+
             // Emit event
             events.emit(EVENT_NAMES.UI_UPDATE_REQUEST_LIST);
         }
     },
-    
+
     /**
      * Delete all requests in a group
      * @param {string} type - 'page' or 'domain'
@@ -347,30 +347,30 @@ export const requestActions = {
      */
     deleteGroup(type, hostname) {
         const isPage = type === 'page';
-        
+
         // Find requests to remove
         const requestsToRemove = [];
         state.requests.forEach((req, index) => {
             const reqPageHostname = getHostname(req.pageUrl || req.request.url);
             const reqHostname = getHostname(req.request.url);
-            
+
             let shouldRemove = false;
             if (isPage) {
                 shouldRemove = reqPageHostname === hostname;
             } else {
                 shouldRemove = reqHostname === hostname;
             }
-            
+
             if (shouldRemove) {
                 requestsToRemove.push(index);
             }
         });
-        
+
         // Remove requests in reverse order to maintain correct indices
         requestsToRemove.reverse().forEach(index => {
             state.requests.splice(index, 1);
         });
-        
+
         // Also drop any blocked (queued) requests belonging to this group
         const beforeQueue = state.blockedQueue.length;
         state.blockedQueue = state.blockedQueue.filter(req => {
@@ -382,7 +382,7 @@ export const requestActions = {
             return reqHostname !== hostname;
         });
         const removedFromQueue = beforeQueue - state.blockedQueue.length;
-        
+
         // Clear starred state for this group
         if (isPage) {
             state.starredPages.delete(hostname);
@@ -390,7 +390,7 @@ export const requestActions = {
             state.starredDomains.delete(hostname);
         }
         state.domainsWithAttackSurface.delete(hostname);
-        
+
         // Clear attack surface categories for deleted requests
         Object.keys(state.attackSurfaceCategories).forEach(key => {
             const reqIndex = parseInt(key);
@@ -412,13 +412,13 @@ export const requestActions = {
                 delete state.attackSurfaceCategories[key];
             }
         });
-        
+
         // Clear selected request if it was deleted
         const selectedIndex = state.requests.indexOf(state.selectedRequest);
         if (state.selectedRequest && (selectedIndex === -1 || requestsToRemove.includes(selectedIndex))) {
             state.selectedRequest = null;
         }
-        
+
         // Emit events
         events.emit(EVENT_NAMES.REQUEST_FILTERED);
         if (removedFromQueue > 0) {
@@ -427,7 +427,7 @@ export const requestActions = {
         if (state.selectedRequest === null) {
             events.emit(EVENT_NAMES.UI_CLEAR_ALL);
         }
-        
+
         return removedFromQueue;
     }
 };
@@ -440,19 +440,19 @@ export const filterActions = {
      */
     setFilter(filter) {
         state.currentFilter = filter;
-        
+
         // Emit event
         events.emit(EVENT_NAMES.STATE_FILTER_CHANGED, { filter });
         events.emit(EVENT_NAMES.UI_UPDATE_REQUEST_LIST);
     },
-    
+
     /**
      * Set selected HTTP methods
      * @param {Set<string>} methods - Set of HTTP methods
      */
     setSelectedMethods(methods) {
         state.selectedMethods = methods;
-        
+
         // Update currentFilter based on selection
         if (methods.size === 0) {
             state.currentFilter = 'all';
@@ -461,30 +461,30 @@ export const filterActions = {
         } else {
             state.currentFilter = 'multiple';
         }
-        
+
         // Emit events
         events.emit(EVENT_NAMES.STATE_FILTER_CHANGED, { methods });
         events.emit(EVENT_NAMES.UI_UPDATE_REQUEST_LIST);
     },
-    
+
     /**
      * Toggle star filter
      * @param {boolean} active - Whether star filter is active
      */
     setStarFilter(active) {
         state.starFilterActive = active;
-        
+
         if (active) {
             state.currentFilter = 'starred';
         } else {
             state.currentFilter = 'all';
         }
-        
+
         // Emit events
         events.emit(EVENT_NAMES.STATE_FILTER_CHANGED, { starFilter: active });
         events.emit(EVENT_NAMES.UI_UPDATE_REQUEST_LIST);
     },
-    
+
     /**
      * Set search term
      * @param {string} term - Search term
@@ -493,22 +493,34 @@ export const filterActions = {
     setSearch(term, useRegex = false) {
         state.currentSearchTerm = term;
         state.useRegex = useRegex;
-        
+
         // Emit events
         events.emit(EVENT_NAMES.STATE_SEARCH_CHANGED, { term, useRegex });
         events.emit(EVENT_NAMES.UI_UPDATE_REQUEST_LIST);
     },
-    
+
     /**
      * Set color filter
      * @param {string} color - Color to filter by, or 'all'
      */
     setColorFilter(color) {
         state.currentColorFilter = color;
-        
+
         // Emit events
         events.emit(EVENT_NAMES.STATE_FILTER_CHANGED, { color });
         events.emit(EVENT_NAMES.UI_UPDATE_REQUEST_LIST);
+    },
+
+    /**
+     * Toggle hostname-only search mode
+     * @param {boolean} enabled - Whether hostname-only mode is enabled
+     */
+    toggleHostnameOnlyMode(enabled) {
+        state.hostnameOnlyMode = enabled;
+
+        // Emit events
+        events.emit(EVENT_NAMES.STATE_FILTER_CHANGED, { hostnameOnlyMode: enabled });
+        events.emit(EVENT_NAMES.UI_UPDATE_REQUEST_LIST);
     }
 };
 
@@ -525,11 +537,11 @@ export const starringActions = {
         } else {
             state.starredPages.delete(hostname);
         }
-        
+
         // Emit event
         events.emit(EVENT_NAMES.REQUEST_STAR_UPDATED);
     },
-    
+
     /**
      * Toggle star for a domain
      * @param {string} hostname - Domain hostname
@@ -541,7 +553,7 @@ export const starringActions = {
         } else {
             state.starredDomains.delete(hostname);
         }
-        
+
         // Emit event
         events.emit(EVENT_NAMES.REQUEST_STAR_UPDATED);
     }
@@ -555,33 +567,33 @@ export const blockingActions = {
      */
     setBlocking(enabled) {
         state.blockRequests = enabled;
-        
+
         if (enabled) {
             // Clear queue when starting new blocking session
             state.blockedQueue = [];
         }
-        
+
         // Emit event
         events.emit('block-queue:updated');
     },
-    
+
     /**
      * Add request to blocked queue
      * @param {Object} request - Request to add to queue
      */
     addToBlockedQueue(request) {
         state.blockedQueue.push(request);
-        
+
         // Emit event
         events.emit('block-queue:updated');
     },
-    
+
     /**
      * Clear blocked queue
      */
     clearBlockedQueue() {
         state.blockedQueue = [];
-        
+
         // Emit event
         events.emit('block-queue:updated');
     }
@@ -597,18 +609,18 @@ export const timelineActions = {
     setFilter(timestamp, requestIndex) {
         state.timelineFilterTimestamp = timestamp;
         state.timelineFilterRequestIndex = requestIndex;
-        
+
         // Emit UI update event (not action event - action events are for triggering actions, not results)
         events.emit(EVENT_NAMES.UI_UPDATE_REQUEST_LIST);
     },
-    
+
     /**
      * Clear timeline filter
      */
     clear() {
         state.timelineFilterTimestamp = null;
         state.timelineFilterRequestIndex = null;
-        
+
         // Emit event
         events.emit(EVENT_NAMES.UI_UPDATE_REQUEST_LIST);
     }
@@ -629,41 +641,41 @@ export const historyActions = {
                 return;
             }
         }
-        
+
         // If we are in the middle of history and make a change, discard future history
         if (state.historyIndex < state.requestHistory.length - 1) {
             state.requestHistory = state.requestHistory.slice(0, state.historyIndex + 1);
         }
-        
+
         state.requestHistory.push({ rawText, useHttps });
         state.historyIndex = state.requestHistory.length - 1;
-        
+
         // Emit event
         events.emit(EVENT_NAMES.HISTORY_UPDATED);
         events.emit(EVENT_NAMES.UI_UPDATE_HISTORY_BUTTONS);
     },
-    
+
     /**
      * Navigate history backward
      */
     goBack() {
         if (state.historyIndex > 0) {
             state.historyIndex--;
-            events.emit(EVENT_NAMES.HISTORY_NAVIGATED, { 
+            events.emit(EVENT_NAMES.HISTORY_NAVIGATED, {
                 index: state.historyIndex,
                 entry: state.requestHistory[state.historyIndex]
             });
             events.emit(EVENT_NAMES.UI_UPDATE_HISTORY_BUTTONS);
         }
     },
-    
+
     /**
      * Navigate history forward
      */
     goForward() {
         if (state.historyIndex < state.requestHistory.length - 1) {
             state.historyIndex++;
-            events.emit(EVENT_NAMES.HISTORY_NAVIGATED, { 
+            events.emit(EVENT_NAMES.HISTORY_NAVIGATED, {
                 index: state.historyIndex,
                 entry: state.requestHistory[state.historyIndex]
             });
@@ -681,7 +693,7 @@ export const diffActions = {
     setBaseline(baseline) {
         state.regularRequestBaseline = baseline;
     },
-    
+
     /**
      * Set current response for diff
      * @param {string} response - Current response text
@@ -701,7 +713,7 @@ export const attackSurfaceActions = {
     setCategory(requestIndex, categoryData) {
         state.attackSurfaceCategories[requestIndex] = categoryData;
     },
-    
+
     /**
      * Mark domain as having attack surface
      * @param {string} domain - Domain name
@@ -709,7 +721,7 @@ export const attackSurfaceActions = {
     markDomain(domain) {
         state.domainsWithAttackSurface.add(domain);
     },
-    
+
     /**
      * Set analyzing flag
      * @param {boolean} analyzing - Whether analysis is in progress
diff --git a/js/core/state/filters.js b/js/core/state/filters.js
index b601c5e..6e1428d 100644
--- a/js/core/state/filters.js
+++ b/js/core/state/filters.js
@@ -5,6 +5,7 @@ export const filterState = {
     starFilterActive: false, // Whether star filter is active
     currentColorFilter: 'all', // all, red, green, blue, etc.
     currentSearchTerm: '',
-    useRegex: false
+    useRegex: false,
+    hostnameOnlyMode: false // Whether search bar filters by hostname only
 };
 
diff --git a/js/features/auth-analyzer/comparator.js b/js/features/auth-analyzer/comparator.js
new file mode 100644
index 0000000..d401815
--- /dev/null
+++ b/js/features/auth-analyzer/comparator.js
@@ -0,0 +1,138 @@
+/**
+ * Response Comparison Logic
+ * Compares two responses to determine if they are effectively the same
+ */
+
+export class ResponseComparator {
+    constructor() {
+        this.similarityThreshold = 0.90; // 90% similarity
+    }
+
+    /**
+     * Compare original and swapped responses
+     * @param {Object} original - Original response {status, body, headers}
+     * @param {Object} swapped - Swapped response {status, body, headers}
+     * @returns {String} 'SAME', 'SIMILAR', or 'DIFFERENT'
+     */
+    compare(original, swapped) {
+        if (!original || !swapped) {
+            console.warn('[Comparator] Invalid responses to compare');
+            return 'ERROR';
+        }
+
+        const origStatus = original.status || 0;
+        const swapStatus = swapped.status || 0;
+
+        // 1. Status Code Check
+        if (origStatus !== swapStatus) {
+            return 'DIFFERENT';
+        }
+
+        // 2. Body Normalization & Comparison
+        const normOrig = this.normalizeBody(original.body || '');
+        const normSwap = this.normalizeBody(swapped.body || '');
+
+        // Exact match after normalization
+        if (normOrig === normSwap) {
+            return 'SAME';
+        }
+
+        // 3. Similarity Check (Levenshtein/Cosine)
+        const similarity = this.calculateSimilarity(normOrig, normSwap);
+
+        console.log(`[Comparator] Similarity: ${similarity.toFixed(2)} (${origStatus})`);
+
+        if (similarity >= this.similarityThreshold) {
+            // Modified Logic: If status codes are same but bodies are slightly different,
+            // we classify as SIMILAR instead of SAME to denote potential false positives
+            // or dynamic content differences (e.g., timestamps, CSRF tokens).
+            // However, if similarity is VERY high (e.g. > 98%), it might still be SAME.
+            // For now, let's strictly valid SAME only for identical normalized bodies.
+
+            // Actually, if it's 90%+ similar and status is same, it's suspicious.
+            // But we want to distinguish "Identical" from "Very Similar".
+
+            // If they are VERY close (e.g. 99%), treat as SAME (Bypass)
+            // If they are somewhat different (90-99%), treat as SIMILAR (Warning)
+
+            if (similarity > 0.98) {
+                return 'SAME';
+            }
+            return 'SIMILAR';
+        }
+
+        // 4. Heuristic: Same Status but Different Body
+        // If status is 200/201 and bodies are different, it might be a login page vs success page?
+        // Usually if auth fails, we expect 401/403. 
+        // If we get 200 OK on both, but bodies are different, it implies:
+        // - Original: "Welcome User"
+        // - Swapped: "Please Login" (but served with 200 OK)
+        // This is effectively DIFFERENT auth state, so it's NOT a bypass.
+        // So 'DIFFERENT' is correct here.
+
+        // However, user specifically asked: "make result SIMILAR if same status code different body"
+        // So let's implement that specific rule for the 'DIFFERENT' case if status matches.
+
+        if (origStatus === swapStatus) {
+            return 'SIMILAR';
+        }
+
+        return 'DIFFERENT';
+    }
+
+    /**
+     * Normalize body for comparison
+     * Removes dynamic content like timestamps, tokens, non-content tags
+     */
+    normalizeBody(body) {
+        if (!body) return '';
+        if (typeof body !== 'string') return String(body);
+
+        let normalized = body;
+
+        // Remove script tags and content
+        normalized = normalized.replace(/<script\b[^>]*>([\s\S]*?)<\/script>/gim, '');
+
+        // Remove style tags and content
+        normalized = normalized.replace(/<style\b[^>]*>([\s\S]*?)<\/style>/gim, '');
+
+        // Remove hidden inputs (often contain CSRF tokens)
+        normalized = normalized.replace(/<input[^>]*type=["']hidden["'][^>]*>/gim, '');
+
+        // Remove timestamps / dates (simple heuristics)
+        // ISO dates
+        normalized = normalized.replace(/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}/g, '');
+        // Unix timestamps (10-13 digits)
+        normalized = normalized.replace(/\b\d{10,13}\b/g, '');
+
+        // Collapse whitespace
+        normalized = normalized.replace(/\s+/g, ' ').trim();
+
+        return normalized;
+    }
+
+    /**
+     * Calculate similarity using diff heuristic
+     * (Simplified for performance)
+     */
+    calculateSimilarity(s1, s2) {
+        if (s1 === s2) return 1.0;
+        if (s1.length === 0 || s2.length === 0) return 0.0;
+
+        const longer = s1.length > s2.length ? s1 : s2;
+        const shorter = s1.length > s2.length ? s2 : s1;
+        const longerLength = longer.length;
+
+        if (longerLength === 0) return 1.0;
+
+        // Edit distance is too expensive for large bodies.
+        // Use token overlap (Jacquard index on words).
+        const tokens1 = new Set(s1.split(' '));
+        const tokens2 = new Set(s2.split(' '));
+
+        const intersection = new Set([...tokens1].filter(x => tokens2.has(x)));
+        const union = new Set([...tokens1, ...tokens2]);
+
+        return intersection.size / union.size;
+    }
+}
diff --git a/js/features/auth-analyzer/config-panel.js b/js/features/auth-analyzer/config-panel.js
new file mode 100644
index 0000000..5f9e743
--- /dev/null
+++ b/js/features/auth-analyzer/config-panel.js
@@ -0,0 +1,514 @@
+/**
+ * Auth Analyzer Configuration Panel UI
+ */
+import { state } from '../../core/state.js';
+
+export class AuthAnalyzerConfigPanel {
+    constructor(authAnalyzer) {
+        this.authAnalyzer = authAnalyzer;
+        this.panel = document.getElementById('auth-analyzer-config-panel');
+
+        // Cookie configuration controls
+        this.useCookieCheckbox = document.getElementById('auth-use-cookie');
+        this.cookieConfigDiv = document.getElementById('auth-cookie-config');
+        this.cookieValueInput = document.getElementById('auth-cookie-value');
+
+        // Custom header configuration controls (dynamic list)
+        this.useCustomHeaderCheckbox = document.getElementById('auth-use-custom-header');
+        this.customHeaderConfigDiv = document.getElementById('auth-custom-header-config');
+        this.customHeadersList = document.getElementById('auth-custom-headers-list');
+        this.addCustomHeaderBtn = document.getElementById('auth-add-custom-header-btn');
+        this.customHeaders = []; // Array of {name, value} objects
+
+        // URL parameter configuration controls (dynamic list)
+        this.useUrlParamCheckbox = document.getElementById('auth-use-url-param');
+        this.urlParamConfigDiv = document.getElementById('auth-url-param-config');
+        this.urlParamsList = document.getElementById('auth-url-params-list');
+        this.addUrlParamBtn = document.getElementById('auth-add-url-param-btn');
+        this.urlParams = []; // Array of {name, value} objects
+
+        // Realtime controls
+        this.realtimeToggle = document.getElementById('auth-realtime-toggle');
+        this.realtimeScope = document.getElementById('auth-realtime-scope');
+        this.filterStaticToggle = document.getElementById('auth-filter-static');
+
+        this.statusText = document.getElementById('auth-config-status-text');
+        this.statusDiv = document.getElementById('auth-config-status');
+        this.isVisible = false;
+
+        this.init();
+    }
+
+    init() {
+        console.log('[Auth Analyzer Config] Initializing...');
+        if (!this.panel) {
+            console.error('[Auth Analyzer Config] Panel element not found');
+            return;
+        }
+
+        this.attachEventListeners();
+        this.updateStatus();
+        console.log('[Auth Analyzer Config] Initialized successfully');
+    }
+
+    attachEventListeners() {
+        // Cookie checkbox toggle
+        if (this.useCookieCheckbox) {
+            this.useCookieCheckbox.addEventListener('change', () => {
+                if (this.cookieConfigDiv) {
+                    this.cookieConfigDiv.style.display = this.useCookieCheckbox.checked ? 'block' : 'none';
+                }
+            });
+        }
+
+        // Custom header checkbox toggle
+        if (this.useCustomHeaderCheckbox) {
+            this.useCustomHeaderCheckbox.addEventListener('change', () => {
+                if (this.customHeaderConfigDiv) {
+                    this.customHeaderConfigDiv.style.display = this.useCustomHeaderCheckbox.checked ? 'block' : 'none';
+                }
+            });
+        }
+
+        // URL parameter checkbox toggle
+        if (this.useUrlParamCheckbox) {
+            this.useUrlParamCheckbox.addEventListener('change', () => {
+                if (this.urlParamConfigDiv) {
+                    this.urlParamConfigDiv.style.display = this.useUrlParamCheckbox.checked ? 'block' : 'none';
+                }
+            });
+        }
+
+        // Add custom header button
+        if (this.addCustomHeaderBtn) {
+            this.addCustomHeaderBtn.addEventListener('click', () => {
+                this.addCustomHeader();
+            });
+        }
+
+        // Add URL parameter button
+        if (this.addUrlParamBtn) {
+            this.addUrlParamBtn.addEventListener('click', () => {
+                this.addUrlParam();
+            });
+        }
+
+        // Close button
+        const closeBtn = document.getElementById('auth-config-close-btn');
+        if (closeBtn) {
+            closeBtn.addEventListener('click', () => this.hide());
+        }
+
+        // Save & Enable button
+        const saveBtn = document.getElementById('auth-config-save-btn');
+        if (saveBtn) {
+            saveBtn.addEventListener('click', () => this.saveConfig());
+        }
+
+        // Disable button
+        const disableBtn = document.getElementById('auth-config-disable-btn');
+        if (disableBtn) {
+            disableBtn.addEventListener('click', () => this.disable());
+        }
+
+        // Bulk Replay button
+        const bulkReplayBtn = document.getElementById('auth-bulk-replay-btn');
+        if (bulkReplayBtn) {
+            console.log('[Auth Analyzer Config] Bulk replay button found, attaching listener');
+            bulkReplayBtn.addEventListener('click', (e) => {
+                console.log('[Auth Analyzer Config] Bulk replay button clicked');
+                this.bulkReplay();
+            });
+        } else {
+            console.error('[Auth Analyzer Config] Bulk replay button NOT found');
+        }
+    }
+
+    show() {
+        if (!this.panel) return;
+
+        // Load cookie configuration
+        const useCookie = this.authAnalyzer.config.useCookie || false;
+        const cookieValue = this.authAnalyzer.config.cookieValue || '';
+
+        if (this.useCookieCheckbox) {
+            this.useCookieCheckbox.checked = useCookie;
+        }
+        if (this.cookieValueInput) {
+            this.cookieValueInput.value = cookieValue;
+        }
+        if (this.cookieConfigDiv) {
+            this.cookieConfigDiv.style.display = useCookie ? 'block' : 'none';
+        }
+
+        // Load custom header configuration from arrays
+        const useCustomHeader = this.authAnalyzer.config.useCustomHeader || false;
+        const savedHeaders = this.authAnalyzer.config.customHeaders || [];
+
+        if (this.useCustomHeaderCheckbox) {
+            this.useCustomHeaderCheckbox.checked = useCustomHeader;
+        }
+        if (this.customHeaderConfigDiv) {
+            this.customHeaderConfigDiv.style.display = useCustomHeader ? 'block' : 'none';
+        }
+
+        // Populate custom headers list
+        this.customHeaders = savedHeaders.length > 0 ? savedHeaders.map((h, i) => ({
+            id: Date.now() + i,
+            name: h.name || '',
+            value: h.value || ''
+        })) : [];
+
+        // Add at least one empty header if enabled but no headers exist
+        if (useCustomHeader && this.customHeaders.length === 0) {
+            this.customHeaders.push({ id: Date.now(), name: '', value: '' });
+        }
+        this.renderCustomHeaders();
+
+        // Load URL parameter configuration from arrays
+        const useUrlParam = this.authAnalyzer.config.useUrlParam || false;
+        const savedParams = this.authAnalyzer.config.urlParams || [];
+
+        if (this.useUrlParamCheckbox) {
+            this.useUrlParamCheckbox.checked = useUrlParam;
+        }
+        if (this.urlParamConfigDiv) {
+            this.urlParamConfigDiv.style.display = useUrlParam ? 'block' : 'none';
+        }
+
+        // Populate URL params list
+        this.urlParams = savedParams.length > 0 ? savedParams.map((p, i) => ({
+            id: Date.now() + 1000 + i,
+            name: p.name || '',
+            value: p.value || ''
+        })) : [];
+
+        // Add at least one empty param if enabled but no params exist
+        if (useUrlParam && this.urlParams.length === 0) {
+            this.urlParams.push({ id: Date.now() + 1000, name: '', value: '' });
+        }
+        this.renderUrlParams();
+
+        // Load realtime settings
+        if (this.realtimeToggle) {
+            this.realtimeToggle.checked = this.authAnalyzer.config.enabledRealtime !== false; // Default true
+        }
+        if (this.realtimeScope && this.authAnalyzer.config.realtimeScope) {
+            this.realtimeScope.value = this.authAnalyzer.config.realtimeScope;
+        }
+        if (this.filterStaticToggle) {
+            this.filterStaticToggle.checked = this.authAnalyzer.config.filterStatic !== false; // Default true
+        }
+
+        this.updateStatus();
+        this.panel.classList.add('visible');
+        this.isVisible = true;
+
+        // Focus first enabled input
+        setTimeout(() => {
+            if (useCookie && this.cookieValueInput) {
+                this.cookieValueInput.focus();
+            } else if (useCustomHeader && this.customHeaderNameInput) {
+                this.customHeaderNameInput.focus();
+            }
+        }, 100);
+    }
+
+    hide() {
+        if (!this.panel) return;
+        this.panel.classList.remove('visible');
+        this.isVisible = false;
+    }
+
+
+
+    toggle() {
+        if (this.isVisible) {
+            this.hide();
+        } else {
+            this.show();
+        }
+    }
+
+    updateStatus() {
+        // Consider enabled if analyzer is on AND at least one header type is configured
+        const hasHeaders = (this.authAnalyzer.config.useCookie && this.authAnalyzer.config.cookieValue) ||
+            (this.authAnalyzer.config.useCustomHeader && this.authAnalyzer.config.customHeaderName && this.authAnalyzer.config.customHeaderValue);
+        const isEnabled = this.authAnalyzer.enabled && hasHeaders;
+
+        if (isEnabled) {
+            this.statusDiv.classList.remove('disabled');
+            this.statusDiv.classList.add('enabled');
+            this.statusDiv.querySelector('.auth-config-status-icon').textContent = '🟢';
+
+            const realtimeStatus = this.authAnalyzer.config.enabledRealtime !== false ? 'Realtime ON' : 'Realtime OFF';
+            this.statusText.textContent = `Auth Analyzer ENABLED (${realtimeStatus})`;
+
+            // Disable button enabled
+            document.getElementById('auth-config-disable-btn').disabled = false;
+        } else {
+            this.statusDiv.classList.remove('enabled');
+            this.statusDiv.classList.add('disabled');
+            this.statusDiv.querySelector('.auth-config-status-icon').textContent = '⚪';
+            this.statusText.textContent = 'Auth Analyzer is DISABLED';
+
+            // Disable button disabled
+            document.getElementById('auth-config-disable-btn').disabled = true;
+        }
+    }
+
+    saveConfig() {
+        // Get cookie configuration
+        const useCookie = this.useCookieCheckbox ? this.useCookieCheckbox.checked : false;
+        const cookieValue = this.cookieValueInput ? this.cookieValueInput.value.trim() : '';
+
+        // Get custom header configuration from dynamic list
+        const useCustomHeader = this.useCustomHeaderCheckbox ? this.useCustomHeaderCheckbox.checked : false;
+        const validHeaders = this.customHeaders.filter(h => h.name && h.value);
+
+        // Get URL parameter configuration from dynamic list
+        const useUrlParam = this.useUrlParamCheckbox ? this.useUrlParamCheckbox.checked : false;
+        const validParams = this.urlParams.filter(p => p.name && p.value);
+
+        // Validate cookie configuration
+        if (useCookie && !cookieValue) {
+            alert('Please enter a cookie value or uncheck "Use Session Cookie"');
+            return;
+        }
+
+        // Validate custom header configuration
+        if (useCustomHeader && validHeaders.length === 0) {
+            alert('Please add at least one custom header with name and value');
+            return;
+        }
+
+        // Validate URL parameter configuration
+        if (useUrlParam && validParams.length === 0) {
+            alert('Please add at least one URL parameter with name and value');
+            return;
+        }
+
+        // Validate at least one authentication method is configured
+        if (!useCookie && !useCustomHeader && !useUrlParam) {
+            alert('Please enable at least one authentication method (Cookie, Custom Header, or URL Parameter)');
+            return;
+        }
+
+        // Get realtime settings
+        const enabledRealtime = this.realtimeToggle ? this.realtimeToggle.checked : true;
+        const realtimeScope = this.realtimeScope ? this.realtimeScope.value.trim() : '';
+        const filterStatic = this.filterStaticToggle ? this.filterStaticToggle.checked : true;
+
+        // Save config with multi-header and multi-parameter structure
+        this.authAnalyzer.config.useCookie = useCookie;
+        this.authAnalyzer.config.cookieValue = cookieValue;
+        this.authAnalyzer.config.useCustomHeader = useCustomHeader;
+        this.authAnalyzer.config.customHeaders = validHeaders; // Array of headers
+        this.authAnalyzer.config.useUrlParam = useUrlParam;
+        this.authAnalyzer.config.urlParams = validParams; // Array of parameters
+        this.authAnalyzer.config.enabledRealtime = enabledRealtime;
+        this.authAnalyzer.config.realtimeScope = realtimeScope;
+        this.authAnalyzer.config.filterStatic = filterStatic;
+
+        // Backward compatibility: keep legacy single header fields for old code paths
+        if (validHeaders.length > 0) {
+            this.authAnalyzer.config.customHeaderName = validHeaders[0].name;
+            this.authAnalyzer.config.customHeaderValue = validHeaders[0].value;
+        }
+        if (validParams.length > 0) {
+            this.authAnalyzer.config.urlParamName = validParams[0].name;
+            this.authAnalyzer.config.urlParamValue = validParams[0].value;
+        }
+        this.authAnalyzer.config.swapCookie = cookieValue || (validHeaders.length > 0 ? validHeaders[0].value : '');
+
+        this.authAnalyzer.start(); // This saves the config and enables it
+
+        this.updateStatus();
+        this.hide();
+    }
+
+    disable() {
+        this.authAnalyzer.stop();
+        this.updateStatus();
+    }
+
+    // Config panel also handles bulk replay inputs
+    async bulkReplay() {
+        console.log('[Auth Analyzer Config] bulkReplay() called');
+        const hostsInput = document.getElementById('auth-bulk-hosts-input');
+        const statusDiv = document.getElementById('auth-bulk-status');
+        const button = document.getElementById('auth-bulk-replay-btn');
+
+        // Hosts list from input
+        const hostsText = hostsInput ? hostsInput.value : '';
+        console.log('[Auth Analyzer Config] Hosts:', hostsText);
+
+        const hosts = hostsText.split(',')
+            .map(h => h.trim())
+            .filter(h => h.length > 0);
+
+        // Filter requests
+        console.log('[Auth Analyzer Config] Filtering requests from state.requests:', state.requests?.length);
+        const requests = state.requests.filter(req => {
+            if (hosts.length === 0) return true; // Replay all if empty
+
+            const url = req.url || req.request.url;
+            try {
+                const hostname = new URL(url).hostname;
+                return hosts.some(h => hostname.includes(h));
+            } catch (e) {
+                return false;
+            }
+        });
+
+        if (requests.length === 0) {
+            statusDiv.textContent = 'No matching requests found.';
+            statusDiv.style.color = '#f44336';
+            return;
+        }
+
+        // Removed blocking confirm() as it may not work in DevTools panel
+        // if (!confirm(`Found ${requests.length} matching requests.\n\nStart bulk replay?`)) {
+        //    return;
+        // }
+
+        console.log(`[Auth Analyzer Config] Starting bulk replay for ${requests.length} requests`);
+
+        // Start Replay
+        statusDiv.textContent = `Starting replay of ${requests.length} requests...`;
+        statusDiv.style.color = 'var(--text-secondary)';
+        button.disabled = true;
+
+        let successCount = 0;
+        let failCount = 0;
+
+        for (let i = 0; i < requests.length; i++) {
+            const req = requests[i];
+            const percent = Math.round(((i + 1) / requests.length) * 100);
+
+            statusDiv.textContent = `Replaying ${i + 1}/${requests.length} (${percent}%)...`;
+
+            if (i % 10 === 0) {
+                console.log(`[Auth Analyzer Config] Processing request ${i + 1}/${requests.length}`);
+            }
+
+            try {
+                await this.authAnalyzer.processRequest(req);
+                successCount++;
+            } catch (e) {
+                console.error('Bulk replay error:', e);
+                failCount++;
+            }
+
+            // Small delay to prevent blocking UI
+            await new Promise(r => setTimeout(r, 50));
+        }
+
+        statusDiv.textContent = `Done! Processed ${requests.length} requests.`;
+        statusDiv.style.color = '#4caf50';
+        button.disabled = false;
+
+        // Open results panel
+        const authPanel = window.authAnalyzerPanel;
+        if (authPanel) {
+            authPanel.show();
+        }
+    }
+
+    // Dynamic list methods for custom headers
+    addCustomHeader(name = '', value = '') {
+        const id = Date.now();
+        this.customHeaders.push({ id, name, value });
+        this.renderCustomHeaders();
+    }
+
+    removeCustomHeader(id) {
+        this.customHeaders = this.customHeaders.filter(h => h.id !== id);
+        this.renderCustomHeaders();
+    }
+
+    renderCustomHeaders() {
+        if (!this.customHeadersList) return;
+
+        this.customHeadersList.innerHTML = this.customHeaders.map(header => `
+            <div style="display: flex; gap: 8px; margin-bottom: 8px; align-items: flex-start;">
+                <input type="text" class="auth-config-input" placeholder="Header Name" value="${header.name}" 
+                    style="flex: 1; min-height: 36px;" data-header-id="${header.id}" data-field="name">
+                <input type="text" class="auth-config-input" placeholder="Header Value" value="${header.value}"
+                    style="flex: 2; min-height: 36px;" data-header-id="${header.id}" data-field="value">
+                <button type="button" data-header-id="${header.id}" 
+                    style="padding: 6px 10px; background: #f44336; color: white; border: none; border-radius: 4px; cursor: pointer;">×</button>
+            </div>
+        `).join('');
+
+        // Attach event listeners
+        this.customHeadersList.querySelectorAll('input').forEach(input => {
+            input.addEventListener('input', (e) => {
+                const id = parseInt(e.target.dataset.headerId);
+                const field = e.target.dataset.field;
+                const header = this.customHeaders.find(h => h.id === id);
+                if (header) header[field] = e.target.value;
+            });
+        });
+
+        this.customHeadersList.querySelectorAll('button').forEach(btn => {
+            btn.addEventListener('click', (e) => {
+                const id = parseInt(e.target.dataset.headerId);
+                this.removeCustomHeader(id);
+            });
+        });
+    }
+
+    // Dynamic list methods for URL parameters
+    addUrlParam(name = '', value = '') {
+        const id = Date.now();
+        this.urlParams.push({ id, name, value });
+        this.renderUrlParams();
+    }
+
+    removeUrlParam(id) {
+        this.urlParams = this.urlParams.filter(p => p.id !== id);
+        this.renderUrlParams();
+    }
+
+    renderUrlParams() {
+        if (!this.urlParamsList) return;
+
+        this.urlParamsList.innerHTML = this.urlParams.map(param => `
+            <div style="display: flex; gap: 8px; margin-bottom: 8px; align-items: flex-start;">
+                <input type="text" class="auth-config-input" placeholder="Param Name" value="${param.name}"
+                    style="flex: 1; min-height: 36px;" data-param-id="${param.id}" data-field="name">
+                <input type="text" class="auth-config-input" placeholder="Param Value" value="${param.value}"
+                    style="flex: 1; min-height: 36px;" data-param-id="${param.id}" data-field="value">
+                <button type="button" data-param-id="${param.id}"
+                    style="padding: 6px 10px; background: #f44336; color: white; border: none; border-radius: 4px; cursor: pointer;">×</button>
+            </div>
+        `).join('');
+
+        // Attach event listeners
+        this.urlParamsList.querySelectorAll('input').forEach(input => {
+            input.addEventListener('input', (e) => {
+                const id = parseInt(e.target.dataset.paramId);
+                const field = e.target.dataset.field;
+                const param = this.urlParams.find(p => p.id === id);
+                if (param) param[field] = e.target.value;
+            });
+        });
+
+        this.urlParamsList.querySelectorAll('button').forEach(btn => {
+            btn.addEventListener('click', (e) => {
+                const id = parseInt(e.target.dataset.paramId);
+                this.removeUrlParam(id);
+            });
+        });
+    }
+}
+
+let configPanelInstance = null;
+
+export function initAuthAnalyzerConfigPanel(authAnalyzer) {
+    if (!configPanelInstance) {
+        configPanelInstance = new AuthAnalyzerConfigPanel(authAnalyzer);
+    }
+    return configPanelInstance;
+}
diff --git a/js/features/auth-analyzer/extractor.js b/js/features/auth-analyzer/extractor.js
new file mode 100644
index 0000000..6b25050
--- /dev/null
+++ b/js/features/auth-analyzer/extractor.js
@@ -0,0 +1,174 @@
+// Parameter Extraction Engine for Auth Analyzer
+// Auto-extracts parameter values from HTTP responses
+
+/**
+ * Extracts parameter values from responses
+ */
+export class ParameterExtractor {
+    /**
+     * Extract parameter value from response based on parameter settings
+     */
+    extract(response, parameter) {
+        if (parameter.extractionType === 'static') {
+            return parameter.staticValue;
+        }
+
+        if (parameter.extractionType === 'prompt') {
+            // Will be handled by UI
+            return null;
+        }
+
+        if (parameter.extractionType === 'auto') {
+            return this.autoExtract(response, parameter);
+        }
+
+        if (parameter.extractionType === 'fromTo') {
+            return this.fromToExtract(response, parameter);
+        }
+
+        return null;
+    }
+
+    /**
+     * Auto-extract from cookies, HTML inputs, or JSON
+     */
+    autoExtract(response, parameter) {
+        const paramName = parameter.name;
+
+        // Try cookie extraction
+        if (parameter.extractFrom.cookie) {
+            const cookieValue = this.extractFromCookie(response, paramName);
+            if (cookieValue) return cookieValue;
+        }
+
+        // Try HTML input extraction
+        if (parameter.extractFrom.htmlInput) {
+            const htmlValue = this.extractFromHTML(response, paramName);
+            if (htmlValue) return htmlValue;
+        }
+
+        // Try JSON extraction
+        if (parameter.extractFrom.json) {
+            const jsonValue = this.extractFromJSON(response, paramName);
+            if (jsonValue) return jsonValue;
+        }
+
+        return null;
+    }
+
+    /**
+     * Extract from Set-Cookie header
+     */
+    extractFromCookie(response, paramName) {
+        if (!response.headers) return null;
+
+        // Find Set-Cookie header
+        const setCookieHeader = response.headers.find(h =>
+            h.name.toLowerCase() === 'set-cookie'
+        );
+
+        if (!setCookieHeader) return null;
+
+        // Parse cookie: "sessionId=abc123; Path=/; HttpOnly"
+        const cookieRegex = new RegExp(`${paramName}=([^;]+)`, 'i');
+        const match = setCookieHeader.value.match(cookieRegex);
+
+        return match ? match[1] : null;
+    }
+
+    /**
+     * Extract from HTML input field
+     */
+    extractFromHTML(response, paramName) {
+        if (!response.body || typeof response.body !== 'string') return null;
+
+        const body = response.body.toLowerCase();
+        if (!body.includes('<input')) return null;
+
+        // Match: <input name="csrf" value="abc123">
+        const inputRegex = new RegExp(
+            `<input[^>]*name=["']${paramName}["'][^>]*value=["']([^"']+)["']`,
+            'i'
+        );
+        let match = body.match(inputRegex);
+
+        if (!match) {
+            // Try reverse order: <input value="abc123" name="csrf">
+            const reverseRegex = new RegExp(
+                `<input[^>]*value=["']([^"']+)["'][^>]*name=["']${paramName}["']`,
+                'i'
+            );
+            match = body.match(reverseRegex);
+        }
+
+        return match ? match[1] : null;
+    }
+
+    /**
+     * Extract from JSON response
+     */
+    extractFromJSON(response, paramName) {
+        if (!response.body || typeof response.body !== 'string') return null;
+
+        try {
+            const json = JSON.parse(response.body);
+            return this.findInJSON(json, paramName);
+        } catch (e) {
+            // Not valid JSON
+            return null;
+        }
+    }
+
+    /**
+     * Recursively search for key in JSON object
+     */
+    findInJSON(obj, key) {
+        if (obj === null || typeof obj !== 'object') return null;
+
+        // Direct match
+        if (obj.hasOwnProperty(key)) {
+            return obj[key];
+        }
+
+        // Recursive search
+        for (const k in obj) {
+            if (typeof obj[k] === 'object') {
+                const result = this.findInJSON(obj[k], key);
+                if (result !== null) return result;
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * Extract value between two strings
+     */
+    fromToExtract(response, parameter) {
+        const { from, to, extractFromHeader, extractFromBody } = parameter.fromToString;
+
+        if (!from || !to) return null;
+
+        let text = '';
+
+        // Extract from headers
+        if (extractFromHeader && response.headers) {
+            text += response.headers.map(h => `${h.name}: ${h.value}`).join('\n');
+        }
+
+        // Extract from body
+        if (extractFromBody && response.body) {
+            text += '\n' + response.body;
+        }
+
+        // Find value between from and to strings
+        const fromIndex = text.indexOf(from);
+        if (fromIndex === -1) return null;
+
+        const startIndex = fromIndex + from.length;
+        const toIndex = text.indexOf(to, startIndex);
+        if (toIndex === -1) return null;
+
+        return text.substring(startIndex, toIndex).trim();
+    }
+}
diff --git a/js/features/auth-analyzer/index.js b/js/features/auth-analyzer/index.js
new file mode 100644
index 0000000..ef8941f
--- /dev/null
+++ b/js/features/auth-analyzer/index.js
@@ -0,0 +1,682 @@
+// Auth Analyzer - Main Entry Point
+// Authorization testing feature for rep+
+
+import { Session, SessionManager, Parameter } from './session.js';
+import { ParameterExtractor } from './extractor.js';
+import { RequestReplayer } from './replayer.js';
+import { ResponseComparator } from './comparator.js';
+import { AuthAnalyzerStorage } from './storage.js';
+import { events, EVENT_NAMES } from '../../core/events.js';
+
+/**
+ * Main Auth Analyzer controller
+ */
+export class AuthAnalyzer {
+    constructor() {
+        this.sessionManager = new SessionManager();
+        this.extractor = new ParameterExtractor();
+        this.replayer = new RequestReplayer();
+        this.comparator = new ResponseComparator();
+        this.storage = new AuthAnalyzerStorage();
+
+        this.enabled = false;
+        this.config = this.storage.loadConfig();
+        this.results = []; // Array of test results
+
+        // Load saved sessions
+        this.loadSessions();
+    }
+
+    /**
+     * Start Auth Analyzer
+     */
+    start() {
+        this.enabled = true;
+        this.config.enabled = true;
+        this.storage.saveConfig(this.config);
+        console.log('[Auth Analyzer] Started');
+        events.emit('AUTH_ANALYZER_STARTED');
+    }
+
+    /**
+     * Stop Auth Analyzer
+     */
+    stop() {
+        this.enabled = false;
+        this.config.enabled = false;
+        this.storage.saveConfig(this.config);
+        console.log('[Auth Analyzer] Stopped');
+        events.emit('AUTH_ANALYZER_STOPPED');
+    }
+
+    /**
+     * Process a captured request (simplified header swap mode)
+     * @param {Object} request - The captured request
+     * @param {Boolean} isAutomatic - Whether this was triggered automatically by realtime analysis
+     */
+    async processRequest(request, isAutomatic = false) {
+        if (!this.enabled) {
+            console.log('[Auth Analyzer] Skipped - not enabled');
+            return;
+        }
+
+        // Check if at least one authentication method is configured
+        const hasCookie = this.config.useCookie && this.config.cookieValue && this.config.cookieValue.trim() !== '' && this.config.cookieValue !== 'null';
+        const hasCustomHeader = this.config.useCustomHeader && this.config.customHeaderName && this.config.customHeaderValue;
+        const hasUrlParam = this.config.useUrlParam && this.config.urlParamName && this.config.urlParamValue;
+
+        if (!hasCookie && !hasCustomHeader && !hasUrlParam) {
+            console.log('[Auth Analyzer] Skipped - no valid authentication method configured (cookie, header, or URL param)');
+            return;
+        }
+
+        // Realtime Analysis Checks
+        if (isAutomatic) {
+            // Check if realtime is enabled (default true if undefined)
+            if (this.config.enabledRealtime === false) {
+                console.log('[Auth Analyzer] Skipped - realtime analysis disabled');
+                return;
+            }
+
+            // Check Scope
+            if (this.config.realtimeScope && this.config.realtimeScope.trim() !== '') {
+                const url = request.url || request.request?.url || '';
+                const scope = this.config.realtimeScope.trim();
+                try {
+                    // Try regex first
+                    const regex = new RegExp(scope, 'i');
+                    if (!regex.test(url)) {
+                        console.log('[Auth Analyzer] Skipped - URL does not match scope:', scope);
+                        return;
+                    }
+                } catch (e) {
+                    // Fallback to simple string includes
+                    if (!url.toLowerCase().includes(scope.toLowerCase())) {
+                        console.log('[Auth Analyzer] Skipped - URL does not match scope string:', scope);
+                        return;
+                    }
+                }
+            }
+        }
+
+        if (!request.response) {
+            console.log('[Auth Analyzer] Skipped - no response yet for', request.url);
+            return;
+        }
+
+        if (this.config.filterStatic !== false) {
+            const isStatic = this.isStaticFile(request.url || request.request?.url);
+            if (isStatic) {
+                console.log('[Auth Analyzer] Skipped - static file:', request.url);
+                return;
+            }
+        }
+
+        // Apply filters
+        if (!this.shouldProcess(request)) {
+            console.log('[Auth Analyzer] Skipped by filters:', request.url);
+            return;
+        }
+
+        console.log(`[Auth Analyzer] Testing: ${request.method} ${request.url || request.request?.url}`);
+
+        // Debug: Log the entire request structure to see what we have
+        console.log('[Auth Analyzer] Request structure:', {
+            hasBody: !!request.body,
+            bodyType: typeof request.body,
+            bodyValue: request.body,
+            hasRequestPostData: !!request.request?.postData,
+            postDataText: request.request?.postData?.text,
+            requestKeys: Object.keys(request),
+            requestRequestKeys: request.request ? Object.keys(request.request) : null
+        });
+
+        // Get the request body properly
+        let requestBody = null;
+        if (request.body && typeof request.body === 'string') {
+            requestBody = request.body;
+            console.log('[Auth Analyzer] Using request.body (string):', requestBody?.substring(0, 100));
+        } else if (request.request?.postData?.text) {
+            requestBody = request.request.postData.text;
+            console.log('[Auth Analyzer] Using request.request.postData.text:', requestBody?.substring(0, 100));
+        } else if (request.body) {
+            // Body exists but is not a string - might be an object that needs stringifying
+            console.log('[Auth Analyzer] Body is object, type:', typeof request.body);
+            requestBody = null; // Don't send objects
+        }
+
+        // Get headers in the correct format
+        let requestHeaders = {};
+        const rawHeaders = request.headers || request.request?.headers;
+
+        if (Array.isArray(rawHeaders)) {
+            // Headers are in HAR format: [{name: "Host", value: "example.com"}, ...]
+            rawHeaders.forEach(header => {
+                if (header.name && header.value) {
+                    requestHeaders[header.name] = header.value;
+                }
+            });
+        } else if (typeof rawHeaders === 'object') {
+            // Headers are already in object format
+            requestHeaders = { ...rawHeaders };
+        }
+
+        // Clone request with swapped cookie
+        const cleanHeaders = { ...requestHeaders };
+
+        // Remove existing cookie header case-insensitively to avoid duplicates
+        Object.keys(cleanHeaders).forEach(key => {
+            if (key.toLowerCase() === 'cookie') {
+                delete cleanHeaders[key];
+            }
+        });
+
+        // Sanitize user input (remove "Cookie:" prefix if pasted)
+        let swapCookieValue = this.config.swapCookie;
+        if (swapCookieValue) {
+            // Remove "cookie:" prefix if present (case insensitive)
+            swapCookieValue = swapCookieValue.replace(/^(cookie|authorization):\s*/i, '');
+        }
+
+        const swappedRequest = {
+            url: request.url || request.request?.url,
+            method: request.method || request.request?.method,
+            headers: cleanHeaders, // Don't add Cookie here - session building will handle it
+            body: requestBody
+        };
+
+        console.log('[Auth Analyzer] Swapped request:', {
+            url: swappedRequest.url,
+            method: swappedRequest.method,
+            bodyType: swappedRequest.body === null ? 'null' : swappedRequest.body === undefined ? 'undefined' : typeof swappedRequest.body,
+            bodyPreview: swappedRequest.body?.substring(0, 100)
+        });
+
+        try {
+            // Build session headers from configuration (supports both cookie AND custom headers)
+            let sessionHeaders = {};
+            let headersToRemove = [];
+
+            // Apply cookie if configured
+            if (this.config.useCookie && this.config.cookieValue) {
+                const cookieValue = this.config.cookieValue.trim();
+                // Remove "Cookie:" prefix if pasted
+                const cleanCookieValue = cookieValue.replace(/^cookie:\s*/i, '');
+                sessionHeaders['Cookie'] = cleanCookieValue;
+                headersToRemove.push('Cookie');
+                console.log('[Auth Analyzer] Adding session cookie');
+            }
+
+            // Apply custom header if configured
+            if (this.config.useCustomHeader && this.config.customHeaderName && this.config.customHeaderValue) {
+                const headerName = this.config.customHeaderName.trim();
+                let headerValue = this.config.customHeaderValue.trim();
+
+                // Special handling for Authorization header
+                if (headerName.toLowerCase() === 'authorization') {
+                    // Remove "Authorization:" prefix if pasted
+                    headerValue = headerValue.replace(/^authorization:\s*/i, '');
+                    // Auto-add "Bearer " prefix if it looks like a JWT token without it
+                    if (!headerValue.startsWith('Bearer ') && headerValue.match(/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/)) {
+                        headerValue = `Bearer ${headerValue}`;
+                    }
+                }
+
+                sessionHeaders[headerName] = headerValue;
+                headersToRemove.push(headerName);
+                console.log(`[Auth Analyzer] Adding custom header: ${headerName}`);
+            }
+
+            // Apply URL parameter swaps if configured (supports multiple parameters)
+            if (this.config.useUrlParam) {
+                const urlParams = this.config.urlParams || [];
+
+                if (urlParams.length > 0) {
+                    try {
+                        const url = new URL(swappedRequest.url);
+
+                        // Process each URL parameter - only replace if it exists in original URL
+                        urlParams.forEach(param => {
+                            if (param.name && param.value) {
+                                const paramName = param.name.trim();
+                                const paramValue = param.value.trim();
+
+                                // Only replace if the parameter already exists in the original URL
+                                if (url.searchParams.has(paramName)) {
+                                    url.searchParams.set(paramName, paramValue);
+                                    console.log(`[Auth Analyzer] Swapped URL parameter ${paramName} = ${paramValue}`);
+                                } else {
+                                    console.log(`[Auth Analyzer] Skipping parameter ${paramName} - not found in original URL`);
+                                }
+                            }
+                        });
+
+                        swappedRequest.url = url.toString();
+                    } catch (error) {
+                        console.error('[Auth Analyzer] Failed to swap URL parameters:', error);
+                    }
+                }
+            }
+
+            // Validate at least one authentication method is configured
+            if (Object.keys(sessionHeaders).length === 0 && !this.config.useUrlParam) {
+                console.warn('[Auth Analyzer] No headers configured, skipping analysis');
+                return;
+            }
+
+            // Replay with swapped headers
+            console.log('[Auth Analyzer] Calling replayer with session:', {
+                sessionHeadersApplied: Object.keys(sessionHeaders),
+                sessionHeaders
+            });
+
+            const swappedResponse = await this.replayer.replayWithSession(swappedRequest, {
+                headers: sessionHeaders,
+                headersToRemove: headersToRemove,
+                parameters: [],
+                testCORS: false,
+                dropOriginal: false
+            });
+
+            // Compare responses
+            // Construct original response object from captured data
+            const originalResponse = {
+                status: request.responseStatus || request.response?.status || 0,
+                statusText: request.response?.statusText || '',
+                body: request.responseBody || request.response?.body || '',
+                headers: request.response?.headers || []
+            };
+
+            console.log('[Auth Analyzer] Original response:', {
+                status: originalResponse.status,
+                bodyLength: originalResponse.body?.length || 0,
+                bodyPreview: (originalResponse.body || '').substring(0, 100)
+            });
+
+            const comparison = this.comparator.compare(originalResponse, swappedResponse);
+
+            // Store result with comparison
+            const result = {
+                id: `result_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`,
+                timestamp: Date.now(),
+                originalRequest: request,
+                originalResponse,  // Store the constructed response
+                swappedResponse,
+                comparison,
+                // Swapped request details for debugging/export
+                swappedRequest: {
+                    url: swappedRequest.url,
+                    method: swappedRequest.method,
+                    headers: sessionHeaders
+                }
+            };
+
+            this.results.push(result);
+
+            // Attach comparison to original request for UI display
+            request.authComparison = comparison;
+
+            const requestUrl = request.url || request.request?.url || 'unknown';
+            console.log(`[Auth Analyzer] ${requestUrl}: ${comparison}`);
+
+            // Emit event for UI update - force full re-render
+            console.log('[Auth Analyzer] =====> Emitting AUTH_ANALYZER_RESULT event');
+            console.log('[Auth Analyzer] Event payload:', { id: result.id, comparison: result.comparison, url: requestUrl });
+            events.emit('AUTH_ANALYZER_RESULT', result);
+            console.log('[Auth Analyzer] Event emitted successfully');
+
+            // Import and call renderRequestList to force UI update
+            import('../../ui/request-list.js').then(({ renderRequestList }) => {
+                renderRequestList();
+            });
+
+            // Add the swapped request/response as a new entry in the request history
+            import('../../core/state/index.js').then(({ addRequest }) => {
+                // Merge original headers with swapped auth headers
+                const originalHeaders = request.headers || request.request?.headers || {};
+
+                // Convert headers to array format - could be object or array
+                let headersArray;
+                if (Array.isArray(originalHeaders)) {
+                    headersArray = originalHeaders;
+                } else if (typeof originalHeaders === 'object') {
+                    // Convert object to array of {name, value} pairs
+                    headersArray = Object.entries(originalHeaders).map(([name, value]) => ({ name, value }));
+                } else {
+                    headersArray = [];
+                }
+
+                const mergedHeaders = [...headersArray];
+
+                // Add/replace with swapped auth headers
+                Object.entries(sessionHeaders).forEach(([name, value]) => {
+                    const existingIndex = mergedHeaders.findIndex(h => h.name && h.name.toLowerCase() === name.toLowerCase());
+                    if (existingIndex >= 0) {
+                        mergedHeaders[existingIndex] = { name, value };
+                    } else {
+                        mergedHeaders.push({ name, value });
+                    }
+                });
+
+                const syntheticRequest = {
+                    id: `swapped_${result.id}`,
+                    url: swappedRequest.url,
+                    method: swappedRequest.method,
+                    timestamp: Date.now(),
+                    request: {
+                        url: swappedRequest.url,
+                        method: swappedRequest.method,
+                        headers: mergedHeaders,
+                        body: swappedRequest.body || null,
+                        postData: swappedRequest.body ? {
+                            mimeType: request.request?.postData?.mimeType || 'application/x-www-form-urlencoded',
+                            text: swappedRequest.body
+                        } : null
+                    },
+                    response: {
+                        status: swappedResponse.status,
+                        statusText: swappedResponse.statusText || '',
+                        headers: swappedResponse.headers || [],
+                        body: swappedResponse.body || ''
+                    },
+                    responseStatus: swappedResponse.status,
+                    responseBody: swappedResponse.body || '',
+                    // Mark as swapped for visual indication
+                    isSwapped: true,
+                    authComparison: comparison
+                };
+
+                // Add to state
+                addRequest(syntheticRequest);
+
+                // Select and display the new request
+                import('../../core/state/index.js').then((stateModule) => {
+                    stateModule.state.selectedRequest = syntheticRequest;
+                    // Trigger UI update
+                    import('../../ui/request-list.js').then(({ renderRequestList }) => renderRequestList());
+                });
+            });
+
+            return result;
+        } catch (error) {
+            const requestUrl = request.url || request.request?.url || 'unknown';
+            console.error(`[Auth Analyzer] Error testing ${requestUrl}:`, error);
+        }
+    }
+
+    /**
+     * Extract parameters from response for a session
+     */
+    async extractParameters(response, session) {
+        for (const param of session.parameters) {
+            if (param.extractionType === 'static') {
+                // Static values don't need extraction
+                continue;
+            }
+
+            if (param.extractionType === 'prompt') {
+                // Prompt will be handled by UI
+                continue;
+            }
+
+            const value = this.extractor.extract(response, param);
+            if (value) {
+                param.setValue(value);
+                console.log(`[Auth Analyzer] Extracted ${param.name} = ${value} for ${session.name}`);
+            }
+        }
+
+        // Save updated session
+        this.saveSessions();
+    }
+
+    /**
+     * Check if URL is a static file based on extension
+     */
+    isStaticFile(url) {
+        if (!url) return false;
+
+        const staticExtensions = [
+            // Scripts
+            'js', 'mjs', 'jsx',
+            // Stylesheets
+            'css', 'scss', 'sass', 'less',
+            // Images
+            'jpg', 'jpeg', 'png', 'gif', 'svg', 'webp', 'ico', 'bmp', 'tiff',
+            // Fonts
+            'woff', 'woff2', 'ttf', 'otf', 'eot',
+            // Media
+            'mp4', 'webm', 'ogg', 'mp3', 'wav', 'flac', 'aac',
+            // Documents (optional - comment out if you want to analyze these)
+            'pdf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx',
+            // Archives
+            'zip', 'rar', 'tar', 'gz', '7z',
+            // Source maps
+            'map'
+        ];
+
+        try {
+            const urlObj = new URL(url);
+            const pathname = urlObj.pathname.toLowerCase();
+            const extension = pathname.split('.').pop();
+
+            return staticExtensions.includes(extension);
+        } catch (e) {
+            return false;
+        }
+    }
+
+    /**
+     * Check if URL is a static file based on extension
+     */
+    isStaticFile(url) {
+        if (!url) return false;
+
+        const staticExtensions = [
+            // Scripts
+            'js', 'mjs', 'jsx',
+            // Stylesheets
+            'css', 'scss', 'sass', 'less',
+            // Images
+            'jpg', 'jpeg', 'png', 'gif', 'svg', 'webp', 'ico', 'bmp', 'tiff',
+            // Fonts
+            'woff', 'woff2', 'ttf', 'otf', 'eot',
+            // Media
+            'mp4', 'webm', 'ogg', 'mp3', 'wav', 'flac', 'aac',
+            // Documents.
+            'pdf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx',
+            // Archives
+            'zip', 'rar', 'tar', 'gz', '7z',
+            // Source maps
+            'map'
+        ];
+
+        try {
+            const urlObj = new URL(url);
+            const pathname = urlObj.pathname.toLowerCase();
+            const extension = pathname.split('.').pop();
+
+            return staticExtensions.includes(extension);
+        } catch (e) {
+            return false;
+        }
+    }
+
+    /**
+     * Check if request should be processed
+     */
+    shouldProcess(request) {
+        const { filters } = this.config;
+
+        // Get URL safely
+        const url = request.url || request.request?.url;
+        if (!url) {
+            console.log('[Auth Analyzer] Skipped - no URL found');
+            return false;
+        }
+
+        // Check file type
+        if (filters.excludeFileTypes && filters.excludeFileTypes.length > 0) {
+            const urlLower = url.toLowerCase();
+            for (const ext of filters.excludeFileTypes) {
+                if (urlLower.endsWith(ext) || urlLower.includes(ext + '?')) {
+                    return false;
+                }
+            }
+        }
+
+        // Check HTTP method
+        const method = request.method || request.request?.method;
+        if (filters.excludeMethods && method && filters.excludeMethods.includes(method)) {
+            return false;
+        }
+
+        // Check status code
+        if (filters.excludeStatusCodes && request.response) {
+            if (filters.excludeStatusCodes.includes(request.response.status)) {
+                return false;
+            }
+        }
+
+        // Check path
+        if (filters.excludePaths && filters.excludePaths.length > 0) {
+            try {
+                const urlObj = new URL(url);
+                for (const path of filters.excludePaths) {
+                    if (urlObj.pathname.includes(path)) {
+                        return false;
+                    }
+                }
+            } catch (e) {
+                console.warn('[Auth Analyzer] Invalid URL:', url);
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Add a new session
+     */
+    addSession(session) {
+        this.sessionManager.addSession(session);
+        this.saveSessions();
+        events.emit('AUTH_ANALYZER_SESSION_ADDED', session);
+    }
+
+    /**
+     * Remove a session
+     */
+    removeSession(sessionId) {
+        this.sessionManager.removeSession(sessionId);
+        this.saveSessions();
+        events.emit('AUTH_ANALYZER_SESSION_REMOVED', sessionId);
+    }
+
+    /**
+     * Update a session
+     */
+    updateSession(session) {
+        this.saveSessions();
+        events.emit('AUTH_ANALYZER_SESSION_UPDATED', session);
+    }
+
+    /**
+     * Toggle session active state
+     */
+    toggleSession(sessionId) {
+        this.sessionManager.toggleSession(sessionId);
+        this.saveSessions();
+        events.emit('AUTH_ANALYZER_SESSION_TOGGLED', sessionId);
+    }
+
+    /**
+     * Save sessions to storage
+     */
+    saveSessions() {
+        const data = this.sessionManager.toJSON();
+        this.storage.saveSessions(data);
+    }
+
+    /**
+     * Load sessions from storage
+     */
+    loadSessions() {
+        const data = this.storage.loadSessions();
+        this.sessionManager.fromJSON(data);
+    }
+
+    /**
+     * Clear all results
+     */
+    clearResults() {
+        this.results = [];
+        events.emit('AUTH_ANALYZER_RESULTS_CLEARED');
+    }
+
+    /**
+     * Export sessions to file
+     */
+    exportSessions() {
+        const data = this.sessionManager.toJSON();
+        this.storage.exportToFile(data);
+    }
+
+    /**
+     * Import sessions from file
+     */
+    async importSessions(file) {
+        try {
+            const data = await this.storage.importFromFile(file);
+            this.sessionManager.fromJSON(data);
+            this.saveSessions();
+            events.emit('AUTH_ANALYZER_SESSIONS_IMPORTED');
+            return true;
+        } catch (error) {
+            console.error('[Auth Analyzer] Import failed:', error);
+            return false;
+        }
+    }
+}
+
+// Global instance
+let authAnalyzerInstance = null;
+
+/**
+ * Initialize Auth Analyzer
+ */
+export function initAuthAnalyzer() {
+    if (!authAnalyzerInstance) {
+        authAnalyzerInstance = new AuthAnalyzer();
+
+        // Listen for captured requests
+        events.on(EVENT_NAMES.NETWORK_RESPONSE_RECEIVED, (request) => {
+            console.log('[Auth Analyzer] RESPONSE_RECEIVED event:', {
+                url: request.url,
+                hasResponse: !!request.response,
+                enabled: authAnalyzerInstance.enabled,
+                hasCookie: !!authAnalyzerInstance.config.swapCookie
+            });
+
+            if (authAnalyzerInstance.enabled && request.response) {
+                // Pass true for isAutomatic to enable realtime checks
+                authAnalyzerInstance.processRequest(request, true);
+            }
+        });
+
+        console.log('[Auth Analyzer] Event listener registered for NETWORK_RESPONSE_RECEIVED');
+    }
+
+    return authAnalyzerInstance;
+}
+
+/**
+ * Get Auth Analyzer instance
+ */
+export function getAuthAnalyzer() {
+    return authAnalyzerInstance;
+}
+
+// Export classes for testing
+export { Session, SessionManager, Parameter };
diff --git a/js/features/auth-analyzer/panel.js b/js/features/auth-analyzer/panel.js
new file mode 100644
index 0000000..c4c8aac
--- /dev/null
+++ b/js/features/auth-analyzer/panel.js
@@ -0,0 +1,599 @@
+/**
+ * Auth Analyzer Results Panel UI
+ * Displays test results in an expandable table
+ */
+
+import { events, EVENT_NAMES } from '../../core/events.js';
+import { state } from '../../core/state.js';
+import { escapeHtml } from '../../core/utils/dom.js';
+
+export class AuthAnalyzerPanel {
+    constructor() {
+        this.panel = null;
+        this.results = [];
+    }
+
+    /**
+     * Initialize the panel
+     */
+    init() {
+        this.createPanel();
+        this.attachEventListeners();
+        this.loadExistingResults();
+    }
+
+    /**
+     * Load existing results from state
+     */
+    loadExistingResults() {
+        if (!state.requests || state.requests.length === 0) return;
+
+        console.log('[Auth Panel] Loading existing results...');
+        let count = 0;
+
+        state.requests.forEach(request => {
+            if (request.authComparison) {
+                // Check if result already exists to avoid duplicates
+                const exists = this.results.some(r => r.id === request.id);
+                if (exists) return;
+
+                const result = {
+                    id: request.id,
+                    timestamp: Date.now(),
+                    originalRequest: request,
+                    swappedResponse: request.authSwappedResponse || {},
+                    comparison: request.authComparison
+                };
+
+                this.results.push(result);
+                count++;
+            }
+        });
+
+        if (count > 0) {
+            console.log(`[Auth Panel] Loaded ${count} existing results`);
+            this.render();
+            this.updateBadge();
+        }
+    }
+
+    /**
+     * Create the panel DOM
+     */
+    createPanel() {
+        // Create panel
+        this.panel = document.createElement('div');
+        this.panel.id = 'auth-analyzer-panel';
+        this.panel.className = 'side-panel';
+        this.panel.innerHTML = `
+            <div class="side-panel-header" style="display: flex; justify-content: space-between; align-items: center;">
+                <h3>🔒 Auth Analyzer Results</h3>
+                <div style="display: flex; gap: 8px;">
+                    <button id="auth-panel-export-btn" class="icon-btn" title="Export Results" style="color: var(--text-secondary); padding: 4px; position: relative;">
+                        <svg viewBox="0 0 24 24" width="16" height="16" fill="currentColor">
+                            <path d="M19 9h-4V3H9v6H5l7 7 7-7zM5 18v2h14v-2H5z"/>
+                        </svg>
+                    </button>
+                    <button id="auth-panel-config-btn" class="icon-btn" title="Configuration" style="color: var(--text-secondary); padding: 4px;">
+                        <svg viewBox="0 0 24 24" width="16" height="16" fill="currentColor">
+                            <path d="M19.14 12.94c.04-.3.06-.61.06-.94 0-.32-.02-.64-.07-.94l2.03-1.58c.18-.14.23-.41.12-.61l-1.92-3.32c-.12-.22-.37-.29-.59-.22l-2.39.96c-.5-.38-1.03-.7-1.62-.94l-.36-2.54c-.04-.24-.24-.41-.48-.41h-3.84c-.24 0-.43.17-.47.41l-.36 2.54c-.59.24-1.13.57-1.62.94l-2.39-.96c-.22-.08-.47 0-.59.22L4.04 9.43c-.11.2-.06.47.12.61l2.03 1.58c-.05.3-.09.63-.09.94s.02.64.07.94l-2.03 1.58c-.18.14-.23.41-.12.61l1.92 3.32c.12.22.37.29.59.22l2.39-.96c.5.38 1.03.7 1.62.94l.36 2.54c.05.24.24.41.48.41h3.84c.24 0 .44-.17.47-.41l.36-2.54c.59-.24 1.13-.56 1.62-.94l2.39.96c.22.08.47 0 .59-.22l1.92-3.32c.11-.2.06-.47-.12-.61l-2.01-1.58zM12 15.6c-1.98 0-3.6-1.62-3.6-3.6s1.62-3.6 3.6-3.6 3.6 1.62 3.6 3.6-1.62 3.6-3.6 3.6z"/>
+                        </svg>
+                    </button>
+                    <button id="auth-panel-close-btn" class="close-btn">×</button>
+                </div>
+            </div>
+            <div id="auth-panel-dashboard" style="padding: 12px; background: var(--bg-secondary); border-bottom: 1px solid var(--border-color); display: flex; justify-content: space-around; font-size: 11px;">
+                <div style="text-align: center;">
+                    <div id="auth-count-same" style="font-size: 20px; font-weight: bold; color: #f44336;">0</div>
+                    <div style="color: var(--text-secondary);">SAME (Critical)</div>
+                </div>
+                <div style="text-align: center;">
+                    <div id="auth-count-similar" style="font-size: 20px; font-weight: bold; color: #ff9800;">0</div>
+                    <div style="color: var(--text-secondary);">SIMILAR (Warning)</div>
+                </div>
+                <div style="text-align: center;">
+                    <div id="auth-count-different" style="font-size: 20px; font-weight: bold; color: #4caf50;">0</div>
+                    <div style="color: var(--text-secondary);">DIFFERENT (OK)</div>
+                </div>
+            </div>
+            <div class="side-panel-content" id="auth-panel-content" style="overflow-y: auto;">
+                <div style="padding: 20px; text-align: center; color: var(--text-secondary);">
+                    No results yet. Auth Analyzer will test requests as they're captured.
+                </div>
+            </div>
+        `;
+
+        // Append to body
+        document.body.appendChild(this.panel);
+
+        // Add resize handle
+        const resizeHandle = document.createElement('div');
+        resizeHandle.className = 'auth-panel-resize-handle';
+        this.panel.appendChild(resizeHandle); // Append to panel so it moves with it
+
+        // Resize Logic
+        let isResizing = false;
+
+        resizeHandle.addEventListener('mousedown', (e) => {
+            isResizing = true;
+            document.body.style.cursor = 'ew-resize';
+            resizeHandle.classList.add('active');
+            e.preventDefault(); // Prevent text selection
+        });
+
+        document.addEventListener('mousemove', (e) => {
+            if (!isResizing) return;
+
+            // Calculate new width: Window Width - Mouse X
+            // (Since panel is anchored to the right)
+            const newWidth = window.innerWidth - e.clientX;
+
+            // Constraints
+            if (newWidth > 300 && newWidth < window.innerWidth - 50) {
+                this.panel.style.width = `${newWidth}px`;
+                // Update main content margin if necessary (optional, depending on overlap preference)
+                // document.body.style.setProperty('--auth-panel-width', `${newWidth}px`);
+                localStorage.setItem('rep_auth_panel_width', newWidth);
+            }
+        });
+
+        document.addEventListener('mouseup', () => {
+            if (isResizing) {
+                isResizing = false;
+                document.body.style.cursor = '';
+                resizeHandle.classList.remove('active');
+            }
+        });
+
+        // Restore saved width
+        const savedWidth = localStorage.getItem('rep_auth_panel_width');
+        if (savedWidth) {
+            this.panel.style.width = `${savedWidth}px`;
+        }
+
+        // Export button handler
+        const exportBtn = this.panel.querySelector('#auth-panel-export-btn');
+        if (exportBtn) {
+            exportBtn.addEventListener('click', (e) => {
+                e.stopPropagation();
+                this.showExportMenu(exportBtn);
+            });
+        }
+
+        // Close button handler
+        const closeBtn = this.panel.querySelector('#auth-panel-close-btn');
+        if (closeBtn) {
+            closeBtn.addEventListener('click', () => this.hide());
+        }
+
+        // Config button handler
+        const configBtn = this.panel.querySelector('#auth-panel-config-btn');
+        if (configBtn) {
+            configBtn.addEventListener('click', () => {
+                if (this.configPanel) {
+                    this.configPanel.show();
+                } else {
+                    console.warn('[Auth Panel] Config panel not linked');
+                }
+            });
+        }
+    }
+
+    /**
+     * Show export menu
+     */
+    showExportMenu(button) {
+        // Remove existing menu
+        const existing = document.querySelector('.auth-export-menu');
+        if (existing) existing.remove();
+
+        const menu = document.createElement('div');
+        menu.className = 'auth-export-menu';
+        menu.style.cssText = `
+            position: absolute;
+            top: 100%;
+            right: 0;
+            margin-top: 4px;
+            background: var(--bg-secondary);
+            border: 1px solid var(--border-color);
+            border-radius: 4px;
+            box-shadow: 0 2px 8px rgba(0,0,0,0.3);
+            z-index: 10000;
+            min-width: 120px;
+        `;
+
+        const csvBtn = document.createElement('button');
+        csvBtn.textContent = '📄 Export CSV';
+        csvBtn.style.cssText = `
+            display: block;
+            width: 100%;
+            padding: 8px 12px;
+            background: transparent;
+            border: none;
+            color: var(--text-primary);
+            cursor: pointer;
+            text-align: left;
+            font-size: 12px;
+        `;
+        csvBtn.addEventListener('mouseenter', () => csvBtn.style.background = 'var(--bg-hover)');
+        csvBtn.addEventListener('mouseleave', () => csvBtn.style.background = 'transparent');
+        csvBtn.addEventListener('click', () => {
+            this.exportToCSV();
+            menu.remove();
+        });
+
+        const jsonBtn = document.createElement('button');
+        jsonBtn.textContent = '📦 Export JSON';
+        jsonBtn.style.cssText = csvBtn.style.cssText;
+        jsonBtn.addEventListener('mouseenter', () => jsonBtn.style.background = 'var(--bg-hover)');
+        jsonBtn.addEventListener('mouseleave', () => jsonBtn.style.background = 'transparent');
+        jsonBtn.addEventListener('click', () => {
+            this.exportToJSON();
+            menu.remove();
+        });
+
+        menu.appendChild(csvBtn);
+        menu.appendChild(jsonBtn);
+        button.style.position = 'relative';
+        button.appendChild(menu);
+
+        // Close on click outside
+        const closeHandler = (e) => {
+            if (!menu.contains(e.target) && e.target !== button) {
+                menu.remove();
+                document.removeEventListener('click', closeHandler);
+            }
+        };
+        setTimeout(() => document.addEventListener('click', closeHandler), 0);
+    }
+
+    /**
+     * Export results to CSV
+     */
+    exportToCSV() {
+        if (this.results.length === 0) {
+            alert('No results to export');
+            return;
+        }
+
+        const headers = ['URL', 'Method', 'Original Status', 'Swapped Status', 'Comparison', 'Timestamp'];
+        const rows = this.results.map(result => {
+            const req = result.originalRequest;
+            const method = req.method || req.request?.method || 'GET';
+            const url = req.url || req.request?.url || '';
+            const origStatus = req.response?.status || req.responseStatus || '';
+            const swapStatus = result.swappedResponse?.status || '';
+            const timestamp = new Date(result.timestamp).toISOString();
+
+            return [url, method, origStatus, swapStatus, result.comparison, timestamp];
+        });
+
+        const csvContent = [
+            headers.join(','),
+            ...rows.map(row => row.map(cell => `"${String(cell).replace(/"/g, '""')}"`).join(','))
+        ].join('\n');
+
+        const blob = new Blob([csvContent], { type: 'text/csv;charset=utf-8;' });
+        const link = document.createElement('a');
+        const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+        link.href = URL.createObjectURL(blob);
+        link.download = `auth-analyzer-results-${timestamp}.csv`;
+        link.click();
+    }
+
+    /**
+     * Export results to JSON
+     */
+    exportToJSON() {
+        if (this.results.length === 0) {
+            alert('No results to export');
+            return;
+        }
+
+        const exportData = this.results.map(result => {
+            const req = result.originalRequest;
+            const method = req.method || req.request?.method || 'GET';
+            const url = req.url || req.request?.url || '';
+            const origStatus = req.response?.status || req.responseStatus || '';
+            const swapStatus = result.swappedResponse?.status || '';
+
+            return {
+                url,
+                method,
+                originalStatus: origStatus,
+                swappedStatus: swapStatus,
+                comparison: result.comparison,
+                timestamp: new Date(result.timestamp).toISOString(),
+                originalBody: (req.response?.body || '').substring(0, 1000),
+                swappedBody: (result.swappedResponse?.body || '').substring(0, 1000),
+                // Include swapped request details
+                swappedRequest: result.swappedRequest || {
+                    url,
+                    headers: {}
+                }
+            };
+        });
+
+        const jsonContent = JSON.stringify(exportData, null, 2);
+        const blob = new Blob([jsonContent], { type: 'application/json;charset=utf-8;' });
+        const link = document.createElement('a');
+        const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+        link.href = URL.createObjectURL(blob);
+        link.download = `auth-analyzer-results-${timestamp}.json`;
+        link.click();
+    }
+
+    /**
+     * Link configuration panel
+     */
+    setConfigPanel(configPanel) {
+        this.configPanel = configPanel;
+    }
+
+    /**
+     * Attach event listeners
+     */
+    attachEventListeners() {
+        // Listen for Auth Analyzer results
+        events.on('AUTH_ANALYZER_RESULT', (result) => {
+            console.log('[Auth Panel] Received AUTH_ANALYZER_RESULT:', result);
+            this.addResult(result);
+        });
+
+        // Listen for clear requests
+        events.on(EVENT_NAMES.STATE_REQUESTS_CLEARED, () => {
+            console.log('[Auth Panel] Requests cleared, resetting panel');
+            this.clearResults();
+        });
+    }
+
+    /**
+     * Show the panel
+     */
+    show() {
+        if (this.panel) {
+            this.panel.classList.add('visible');
+        }
+    }
+
+    /**
+     * Hide the panel
+     */
+    hide() {
+        if (this.panel) {
+            this.panel.classList.remove('visible');
+        }
+    }
+
+    /**
+     * Toggle panel visibility
+     */
+    toggle() {
+        if (this.panel) {
+            const isVisible = this.panel.classList.contains('visible');
+            if (isVisible) {
+                this.hide();
+            } else {
+                this.show();
+            }
+        }
+    }
+
+    /**
+     * Add a result
+     */
+    addResult(result) {
+        console.log('[Auth Panel] Adding result to panel:', {
+            id: result.id,
+            comparison: result.comparison,
+            totalResults: this.results.length + 1
+        });
+
+        this.results.push(result);
+        this.render();
+        this.updateBadge();
+
+        // Auto-show panel for critical findings
+        if (result.comparison === 'SAME') {
+            this.show();
+        }
+    }
+
+    /**
+     * Clear all results
+     */
+    clearResults() {
+        this.results = [];
+        this.render();
+        this.updateBadge();
+    }
+
+    /**
+     * Render results
+     */
+    render() {
+        const container = document.getElementById('auth-panel-content');
+        if (!container) return;
+
+        // Update dashboard
+        const counts = {
+            'SAME': 0,
+            'SIMILAR': 0,
+            'DIFFERENT': 0
+        };
+
+        this.results.forEach(r => {
+            counts[r.comparison] = (counts[r.comparison] || 0) + 1;
+        });
+
+        document.getElementById('auth-count-same').textContent = counts['SAME'];
+        document.getElementById('auth-count-similar').textContent = counts['SIMILAR'];
+        document.getElementById('auth-count-different').textContent = counts['DIFFERENT'];
+
+        // Render table
+        if (this.results.length === 0) {
+            container.innerHTML = `
+                <div style="padding: 20px; text-align: center; color: var(--text-secondary);">
+                    No results yet. Auth Analyzer will test requests as they're captured.
+                </div>
+            `;
+            return;
+        }
+
+        // Sorting: SAME > SIMILAR > DIFFERENT, then by timestamp (newest first)
+        const severityWeight = { 'SAME': 3, 'SIMILAR': 2, 'DIFFERENT': 1, 'ERROR': 0 };
+        const sortedResults = [...this.results].sort((a, b) => {
+            const weightA = severityWeight[a.comparison] || 0;
+            const weightB = severityWeight[b.comparison] || 0;
+
+            if (weightA !== weightB) {
+                return weightB - weightA; // Higher weight first
+            }
+            return b.timestamp - a.timestamp; // Newest first
+        });
+
+        let html = `
+            <table style="width: 100%; border-collapse: collapse; font-size: 12px;">
+                <thead>
+                    <tr style="background: var(--bg-secondary); position: sticky; top: 0;">
+                        <th style="padding: 8px; text-align: left; border-bottom: 1px solid var(--border-color);">Method</th>
+                        <th style="padding: 8px; text-align: left; border-bottom: 1px solid var(--border-color);">URL</th>
+                        <th style="padding: 8px; text-align: center; border-bottom: 1px solid var(--border-color);">Orig</th>
+                        <th style="padding: 8px; text-align: center; border-bottom: 1px solid var(--border-color);">Swap</th>
+                        <th style="padding: 8px; text-align: center; border-bottom: 1px solid var(--border-color);">Result</th>
+                    </tr>
+                </thead>
+                <tbody id="auth-results-tbody">
+        `;
+
+        sortedResults.forEach((result, sortIdx) => {
+            const idx = this.results.indexOf(result);
+
+            const req = result.originalRequest;
+            const method = req.method || req.request?.method || 'GET';
+            const url = req.url || req.request?.url || '';
+            const origStatus = req.response?.status || req.responseStatus || '?';
+            const swapStatus = result.swappedResponse?.status || '?';
+            const comp = result.comparison;
+
+            const displayUrl = url.length > 50 ? url.substring(0, 50) + '...' : url;
+
+            const colors = { 'SAME': '#f44336', 'SIMILAR': '#ff9800', 'DIFFERENT': '#4caf50' };
+            const color = colors[comp] || '#999';
+
+            const methodColors = { 'GET': '#4caf50', 'POST': '#2196f3', 'PUT': '#ff9800', 'DELETE': '#f44336' }[method] || '#757575';
+
+            html += `
+                <tr class="auth-row" data-idx="${idx}" style="border-bottom: 1px solid var(--border-color); cursor: pointer;">
+                    <td style="padding: 6px 8px;">
+                        <span style="background: ${methodColors}; color: white; padding: 2px 6px; border-radius: 3px; font-size: 10px; font-weight: 600;">${method}</span>
+                    </td>
+                    <td style="padding: 6px 8px; font-family: monospace; font-size: 10px;" title="${escapeHtml(url)}">${escapeHtml(displayUrl)}</td>
+                    <td style="padding: 6px 8px; text-align: center; font-family: monospace; font-size: 11px;">${origStatus}</td>
+                    <td style="padding: 6px 8px; text-align: center; font-family: monospace; font-size: 11px;">${swapStatus}</td>
+                    <td style="padding: 6px 8px; text-align: center;">
+                        <span style="color: ${color}; font-weight: 600; font-size: 11px;">${comp}</span>
+                    </td>
+                </tr>
+                <tr class="auth-details" id="details-${idx}" style="display: none;">
+                    <td colspan="5" style="padding: 12px; background: var(--bg-hover); border-bottom: 2px solid var(--border-color);">
+                        
+                        <!-- Full URL Display -->
+                        <div style="margin-bottom: 12px; padding-bottom: 12px; border-bottom: 1px solid var(--border-color);">
+                            <div style="font-weight: 600; margin-bottom: 4px; font-size: 11px; color: var(--text-secondary);">Request URL</div>
+                            <div style="font-family: monospace; word-break: break-all; background: var(--bg-primary); padding: 8px; border-radius: 4px; font-size: 11px; user-select: text; border: 1px solid var(--border-color);">${escapeHtml(url)}</div>
+                        </div>
+
+                        <div style="display: flex; flex-direction: column; gap: 16px;">
+                            <div>
+                                <div style="font-weight: 600; margin-bottom: 8px;">Original (Your Session)</div>
+                                <div style="background: var(--bg-primary); padding: 8px; border-radius: 4px; border-left: 3px solid ${color};">
+                                    <div style="margin-bottom: 4px;"><strong>Status:</strong> ${origStatus}</div>
+                                    <div style="margin-bottom: 8px;"><strong>Body:</strong></div>
+                                    <pre style="margin: 0; font-size: 10px; max-height: 200px; overflow: auto; white-space: pre-wrap;">${escapeHtml((req.response?.body || '').substring(0, 500))}</pre>
+                                </div>
+                            </div>
+                            <div>
+                                <div style="font-weight: 600; margin-bottom: 8px;">Swapped (Test Session)</div>
+                                <div style="background: var(--bg-primary); padding: 8px; border-radius: 4px; border-left: 3px solid ${color};">
+                                    <div style="margin-bottom: 4px;"><strong>Status:</strong> ${swapStatus}</div>
+                                    <div style="margin-bottom: 8px;"><strong>Body:</strong></div>
+                                    <pre style="margin: 0; font-size: 10px; max-height: 200px; overflow: auto; white-space: pre-wrap;">${escapeHtml((result.swappedResponse?.body || '').substring(0, 500))}</pre>
+                                </div>
+                            </div>
+                        </div>
+                        <div style="margin-top: 12px; padding: 8px; background: ${color}20; border-radius: 4px; font-size: 11px;">
+                            ${comp === 'SAME' ? '⚠️ <strong>Auth Bypass!</strong> Responses identical.' :
+                    comp === 'SIMILAR' ? '⚠️ <strong>Review needed.</strong> Responses similar.' :
+                        '✓ Responses different - auth enforced.'}
+                        </div>
+                    </td>
+                </tr>
+            `;
+        });
+
+        html += `</tbody></table>`;
+        container.innerHTML = html;
+
+        // Attach expand handlers
+        const rows = container.querySelectorAll('.auth-row');
+        rows.forEach(row => {
+            row.addEventListener('mouseenter', () => row.style.background = 'var(--bg-hover)');
+            row.addEventListener('mouseleave', () => row.style.background = '');
+
+            row.addEventListener('click', () => {
+                const idx = row.dataset.idx;
+                const details = document.getElementById(`details-${idx}`);
+                if (details) {
+                    const vis = details.style.display !== 'none';
+                    container.querySelectorAll('.auth-details').forEach(d => d.style.display = 'none');
+                    details.style.display = vis ? 'none' : 'table-row';
+                }
+            });
+        });
+    }
+
+    /**
+     * Update badge
+     */
+    updateBadge() {
+        const btn = document.getElementById('auth-analyzer-toggle');
+        if (!btn) return;
+
+        const critical = this.getCriticalCount();
+        const badge = btn.querySelector('.badge');
+
+        if (critical > 0) {
+            if (badge) {
+                badge.textContent = critical;
+                badge.style.display = 'inline-block';
+            }
+        } else if (badge) {
+            badge.style.display = 'none';
+        }
+    }
+
+    /**
+     * Get count of critical findings
+     */
+    getCriticalCount() {
+        return this.results.filter(r => r.comparison === 'SAME').length;
+    }
+
+    /**
+     * Check if panel is visible
+     */
+    isVisible() {
+        return this.panel && this.panel.classList.contains('visible');
+    }
+}
+
+let panelInstance = null;
+
+export function initAuthAnalyzerPanel() {
+    if (!panelInstance) {
+        panelInstance = new AuthAnalyzerPanel();
+        panelInstance.init();
+    }
+    return panelInstance;
+}
diff --git a/js/features/auth-analyzer/replayer.js b/js/features/auth-analyzer/replayer.js
new file mode 100644
index 0000000..96045f1
--- /dev/null
+++ b/js/features/auth-analyzer/replayer.js
@@ -0,0 +1,401 @@
+// Request Replayer for Auth Analyzer
+// Replays requests with different sessions
+
+import { ParameterExtractor } from './extractor.js';
+import { parseRequest } from '../../network/capture.js';
+import { sendRequest } from '../../network/request-sender.js';
+
+/**
+ * Replays HTTP requests with modified sessions
+ */
+export class RequestReplayer {
+    constructor() {
+        this.extractor = new ParameterExtractor();
+    }
+
+    /**
+     * Replay a request with a specific session
+     */
+    async replayWithSession(originalRequest, session) {
+        // Clone the request
+        const modifiedRequest = this.cloneRequest(originalRequest);
+
+        // Replace/add headers from session
+        for (const [key, value] of Object.entries(session.headers)) {
+            modifiedRequest.headers[key] = value;
+        }
+
+        // Remove headers (but not ones we just added from session)
+        const sessionHeaderKeys = Object.keys(session.headers).map(k => k.toLowerCase());
+        for (const headerName of session.headersToRemove) {
+            // Don't remove if we just added it from session
+            if (!sessionHeaderKeys.includes(headerName.toLowerCase())) {
+                delete modifiedRequest.headers[headerName];
+            }
+        }
+
+        console.log('[Replayer] Modified request headers after session apply:', {
+            hasCookie: !!modifiedRequest.headers['Cookie'],
+            cookiePreview: modifiedRequest.headers['Cookie']?.substring(0, 100),
+            allHeaders: Object.keys(modifiedRequest.headers)
+        });
+
+        // Replace parameters
+        for (const param of session.parameters) {
+            if (param.remove) {
+                modifiedRequest = this.removeParameter(modifiedRequest, param);
+            } else if (param.value) {
+                modifiedRequest = this.replaceParameter(modifiedRequest, param);
+            }
+        }
+
+        // Send request
+        try {
+            const method = session.testCORS ? 'OPTIONS' : modifiedRequest.method;
+
+            // Build raw HTTP request string
+            const urlObj = new URL(modifiedRequest.url);
+            const path = urlObj.pathname + urlObj.search;
+            const host = urlObj.host;
+
+            // Start with request line
+            let rawRequest = `${method} ${path} HTTP/1.1\n`;
+
+            // Add Host header
+            rawRequest += `Host: ${host}\n`;
+
+            // Add all headers
+            for (const [key, value] of Object.entries(modifiedRequest.headers)) {
+                // Convert header values to strings if they're objects
+                let headerValue = value;
+                if (typeof value === 'object' && value !== null) {
+                    headerValue = JSON.stringify(value);
+                } else {
+                    headerValue = String(value);
+                }
+                rawRequest += `${key}: ${headerValue}\n`;
+            }
+
+            // Add empty line to separate headers from body
+            rawRequest += '\n';
+
+            // Add body if present
+            if (modifiedRequest.body) {
+                let bodyToSend = modifiedRequest.body;
+                if (typeof bodyToSend === 'object') {
+                    bodyToSend = JSON.stringify(bodyToSend);
+                }
+                rawRequest += bodyToSend;
+            }
+
+            console.log('[Replayer] Raw request:', {
+                preview: rawRequest.substring(0, 500),
+                hasCookie: rawRequest.includes('Cookie:'),
+                cookieMatch: rawRequest.match(/Cookie: ([^\n]+)/)?.[1]?.substring(0, 100)
+            });
+
+            // Prepare fetch options
+            const url = modifiedRequest.url; // Use the modified request URL directly
+            const options = {
+                method: method,
+                headers: modifiedRequest.headers,
+                isAuthAnalyzer: true, // Mark as Auth Analyzer request
+                redirect: 'follow', // Follow redirects to get response bodies
+                credentials: 'omit' // Don't send browser cookies
+            };
+
+            // Add body if present
+            if (modifiedRequest.body) {
+                options.body = modifiedRequest.body;
+            }
+
+            // Add Auth Analyzer markers for background script cookie injection
+            options.headers['X-Rep-Plus-Replay'] = 'true';
+
+            // If we have a Cookie header, move it to special header for background script
+            if (options.headers['Cookie']) {
+                options.headers['X-Rep-Plus-Cookie'] = options.headers['Cookie'];
+                delete options.headers['Cookie']; // Remove from fetch - background will inject it
+            }
+
+            console.log('[Replayer] Parsed request:', {
+                url,
+                method: options.method,
+                headers: options.headers,
+                hasReplayMarker: !!options.headers['X-Rep-Plus-Replay'],
+                hasCookieToInject: !!options.headers['X-Rep-Plus-Cookie'],
+                cookiePreview: options.headers['X-Rep-Plus-Cookie']?.substring(0, 100)
+            });
+
+            const result = await sendRequest(url, options);
+
+            // Convert headers from Headers object to array format
+            const responseHeaders = [];
+            if (result.headers && typeof result.headers.entries === 'function') {
+                for (const [name, value] of result.headers.entries()) {
+                    responseHeaders.push({ name, value });
+                }
+            }
+
+            return {
+                status: result.status,
+                statusText: result.statusText,
+                headers: responseHeaders,
+                body: result.body,
+                url: modifiedRequest.url,
+                method: method
+            };
+        } catch (error) {
+            console.error('[Auth Analyzer] Request failed:', error);
+            return {
+                status: 0,
+                statusText: 'Error',
+                headers: [],
+                body: error.message,
+                url: modifiedRequest.url,
+                method: modifiedRequest.method,
+                error: true
+            };
+        }
+    }
+
+    /**
+     * Clone a request object
+     */
+    cloneRequest(request) {
+        return {
+            url: request.url,
+            method: request.method,
+            headers: { ...request.headers },
+            body: request.body
+        };
+    }
+
+    /**
+     * Replace parameter in request
+     */
+    replaceParameter(request, param) {
+        const { name, value, replaceIn } = param;
+
+        // Replace in URL path
+        if (replaceIn.path) {
+            request.url = this.replaceInPath(request.url, name, value);
+        }
+
+        // Replace in URL parameters
+        if (replaceIn.urlParam) {
+            request.url = this.replaceInURLParam(request.url, name, value);
+        }
+
+        // Replace in Cookie header
+        if (replaceIn.cookie) {
+            request.headers = this.replaceInCookie(request.headers, name, value);
+        }
+
+        // Replace in body
+        if (replaceIn.body && request.body) {
+            request.body = this.replaceInBody(request.body, name, value);
+        }
+
+        // Replace in JSON body
+        if (replaceIn.json && request.body) {
+            request.body = this.replaceInJSON(request.body, name, value);
+        }
+
+        // Replace in specific header
+        if (replaceIn.header && request.headers) {
+            request.headers = this.replaceInHeader(request.headers, name, value);
+        }
+
+        return request;
+    }
+
+    /**
+     * Remove parameter from request
+     */
+    removeParameter(request, param) {
+        const { name, replaceIn } = param;
+
+        if (replaceIn.urlParam) {
+            request.url = this.removeFromURLParam(request.url, name);
+        }
+
+        if (replaceIn.cookie) {
+            request.headers = this.removeFromCookie(request.headers, name);
+        }
+
+        if (replaceIn.body && request.body) {
+            request.body = this.removeFromBody(request.body, name);
+        }
+
+        if (replaceIn.json && request.body) {
+            request.body = this.removeFromJSON(request.body, name);
+        }
+
+        return request;
+    }
+
+    /**
+     * Replace in URL path (e.g., /api/user/123 -> /api/user/456)
+     */
+    replaceInPath(url, name, value) {
+        const urlObj = new URL(url);
+        const pathRegex = new RegExp(`/${name}/([^/]+)`, 'i');
+        urlObj.pathname = urlObj.pathname.replace(pathRegex, `/${name}/${value}`);
+        return urlObj.toString();
+    }
+
+    /**
+     * Replace in URL parameters
+     */
+    replaceInURLParam(url, name, value) {
+        const urlObj = new URL(url);
+        if (urlObj.searchParams.has(name)) {
+            urlObj.searchParams.set(name, value);
+        }
+        return urlObj.toString();
+    }
+
+    /**
+     * Remove from URL parameters
+     */
+    removeFromURLParam(url, name) {
+        const urlObj = new URL(url);
+        urlObj.searchParams.delete(name);
+        return urlObj.toString();
+    }
+
+    /**
+     * Replace in Cookie header
+     */
+    replaceInCookie(headers, name, value) {
+        if (!headers.Cookie) return headers;
+
+        const cookies = headers.Cookie.split('; ');
+        const newCookies = cookies.map(cookie => {
+            const [cookieName, cookieValue] = cookie.split('=');
+            if (cookieName === name) {
+                return `${name}=${value}`;
+            }
+            return cookie;
+        });
+
+        headers.Cookie = newCookies.join('; ');
+        return headers;
+    }
+
+    /**
+     * Remove from Cookie header
+     */
+    removeFromCookie(headers, name) {
+        if (!headers.Cookie) return headers;
+
+        const cookies = headers.Cookie.split('; ');
+        const newCookies = cookies.filter(cookie => {
+            const [cookieName] = cookie.split('=');
+            return cookieName !== name;
+        });
+
+        headers.Cookie = newCookies.join('; ');
+        return headers;
+    }
+
+    /**
+     * Replace in URL-encoded body
+     */
+    replaceInBody(body, name, value) {
+        const params = new URLSearchParams(body);
+        if (params.has(name)) {
+            params.set(name, value);
+        }
+        return params.toString();
+    }
+
+    /**
+     * Remove from URL-encoded body
+     */
+    removeFromBody(body, name) {
+        const params = new URLSearchParams(body);
+        params.delete(name);
+        return params.toString();
+    }
+
+    /**
+     * Replace in JSON body
+     */
+    replaceInJSON(body, name, value) {
+        try {
+            const json = JSON.parse(body);
+            this.setInJSON(json, name, value);
+            return JSON.stringify(json);
+        } catch (e) {
+            return body;
+        }
+    }
+
+    /**
+     * Remove from JSON body
+     */
+    removeFromJSON(body, name) {
+        try {
+            const json = JSON.parse(body);
+            this.deleteInJSON(json, name);
+            return JSON.stringify(json);
+        } catch (e) {
+            return body;
+        }
+    }
+
+    /**
+     * Set value in JSON object (recursive)
+     */
+    setInJSON(obj, key, value) {
+        if (obj.hasOwnProperty(key)) {
+            obj[key] = value;
+            return true;
+        }
+
+        for (const k in obj) {
+            if (typeof obj[k] === 'object' && obj[k] !== null) {
+                if (this.setInJSON(obj[k], key, value)) {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Delete key from JSON object (recursive)
+     */
+    deleteInJSON(obj, key) {
+        if (obj.hasOwnProperty(key)) {
+            delete obj[key];
+            return true;
+        }
+
+        for (const k in obj) {
+            if (typeof obj[k] === 'object' && obj[k] !== null) {
+                if (this.deleteInJSON(obj[k], key)) {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Replace in specific header (e.g., Authorization: Bearer {token})
+     */
+    replaceInHeader(headers, name, value) {
+        // Find header that contains the parameter name as a placeholder
+        for (const [headerName, headerValue] of Object.entries(headers)) {
+            if (headerValue.includes(`{${name}}`)) {
+                headers[headerName] = headerValue.replace(`{${name}}`, value);
+            }
+        }
+        return headers;
+    }
+}
diff --git a/js/features/auth-analyzer/session.js b/js/features/auth-analyzer/session.js
new file mode 100644
index 0000000..296cb66
--- /dev/null
+++ b/js/features/auth-analyzer/session.js
@@ -0,0 +1,265 @@
+// Session Management for Auth Analyzer
+// Manages user sessions with auto-extraction and parameter replacement
+
+/**
+ * Represents a user session for authorization testing
+ */
+export class Session {
+    constructor(name, color = '#4CAF50') {
+        this.id = this.generateId();
+        this.name = name; // e.g., "Admin", "User", "Guest"
+        this.color = color; // Visual indicator
+        this.active = true;
+        this.parameters = []; // Array of Parameter objects
+        this.headers = {}; // Headers to add/replace
+        this.headersToRemove = []; // Headers to remove
+        this.dropOriginal = false; // For idempotent operations
+        this.testCORS = false;
+        this.privilege = 'low'; // 'high', 'medium', 'low' for bypass detection
+    }
+
+    generateId() {
+        return `session_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+    }
+
+    /**
+     * Add a parameter to this session
+     */
+    addParameter(parameter) {
+        this.parameters.push(parameter);
+    }
+
+    /**
+     * Remove a parameter by name
+     */
+    removeParameter(name) {
+        this.parameters = this.parameters.filter(p => p.name !== name);
+    }
+
+    /**
+     * Get parameter by name
+     */
+    getParameter(name) {
+        return this.parameters.find(p => p.name === name);
+    }
+
+    /**
+     * Clone this session
+     */
+    clone(newName) {
+        const cloned = new Session(newName || `${this.name} (Copy)`, this.color);
+        cloned.active = this.active;
+        cloned.headers = { ...this.headers };
+        cloned.headersToRemove = [...this.headersToRemove];
+        cloned.dropOriginal = this.dropOriginal;
+        cloned.testCORS = this.testCORS;
+        cloned.privilege = this.privilege;
+        cloned.parameters = this.parameters.map(p => p.clone());
+        return cloned;
+    }
+
+    /**
+     * Serialize to JSON
+     */
+    toJSON() {
+        return {
+            id: this.id,
+            name: this.name,
+            color: this.color,
+            active: this.active,
+            parameters: this.parameters.map(p => p.toJSON()),
+            headers: this.headers,
+            headersToRemove: this.headersToRemove,
+            dropOriginal: this.dropOriginal,
+            testCORS: this.testCORS,
+            privilege: this.privilege
+        };
+    }
+
+    /**
+     * Deserialize from JSON
+     */
+    static fromJSON(data) {
+        const session = new Session(data.name, data.color);
+        session.id = data.id;
+        session.active = data.active;
+        session.headers = data.headers || {};
+        session.headersToRemove = data.headersToRemove || [];
+        session.dropOriginal = data.dropOriginal || false;
+        session.testCORS = data.testCORS || false;
+        session.privilege = data.privilege || 'low';
+        session.parameters = (data.parameters || []).map(p => Parameter.fromJSON(p));
+        return session;
+    }
+}
+
+/**
+ * Represents a parameter to extract and replace
+ */
+export class Parameter {
+    constructor(name, extractionType = 'auto') {
+        this.name = name;
+        this.extractionType = extractionType; // 'auto', 'fromTo', 'static', 'prompt'
+        this.value = null;
+        this.lastExtracted = null; // Timestamp of last extraction
+
+        // Auto extraction settings
+        this.extractFrom = {
+            cookie: true,
+            htmlInput: true,
+            json: true
+        };
+
+        // From-To string extraction
+        this.fromToString = {
+            from: '',
+            to: '',
+            extractFromHeader: true,
+            extractFromBody: true
+        };
+
+        // Static value
+        this.staticValue = '';
+
+        // Replacement settings
+        this.replaceIn = {
+            path: true,
+            urlParam: true,
+            cookie: true,
+            body: true,
+            json: true,
+            header: false // For Authorization: Bearer {token}
+        };
+
+        this.remove = false; // For CSRF testing
+    }
+
+    /**
+     * Set the parameter value
+     */
+    setValue(value) {
+        this.value = value;
+        this.lastExtracted = Date.now();
+    }
+
+    /**
+     * Clone this parameter
+     */
+    clone() {
+        const cloned = new Parameter(this.name, this.extractionType);
+        cloned.value = this.value;
+        cloned.lastExtracted = this.lastExtracted;
+        cloned.extractFrom = { ...this.extractFrom };
+        cloned.fromToString = { ...this.fromToString };
+        cloned.staticValue = this.staticValue;
+        cloned.replaceIn = { ...this.replaceIn };
+        cloned.remove = this.remove;
+        return cloned;
+    }
+
+    /**
+     * Serialize to JSON
+     */
+    toJSON() {
+        return {
+            name: this.name,
+            extractionType: this.extractionType,
+            value: this.value,
+            lastExtracted: this.lastExtracted,
+            extractFrom: this.extractFrom,
+            fromToString: this.fromToString,
+            staticValue: this.staticValue,
+            replaceIn: this.replaceIn,
+            remove: this.remove
+        };
+    }
+
+    /**
+     * Deserialize from JSON
+     */
+    static fromJSON(data) {
+        const param = new Parameter(data.name, data.extractionType);
+        param.value = data.value;
+        param.lastExtracted = data.lastExtracted;
+        param.extractFrom = data.extractFrom || { cookie: true, htmlInput: true, json: true };
+        param.fromToString = data.fromToString || { from: '', to: '', extractFromHeader: true, extractFromBody: true };
+        param.staticValue = data.staticValue || '';
+        param.replaceIn = data.replaceIn || { path: true, urlParam: true, cookie: true, body: true, json: true, header: false };
+        param.remove = data.remove || false;
+        return param;
+    }
+}
+
+/**
+ * Session Manager - manages all sessions
+ */
+export class SessionManager {
+    constructor() {
+        this.sessions = [];
+        this.activeSessionIds = new Set();
+    }
+
+    /**
+     * Add a new session
+     */
+    addSession(session) {
+        this.sessions.push(session);
+        if (session.active) {
+            this.activeSessionIds.add(session.id);
+        }
+    }
+
+    /**
+     * Remove a session
+     */
+    removeSession(sessionId) {
+        this.sessions = this.sessions.filter(s => s.id !== sessionId);
+        this.activeSessionIds.delete(sessionId);
+    }
+
+    /**
+     * Get session by ID
+     */
+    getSession(sessionId) {
+        return this.sessions.find(s => s.id === sessionId);
+    }
+
+    /**
+     * Get all active sessions
+     */
+    getActiveSessions() {
+        return this.sessions.filter(s => s.active);
+    }
+
+    /**
+     * Toggle session active state
+     */
+    toggleSession(sessionId) {
+        const session = this.getSession(sessionId);
+        if (session) {
+            session.active = !session.active;
+            if (session.active) {
+                this.activeSessionIds.add(sessionId);
+            } else {
+                this.activeSessionIds.delete(sessionId);
+            }
+        }
+    }
+
+    /**
+     * Serialize all sessions
+     */
+    toJSON() {
+        return this.sessions.map(s => s.toJSON());
+    }
+
+    /**
+     * Deserialize sessions
+     */
+    fromJSON(data) {
+        this.sessions = data.map(s => Session.fromJSON(s));
+        this.activeSessionIds = new Set(
+            this.sessions.filter(s => s.active).map(s => s.id)
+        );
+    }
+}
diff --git a/js/features/auth-analyzer/storage.js b/js/features/auth-analyzer/storage.js
new file mode 100644
index 0000000..3c9b6aa
--- /dev/null
+++ b/js/features/auth-analyzer/storage.js
@@ -0,0 +1,124 @@
+// Storage for Auth Analyzer
+// Saves and loads session configurations
+
+/**
+ * Handles persistence of Auth Analyzer sessions
+ */
+export class AuthAnalyzerStorage {
+    constructor() {
+        this.storageKey = 'rep_auth_analyzer_sessions';
+        this.configKey = 'rep_auth_analyzer_config';
+    }
+
+    /**
+     * Save sessions to localStorage
+     */
+    saveSessions(sessions) {
+        try {
+            const data = JSON.stringify(sessions);
+            localStorage.setItem(this.storageKey, data);
+            return true;
+        } catch (error) {
+            console.error('[Auth Analyzer] Failed to save sessions:', error);
+            return false;
+        }
+    }
+
+    /**
+     * Load sessions from localStorage
+     */
+    loadSessions() {
+        try {
+            const data = localStorage.getItem(this.storageKey);
+            return data ? JSON.parse(data) : [];
+        } catch (error) {
+            console.error('[Auth Analyzer] Failed to load sessions:', error);
+            return [];
+        }
+    }
+
+    /**
+     * Save configuration
+     */
+    saveConfig(config) {
+        try {
+            const data = JSON.stringify(config);
+            localStorage.setItem(this.configKey, data);
+            return true;
+        } catch (error) {
+            console.error('[Auth Analyzer] Failed to save config:', error);
+            return false;
+        }
+    }
+
+    /**
+     * Load configuration
+     */
+    loadConfig() {
+        try {
+            const data = localStorage.getItem(this.configKey);
+            return data ? JSON.parse(data) : this.getDefaultConfig();
+        } catch (error) {
+            console.error('[Auth Analyzer] Failed to load config:', error);
+            return this.getDefaultConfig();
+        }
+    }
+
+    /**
+     * Get default configuration
+     */
+    getDefaultConfig() {
+        return {
+            enabled: false,
+            filters: {
+                inScope: false,
+                proxyOnly: false,
+                excludeFileTypes: ['.css', '.js', '.jpg', '.png', '.gif', '.svg', '.woff', '.woff2'],
+                excludeMethods: [],
+                excludeStatusCodes: [],
+                excludePaths: []
+            }
+        };
+    }
+
+    /**
+     * Export sessions to file
+     */
+    exportToFile(sessions) {
+        const data = JSON.stringify(sessions, null, 2);
+        const blob = new Blob([data], { type: 'application/json' });
+        const url = URL.createObjectURL(blob);
+        const a = document.createElement('a');
+        a.href = url;
+        a.download = `auth-analyzer-sessions-${Date.now()}.json`;
+        a.click();
+        URL.revokeObjectURL(url);
+    }
+
+    /**
+     * Import sessions from file
+     */
+    async importFromFile(file) {
+        return new Promise((resolve, reject) => {
+            const reader = new FileReader();
+            reader.onload = (e) => {
+                try {
+                    const data = JSON.parse(e.target.result);
+                    resolve(data);
+                } catch (error) {
+                    reject(error);
+                }
+            };
+            reader.onerror = reject;
+            reader.readAsText(file);
+        });
+    }
+
+    /**
+     * Clear all data
+     */
+    clear() {
+        localStorage.removeItem(this.storageKey);
+        localStorage.removeItem(this.configKey);
+    }
+}
diff --git a/js/main.js b/js/main.js
index d45ed5c..6618eef 100644
--- a/js/main.js
+++ b/js/main.js
@@ -21,6 +21,10 @@ import { setupAIFeatures } from './features/ai/index.js';
 import { setupLLMChat } from './features/llm-chat/index.js';
 import { handleSendRequest } from './network/handler.js';
 import { initSearch } from './search/index.js';
+import { initAuthAnalyzer } from './features/auth-analyzer/index.js';
+import { initAuthAnalyzerConfigPanel } from './features/auth-analyzer/config-panel.js';
+import { initAuthAnalyzerPanel } from './features/auth-analyzer/panel.js';
+import { initRepConfigPanel } from './ui/rep-config-panel.js';
 
 // UI Modules
 import { setupBlockControls } from './ui/block-controls.js';
@@ -47,6 +51,93 @@ document.addEventListener('DOMContentLoaded', () => {
     setupLLMChat(elements);
     initSearch();
 
+    // Auth Analyzer Initialization
+    const authAnalyzer = initAuthAnalyzer();
+    const authConfigPanel = initAuthAnalyzerConfigPanel(authAnalyzer);
+    window.authAnalyzerPanel = initAuthAnalyzerPanel(); // Make globally available for bulk replay
+
+    // Link config panel to results panel
+    if (window.authAnalyzerPanel) {
+        window.authAnalyzerPanel.setConfigPanel(authConfigPanel);
+    }
+
+    // rep+ Config Panel Initialization
+    const repConfigPanel = initRepConfigPanel();
+
+    // Auth Analyzer Toggle (in More Menu)
+    const authToggleBtn = document.getElementById('auth-analyzer-toggle');
+    if (authToggleBtn) {
+        authToggleBtn.addEventListener('click', () => {
+            // If disabled (default), show config panel to enable
+            if (!authAnalyzer.enabled) {
+                authConfigPanel.show();
+            } else {
+                // If enabled, toggle the results panel
+                window.authAnalyzerPanel.toggle();
+            }
+        });
+    }
+
+    // Config Panel Close Event - check if enabled
+    const authConfigCloseBtn = document.getElementById('auth-config-close-btn');
+    if (authConfigCloseBtn) {
+        authConfigCloseBtn.addEventListener('click', () => {
+            if (authAnalyzer.enabled) {
+                // If enabled, show result panel
+                window.authAnalyzerPanel.show();
+            }
+        });
+    }
+
+    // Auth Analyzer Results Button (Top Bar)
+    const authResultsBtn = document.getElementById('auth-results-btn');
+    if (authResultsBtn) {
+        authResultsBtn.addEventListener('click', () => {
+            if (window.authAnalyzerPanel) {
+                window.authAnalyzerPanel.toggle();
+            }
+        });
+    }
+
+    // Test Auth Button (Request Editor)
+    const testAuthBtn = document.getElementById('test-auth-btn');
+    if (testAuthBtn) {
+        testAuthBtn.addEventListener('click', async () => {
+            // Check if enabled first
+            if (!authAnalyzer.enabled) {
+                authConfigPanel.show();
+                return;
+            }
+
+            console.log("Test Auth clicked - triggering send");
+
+            // Trigger send and wait for result
+            const requestData = await handleSendRequest();
+
+            if (requestData) {
+                // Construct Auth Analyzer request object
+                // We map the data returned by handleSendRequest to what AuthAnalyzer expects
+                const authReq = {
+                    url: requestData.url,
+                    method: requestData.method,
+                    headers: requestData.headers,
+                    body: requestData.body,
+                    response: requestData.response
+                };
+
+                console.log("[Auth Analyzer] Manually triggering analysis for:", authReq.url);
+
+                // Pass false for isAutomatic to skip realtime/scope checks (Manual Trigger)
+                authAnalyzer.processRequest(authReq, false);
+
+                // Show results panel
+                if (window.authAnalyzerPanel) {
+                    window.authAnalyzerPanel.show();
+                }
+            }
+        });
+    }
+
     // Promotional Banner
     if (elements.promoBanner && elements.closeBannerBtn) {
         // Check if banner was previously dismissed
@@ -124,14 +215,14 @@ document.addEventListener('DOMContentLoaded', () => {
         // Load saved preference (default: true/enabled)
         const removeDuplicatesEnabled = localStorage.getItem('rep_remove_duplicates') !== 'false';
         updateRemoveDuplicatesButton(removeDuplicatesEnabled);
-        
+
         elements.removeDuplicatesBtn.addEventListener('click', () => {
             const currentState = localStorage.getItem('rep_remove_duplicates') !== 'false';
             const newState = !currentState;
-            
+
             localStorage.setItem('rep_remove_duplicates', newState.toString());
             updateRemoveDuplicatesButton(newState);
-            
+
             // If enabling, remove existing duplicates
             if (newState) {
                 const removedCount = actions.request.removeDuplicates();
@@ -143,10 +234,10 @@ document.addEventListener('DOMContentLoaded', () => {
             }
         });
     }
-    
+
     function updateRemoveDuplicatesButton(enabled) {
         if (!elements.removeDuplicatesBtn) return;
-        
+
         if (enabled) {
             elements.removeDuplicatesBtn.classList.add('active');
             elements.removeDuplicatesBtn.title = 'Remove duplicate requests (enabled)';
@@ -162,7 +253,7 @@ document.addEventListener('DOMContentLoaded', () => {
             e.preventDefault();
             e.stopPropagation();
             console.log('Clear all button clicked');
-            
+
             // In Firefox DevTools, window.confirm may not work properly
             // So we'll skip confirmation and clear directly
             // If you want confirmation, you can add a custom modal instead
@@ -190,7 +281,7 @@ document.addEventListener('DOMContentLoaded', () => {
             e.stopPropagation();
             moreMenu.classList.toggle('hidden');
         });
-        
+
         // Close menu when clicking outside
         document.addEventListener('click', (e) => {
             if (!moreMenu.contains(e.target) && e.target !== moreMenuBtn) {
@@ -210,7 +301,38 @@ document.addEventListener('DOMContentLoaded', () => {
             }
         });
     }
-    
+
+    // Filter Static Files Toggle (More Menu)
+    const filterStaticBtn = document.getElementById('filter-static-btn');
+    if (filterStaticBtn) {
+        const updateFilterStaticBtn = (enabled) => {
+            const statusDiv = filterStaticBtn.querySelector('.filter-static-status');
+            const iconDiv = filterStaticBtn.querySelector('.filter-static-icon');
+            if (enabled) {
+                statusDiv.textContent = 'ON';
+                statusDiv.style.color = '#4caf50'; // Green
+                filterStaticBtn.classList.add('active');
+            } else {
+                statusDiv.textContent = 'OFF';
+                statusDiv.style.color = '#f44336'; // Red
+                filterStaticBtn.classList.remove('active');
+            }
+        };
+
+        // Initialize state
+        const isStaticFilterEnabled = localStorage.getItem('rep_filter_static_main') !== 'false';
+        updateFilterStaticBtn(isStaticFilterEnabled);
+
+        filterStaticBtn.addEventListener('click', (e) => {
+            e.stopPropagation(); // Keep menu open
+            const current = localStorage.getItem('rep_filter_static_main') !== 'false';
+            const newState = !current;
+            localStorage.setItem('rep_filter_static_main', newState.toString());
+            updateFilterStaticBtn(newState);
+            console.log('[Main] Static file filtering toggled:', newState);
+        });
+    }
+
     // Close more menu after clicking an item
     if (moreMenu) {
         moreMenu.addEventListener('click', (e) => {
diff --git a/js/network/capture.js b/js/network/capture.js
index dede633..c6a2d9a 100644
--- a/js/network/capture.js
+++ b/js/network/capture.js
@@ -23,8 +23,8 @@ export function setupNetworkListener(onRequestCaptured) {
         // Filter out requests sent by rep+ extension (replayed requests)
         // Check if request has our custom header
         if (request.request.headers) {
-            const hasRepPlusHeader = request.request.headers.some(h => 
-                (h.name === 'X-Rep-Plus-Replay' || h.name.toLowerCase() === 'x-rep-plus-replay') && 
+            const hasRepPlusHeader = request.request.headers.some(h =>
+                (h.name === 'X-Rep-Plus-Replay' || h.name.toLowerCase() === 'x-rep-plus-replay') &&
                 h.value === 'true'
             );
             if (hasRepPlusHeader) {
@@ -38,10 +38,10 @@ export function setupNetworkListener(onRequestCaptured) {
         try {
             const urlObj = new URL(request.request.url);
             const hostname = urlObj.hostname.toLowerCase();
-            
+
             // Check if hostname is an extension ID (32 alphanumeric chars)
             // or contains moz-extension:// scheme
-            if (extensionIdPattern.test(hostname) || 
+            if (extensionIdPattern.test(hostname) ||
                 request.request.url.startsWith('moz-extension://') ||
                 request.request.url.startsWith('about:')) {
                 return;
@@ -51,23 +51,46 @@ export function setupNetworkListener(onRequestCaptured) {
         }
 
         // Filter out static resources (JS, CSS, images, fonts, etc.)
+        // EXTENDED list to match Auth Analyzer
         const url = request.request.url.toLowerCase();
         const staticExtensions = [
-            '.css', '.jpg', '.jpeg', '.png', '.gif', '.svg', '.webp', '.ico',
+            // Scripts
+            '.js', '.mjs', '.jsx',
+            // Stylesheets
+            '.css', '.scss', '.sass', '.less',
+            // Images
+            '.jpg', '.jpeg', '.png', '.gif', '.svg', '.webp', '.ico', '.bmp', '.tiff',
+            // Fonts
             '.woff', '.woff2', '.ttf', '.eot', '.otf',
-            '.mp4', '.webm', '.mp3', '.wav',
-            '.pdf'
+            // Media
+            '.mp4', '.webm', '.ogg', '.mp3', '.wav', '.flac', '.aac',
+            // Documents
+            '.pdf', '.doc', '.docx', '.xls', '.xlsx', '.ppt', '.pptx',
+            // Archives
+            '.zip', '.rar', '.tar', '.gz', '.7z',
+            // Source maps
+            '.map'
         ];
 
-        // Check if URL ends with any static extension
-        const isStatic = staticExtensions.some(ext => {
-            return url.endsWith(ext) || url.includes(ext + '?');
-        });
+        // START: Configurable Static File Filter
+        // Read directly from localStorage (synchronous in this context) to ensure latest setting
+        // Default to TRUE (filtering enabled) if not set, or check user pref
+        const filterStaticEnabled = localStorage.getItem('rep_filter_static_main') !== 'false';
+
+        if (filterStaticEnabled) {
+            // Check if URL ends with any static extension
+            const isStatic = staticExtensions.some(ext => {
+                return url.endsWith(ext) || url.includes(ext + '?');
+            });
 
-        if (isStatic) {
-            // console.log('Skipping static resource:', request.request.url);
-            return;
+            if (isStatic) {
+                // console.log('Skipping static resource:', request.request.url);
+                return;
+            }
         }
+        // END: Configurable Static File Filter
+
+
 
         // Store the capture time for relative time display
         request.capturedAt = Date.now();
@@ -75,12 +98,12 @@ export function setupNetworkListener(onRequestCaptured) {
         // Store the page URL that this request belongs to
         // Filter out requests from extension contexts
         const pageUrl = currentPageUrl || request.request.url;
-        
+
         // Skip if pageUrl is from an extension (moz-extension:// or extension ID hostname)
         try {
             const pageUrlObj = new URL(pageUrl);
             const pageHostname = pageUrlObj.hostname.toLowerCase();
-            if (extensionIdPattern.test(pageHostname) || 
+            if (extensionIdPattern.test(pageHostname) ||
                 pageUrl.startsWith('moz-extension://') ||
                 pageUrl.startsWith('about:')) {
                 return;
@@ -88,7 +111,7 @@ export function setupNetworkListener(onRequestCaptured) {
         } catch (e) {
             // If URL parsing fails, continue
         }
-        
+
         request.pageUrl = pageUrl;
 
         // Fetch response content so we can show it without switching tabs
@@ -174,10 +197,20 @@ export function parseRequest(rawContent, useHttps) {
     const scheme = useHttps ? 'https' : 'http';
     const url = `${scheme}://${host}${path}`;
 
+    // Extract Cookie header BEFORE filtering (Firefox forbids setting it via fetch)
+    let cookieHeader = null;
+    for (const [key, value] of Object.entries(headers)) {
+        if (key.toLowerCase() === 'cookie') {
+            cookieHeader = value;
+            break;
+        }
+    }
+
     // Filter out forbidden headers
     const forbiddenHeaders = [
         'accept-charset', 'accept-encoding', 'access-control-request-headers',
         'access-control-request-method', 'connection', 'content-length',
+        'cookie', // CRITICAL: Firefox forbids this via fetch(), we'll inject it via webRequest
         'date', 'dnt', 'expect', 'host', 'keep-alive',
         'origin', 'referer', 'te', 'trailer', 'transfer-encoding', 'upgrade', 'via'
     ];
@@ -196,16 +229,21 @@ export function parseRequest(rawContent, useHttps) {
         }
     }
 
+    // If Cookie was in the request, pass it via custom header for webRequest interception
+    if (cookieHeader) {
+        filteredHeaders['X-Rep-Plus-Cookie'] = cookieHeader;
+    }
+
     // Add cache-busting headers to prevent 304 Not Modified responses
     // This ensures we always get fresh responses when replaying requests
     filteredHeaders['Cache-Control'] = 'no-cache, no-store, must-revalidate';
     filteredHeaders['Pragma'] = 'no-cache';
     filteredHeaders['Expires'] = '0';
-    
+
     // Remove conditional headers that might cause 304 responses
     delete filteredHeaders['If-None-Match'];
     delete filteredHeaders['If-Modified-Since'];
-    
+
     const options = {
         method: method,
         headers: filteredHeaders,
@@ -228,7 +266,7 @@ export async function executeRequest(url, options) {
         options.headers = {};
     }
     options.headers['X-Rep-Plus-Replay'] = 'true';
-    
+
     const startTime = performance.now();
     const response = await fetch(url, options);
     const endTime = performance.now();
diff --git a/js/network/handler.js b/js/network/handler.js
index fb41050..597bdb0 100644
--- a/js/network/handler.js
+++ b/js/network/handler.js
@@ -49,7 +49,7 @@ export async function handleSendRequest() {
 
         // Store current response
         state.currentResponse = rawResponse;
-        
+
         // Save editor state (including response) after receiving response
         if (state.selectedRequest) {
             const requestIndex = state.requests.indexOf(state.selectedRequest);
@@ -85,6 +85,24 @@ export async function handleSendRequest() {
         elements.jsonResponseDisplay.innerHTML = '';
         elements.jsonResponseDisplay.appendChild(generateJsonView(rawResponse));
 
+        // Return data for other consumers (like Auth Analyzer)
+        return {
+            url,
+            method,
+            headers: options.headers,
+            body: bodyText,
+            responseStatus: result.status,
+            responseStatusText: result.statusText,
+            responseHeaders: result.headers, // Headers object or array?
+            responseBody: result.body,
+            response: {
+                status: result.status,
+                statusText: result.statusText,
+                body: result.body,
+                headers: result.headers
+            }
+        };
+
     } catch (err) {
         console.error('Request Failed:', err);
 
@@ -97,6 +115,7 @@ export async function handleSendRequest() {
         } else {
             showError(err);
         }
+        return null;
     }
 }
 
diff --git a/js/network/request-sender.js b/js/network/request-sender.js
index a4a0c9e..9ac0187 100644
--- a/js/network/request-sender.js
+++ b/js/network/request-sender.js
@@ -7,7 +7,59 @@ import { executeRequest } from './capture.js';
  * @param {Object} options - Fetch options (method, headers, body, etc.)
  * @returns {Promise<Object>} Response object with status, headers, body, size, duration
  */
-export async function sendRequest(url, options) {
-    return await executeRequest(url, options);
-}
+export async function sendRequest(url, options = {}) {
+    const startTime = performance.now();
+
+    try {
+        const fetchOptions = {
+            method: options.method || 'GET',
+            headers: options.headers || {},
+            mode: 'cors',
+            credentials: options.credentials || 'omit',
+            redirect: options.redirect || 'follow'
+        };
+
+        // Add body if provided
+        if (options.body) {
+            fetchOptions.body = options.body;
+        }
+
+        const response = await fetch(url, fetchOptions);
+        const endTime = performance.now();
 
+        let body;
+        const contentType = response.headers.get('content-type') || '';
+
+        try {
+            if (contentType.includes('application/json')) {
+                body = await response.text(); // Get JSON as text
+            } else {
+                body = await response.text();
+            }
+        } catch (e) {
+            body = '';
+        }
+
+        return {
+            status: response.status,
+            statusText: response.statusText,
+            headers: response.headers,
+            body: body,
+            duration: Math.round(endTime - startTime),
+            size: new Blob([body]).size
+        };
+    } catch (error) {
+        const endTime = performance.now();
+        console.error('[Request Sender] Error:', error);
+
+        return {
+            status: 0,
+            statusText: 'Network Error',
+            headers: new Headers(),
+            body: `Error: ${error.message}`,
+            duration: Math.round(endTime - startTime),
+            size: 0,
+            error: true
+        };
+    }
+}
diff --git a/js/ui/filters.js b/js/ui/filters.js
index a9d724e..6fe5f79 100644
--- a/js/ui/filters.js
+++ b/js/ui/filters.js
@@ -29,12 +29,25 @@ function setupSearchFilter() {
     }
 }
 
+/**
+ * Updates search bar placeholder based on current mode
+ */
+function updateSearchPlaceholder() {
+    if (elements.searchBar) {
+        if (state.hostnameOnlyMode) {
+            elements.searchBar.placeholder = 'Filter by hostname only (e.g., api.example.com)';
+        } else {
+            elements.searchBar.placeholder = 'Filter by URL, method, headers...';
+        }
+    }
+}
+
 /**
  * Sets up method filter dropdown (multi-select)
  */
 function setupMethodFilter() {
     if (!elements.methodFilterBtn || !elements.methodFilterMenu) return;
-    
+
     const methodCheckboxes = elements.methodFilterMenu ? Array.from(elements.methodFilterMenu.querySelectorAll('.method-checkbox')) : [];
     const methodItems = elements.methodFilterMenu ? Array.from(elements.methodFilterMenu.querySelectorAll('.method-filter-item')) : [];
 
@@ -104,28 +117,28 @@ function setupMethodFilter() {
         elements.methodFilterMenu.classList.toggle('open');
     });
 
-        // Handle checkbox clicks
-        methodCheckboxes.forEach(checkbox => {
-            checkbox.addEventListener('change', (e) => {
-                e.stopPropagation();
-                const method = checkbox.dataset.filter;
-                toggleMethod(method);
-            });
+    // Handle checkbox clicks
+    methodCheckboxes.forEach(checkbox => {
+        checkbox.addEventListener('change', (e) => {
+            e.stopPropagation();
+            const method = checkbox.dataset.filter;
+            toggleMethod(method);
         });
+    });
 
-        // Handle item clicks (clicking anywhere on the item toggles the checkbox)
-        methodItems.forEach(item => {
-            item.addEventListener('click', (e) => {
-                // Don't toggle if clicking directly on the checkbox (it handles its own event)
-                if (e.target.type === 'checkbox') return;
-                e.stopPropagation();
-                const checkbox = item.querySelector('.method-checkbox');
-                if (checkbox) {
-                    checkbox.checked = !checkbox.checked;
-                    toggleMethod(checkbox.dataset.filter);
-                }
-            });
+    // Handle item clicks (clicking anywhere on the item toggles the checkbox)
+    methodItems.forEach(item => {
+        item.addEventListener('click', (e) => {
+            // Don't toggle if clicking directly on the checkbox (it handles its own event)
+            if (e.target.type === 'checkbox') return;
+            e.stopPropagation();
+            const checkbox = item.querySelector('.method-checkbox');
+            if (checkbox) {
+                checkbox.checked = !checkbox.checked;
+                toggleMethod(checkbox.dataset.filter);
+            }
         });
+    });
 
     // Select all button
     if (elements.methodSelectAllBtn) {
@@ -161,14 +174,14 @@ function setupStarFilter() {
     if (starFilterBtn) {
         // Initialize button state
         starFilterBtn.classList.toggle('active', state.starFilterActive);
-        
+
         starFilterBtn.addEventListener('click', () => {
             const currentlyActive = starFilterBtn.classList.contains('active');
             const newActive = !currentlyActive;
-            
+
             // Use action to set star filter (automatically emits events)
             actions.filter.setStarFilter(newActive);
-            
+
             // Update UI
             starFilterBtn.classList.toggle('active', newActive);
             if (elements.methodFilterMenu) elements.methodFilterMenu.classList.remove('open');
@@ -255,4 +268,3 @@ export function setupFilters() {
     setupStarFilter();
     setupColorFilter();
 }
-
diff --git a/js/ui/main-ui.js b/js/ui/main-ui.js
index d65725e..587ab38 100644
--- a/js/ui/main-ui.js
+++ b/js/ui/main-ui.js
@@ -45,19 +45,19 @@ export function initUI() {
     elements.showSidebarBtn = document.getElementById('show-sidebar-btn');
     elements.llmChatToggleBtn = document.getElementById('llm-chat-toggle-btn');
     elements.llmChatPane = document.getElementById('llm-chat-pane');
-    
+
     // Filter elements
     elements.methodFilterBtn = document.getElementById('method-filter-btn');
     elements.methodFilterLabel = document.getElementById('method-filter-label');
     elements.methodFilterMenu = document.getElementById('method-filter-menu');
     elements.methodSelectAllBtn = document.getElementById('method-select-all');
     elements.methodClearAllBtn = document.getElementById('method-clear-all');
-    
+
     // Block controls
     elements.blockToggleBtn = document.getElementById('block-toggle-btn');
     elements.forwardBtn = document.getElementById('forward-btn');
     elements.forwardMenu = document.getElementById('forward-menu');
-    
+
     // Request editor elements
     elements.rawRequestTextarea = document.getElementById('raw-request-textarea');
     elements.reqViewPretty = document.getElementById('req-view-pretty');
@@ -67,7 +67,7 @@ export function initUI() {
     elements.resViewPreview = document.getElementById('res-view-preview');
     elements.responsePreviewIframe = document.getElementById('response-preview-iframe');
     elements.previewAllowScriptsCheckbox = document.getElementById('preview-allow-scripts');
-    
+
     // Banner elements
     elements.promoBanner = document.getElementById('promo-banner');
     elements.closeBannerBtn = document.getElementById('close-banner');
@@ -229,7 +229,7 @@ function setupEventListeners() {
         if (elements.rawRequestInput) {
             elements.rawRequestInput.innerHTML = rawText;
         }
-        
+
         // Also update raw textarea if it exists (for raw view)
         if (elements.rawRequestTextarea) {
             // Extract plain text from HTML (remove highlighting)
@@ -350,7 +350,7 @@ function setupEventListeners() {
                 const starBtn = item.querySelector('.star-btn');
                 if (starBtn) {
                     starBtn.classList.toggle('active', starred);
-                    starBtn.innerHTML = starred ? 
+                    starBtn.innerHTML = starred ?
                         '<svg viewBox="0 0 24 24" width="14" height="14" fill="currentColor"><path d="M12 17.27L18.18 21l-1.64-7.03L22 9.24l-7.19-.61L12 2 9.19 8.63 2 9.24l5.46 4.73L5.82 21z"/></svg>' :
                         '<svg viewBox="0 0 24 24" width="14" height="14" fill="currentColor"><path d="M22 9.24l-7.19-.62L12 2 9.19 8.63 2 9.24l5.46 4.73L5.82 21 12 17.27 18.18 21l-1.63-7.03L22 9.24zM12 15.4l-3.76 2.27 1-4.28-3.32-2.88 4.38-.38L12 6.1l1.71 4.01 4.38.38-3.32 2.88 1 4.28L12 15.4z"/></svg>';
                     starBtn.title = starred ? 'Unstar' : 'Star request';
diff --git a/js/ui/rep-config-panel.js b/js/ui/rep-config-panel.js
new file mode 100644
index 0000000..4664666
--- /dev/null
+++ b/js/ui/rep-config-panel.js
@@ -0,0 +1,152 @@
+// rep+ Config Panel - Global Configuration
+import { state, actions } from '../core/state.js';
+import { events } from '../core/events.js';
+
+class RepConfigPanel {
+    constructor() {
+        this.panel = document.getElementById('rep-config-panel');
+        this.filterStaticCheckbox = document.getElementById('rep-config-filter-static');
+        this.scopeHostnamesInput = document.getElementById('rep-config-scope-hostnames');
+        this.saveBtn = document.getElementById('rep-config-save-btn');
+        this.cancelBtn = document.getElementById('rep-config-cancel-btn');
+        this.closeBtn = document.getElementById('rep-config-close-btn');
+
+        this.attachEventListeners();
+    }
+
+    attachEventListeners() {
+        // Show panel when rep-config-btn is clicked
+        const repConfigBtn = document.getElementById('rep-config-btn');
+        if (repConfigBtn) {
+            repConfigBtn.addEventListener('click', () => this.show());
+        }
+
+        // Close panel handlers
+        if (this.closeBtn) {
+            this.closeBtn.addEventListener('click', () => this.hide());
+        }
+
+        if (this.cancelBtn) {
+            this.cancelBtn.addEventListener('click', () => this.hide());
+        }
+
+        // Save configuration
+        if (this.saveBtn) {
+            this.saveBtn.addEventListener('click', () => this.saveConfig());
+        }
+
+        // Close panel when clicking outside
+        if (this.panel) {
+            this.panel.addEventListener('click', (e) => {
+                if (e.target === this.panel) {
+                    this.hide();
+                }
+            });
+        }
+    }
+
+    show() {
+        console.log('[rep+ Config] Opening panel...');
+
+        // Load current settings
+        this.loadConfig();
+
+        // Show panel with flex display
+        if (this.panel) {
+            this.panel.style.display = 'flex';
+            // Trigger reflow for animation
+            setTimeout(() => {
+                this.panel.style.opacity = '1';
+                this.panel.style.transform = 'translate(-50%, -50%) scale(1)';
+            }, 10);
+        }
+
+        // Close more menu if open
+        const moreMenu = document.getElementById('more-menu');
+        if (moreMenu) {
+            moreMenu.classList.add('hidden');
+        }
+    }
+
+    hide() {
+        console.log('[rep+ Config] Closing panel...');
+        if (this.panel) {
+            this.panel.style.opacity = '0';
+            this.panel.style.transform = 'translate(-50%, -50%) scale(0.95)';
+            setTimeout(() => {
+                this.panel.style.display = 'none';
+            }, 200);
+        }
+    }
+
+    loadConfig() {
+        // Load Filter Static setting
+        const filterStaticEnabled = localStorage.getItem('rep_filter_static') === 'true';
+        if (this.filterStaticCheckbox) {
+            this.filterStaticCheckbox.checked = filterStaticEnabled;
+        }
+
+        // Load Scope setting
+        const scopeHostnames = localStorage.getItem('rep_scope_hostnames') || '';
+        if (this.scopeHostnamesInput) {
+            this.scopeHostnamesInput.value = scopeHostnames;
+        }
+    }
+
+    saveConfig() {
+        // Save Filter Static setting
+        const filterStaticEnabled = this.filterStaticCheckbox.checked;
+        localStorage.setItem('rep_filter_static', filterStaticEnabled);
+
+        // Update UI for filter static button in More menu
+        const filterStaticBtn = document.getElementById('filter-static-btn');
+        const filterStaticStatus = document.querySelector('.filter-static-status');
+        if (filterStaticBtn) {
+            if (filterStaticEnabled) {
+                filterStaticBtn.classList.add('active');
+                if (filterStaticStatus) {
+                    filterStaticStatus.textContent = 'ON';
+                    filterStaticStatus.style.color = 'var(--accent-color)';
+                }
+            } else {
+                filterStaticBtn.classList.remove('active');
+                if (filterStaticStatus) {
+                    filterStaticStatus.textContent = 'OFF';
+                    filterStaticStatus.style.color = '';
+                }
+            }
+        }
+
+        // Save Scope setting
+        const scopeHostnames = this.scopeHostnamesInput.value.trim();
+        localStorage.setItem('rep_scope_hostnames', scopeHostnames);
+
+        // Parse and normalize hostnames
+        const hostnameList = scopeHostnames
+            .split(',')
+            .map(h => h.trim().toLowerCase())
+            .filter(h => h.length > 0);
+
+        // Store in state
+        if (!state.repConfig) {
+            state.repConfig = {};
+        }
+        state.repConfig.scopeHostnames = hostnameList;
+
+        // Hide panel
+        this.hide();
+
+        // Trigger filter update
+        events.emit('request:filtered');
+
+        console.log('[rep+ Config] Configuration saved:', {
+            filterStatic: filterStaticEnabled,
+            scopeHostnames: hostnameList
+        });
+    }
+}
+
+// Initialize the panel when the DOM is ready
+export function initRepConfigPanel() {
+    return new RepConfigPanel();
+}
diff --git a/js/ui/request-list.js b/js/ui/request-list.js
index 93bc2ab..39ca4ec 100644
--- a/js/ui/request-list.js
+++ b/js/ui/request-list.js
@@ -156,7 +156,7 @@ export function createDomainGroup(hostname, isThirdParty = false) {
     header.addEventListener('click', (e) => {
         // Don't toggle if clicking on buttons
         if (e.target.closest('.group-star-btn') || e.target.closest('.group-delete-btn')) return;
-        
+
         group.classList.toggle('expanded');
         const toggle = header.querySelector('.group-toggle');
         toggle.textContent = group.classList.contains('expanded') ? '▼' : '▶';
@@ -221,9 +221,9 @@ export function createRequestItemElement(request, index, categoryData) {
         // Fallback if URL constructor fails
         if (!displayLabel) {
             displayLabel = request.request.url;
-    }
+        }
         urlSpan.appendChild(document.createTextNode(displayLabel));
-    urlSpan.title = request.request.url;
+        urlSpan.title = request.request.url;
     }
 
     // Time span
@@ -493,10 +493,10 @@ export function renderRequestItem(request, index) {
         if (!pathGroup) {
             pathGroup = createPathGroup();
             // Insert path group before domain groups (if any)
-        const firstDomainGroup = pageContent.querySelector('.domain-group');
+            const firstDomainGroup = pageContent.querySelector('.domain-group');
             if (firstDomainGroup) {
                 pageContent.insertBefore(pathGroup, firstDomainGroup);
-        } else {
+            } else {
                 pageContent.appendChild(pathGroup);
             }
         }
@@ -674,7 +674,7 @@ export function filterRequests() {
         // Forcefully remove all groups and items
         const allGroups = requestList.querySelectorAll('.page-group, .domain-group, .path-group, .request-item');
         allGroups.forEach(element => element.remove());
-        
+
         // Check if there's already an empty state
         const emptyState = requestList.querySelector('.empty-state');
         if (!emptyState) {
@@ -765,23 +765,42 @@ export function filterRequests() {
                 matchesSearch = false;
             }
         } else {
-            matchesSearch =
-                urlLower.includes(state.currentSearchTerm) ||
-                method.includes(state.currentSearchTerm.toUpperCase()) ||
-                hostnameLower.includes(state.currentSearchTerm) ||
-                headersTextLower.includes(state.currentSearchTerm) ||
-                bodyTextLower.includes(state.currentSearchTerm) ||
-                nameLower.includes(state.currentSearchTerm);
+            // Normal search mode
+            if (state.hostnameOnlyMode) {
+                // Hostname-only mode: search only in hostname
+                matchesSearch = hostnameLower.includes(state.currentSearchTerm);
+            } else {
+                // Search all mode: search across URL, method, headers, body, name
+                matchesSearch =
+                    urlLower.includes(state.currentSearchTerm) ||
+                    method.includes(state.currentSearchTerm.toUpperCase()) ||
+                    hostnameLower.includes(state.currentSearchTerm) ||
+                    headersTextLower.includes(state.currentSearchTerm) ||
+                    bodyTextLower.includes(state.currentSearchTerm) ||
+                    nameLower.includes(state.currentSearchTerm);
+            }
         }
 
         // Check filter
         let matchesFilter = true;
-        
+
+        // Scope hostname filter (from rep+ Config)
+        if (state.repConfig && state.repConfig.scopeHostnames && state.repConfig.scopeHostnames.length > 0) {
+            const requestHostname = hostnameLower;
+            const matchesScope = state.repConfig.scopeHostnames.some(scopeHost =>
+                requestHostname.includes(scopeHost) || scopeHost.includes(requestHostname)
+            );
+
+            if (!matchesScope) {
+                matchesFilter = false;
+            }
+        }
+
         // Check if method filter is active (multi-select)
         if (state.selectedMethods && state.selectedMethods.size > 0) {
             // First check if the method itself is selected
             const methodMatches = state.selectedMethods.has(method);
-            
+
             // If XHR is selected, also check if request matches XHR criteria
             let xhrMatches = false;
             if (state.selectedMethods.has('XHR')) {
@@ -816,7 +835,7 @@ export function filterRequests() {
 
                 xhrMatches = !isExcludedByContentType && !isExcludedByExtension;
             }
-            
+
             // Match if method is selected OR (XHR is selected AND request matches XHR criteria)
             matchesFilter = methodMatches || xhrMatches;
         } else if (state.currentFilter !== 'all') {
@@ -887,11 +906,11 @@ export function filterRequests() {
     });
 
     // Check if any filters are active (for auto-expand logic)
-    const hasActiveFilters = (state.selectedMethods && state.selectedMethods.size > 0) || 
-                             state.starFilterActive || 
-                             state.currentColorFilter !== 'all' || 
-                             state.currentSearchTerm ||
-                             (state.currentFilter !== 'all' && state.currentFilter !== 'starred');
+    const hasActiveFilters = (state.selectedMethods && state.selectedMethods.size > 0) ||
+        state.starFilterActive ||
+        state.currentColorFilter !== 'all' ||
+        state.currentSearchTerm ||
+        (state.currentFilter !== 'all' && state.currentFilter !== 'starred');
 
     // Update domain groups visibility (third-party domains)
     const domainGroups = requestList.querySelectorAll('.domain-group');
@@ -943,8 +962,8 @@ export function filterRequests() {
     if (regexError && state.useRegex && state.currentSearchTerm) {
         events.emit('ui:regex-error', { hasError: true, message: 'Invalid regex pattern' });
     } else {
-        events.emit('ui:regex-error', { 
-            hasError: false, 
+        events.emit('ui:regex-error', {
+            hasError: false,
             message: state.useRegex
                 ? 'Regex mode enabled (click to disable)'
                 : 'Toggle Regex Mode (enable to use regex patterns)'
diff --git a/js/ui/ui-filters.js b/js/ui/ui-filters.js
new file mode 100644
index 0000000..26b3eb8
--- /dev/null
+++ b/js/ui/ui-filters.js
@@ -0,0 +1,145 @@
+// Filters Module - Handles search, regex, method, star, and color filtering
+import { state, actions } from '../core/state.js';
+import { elements } from './main-ui.js';
+import { events, EVENT_NAMES } from '../core/events.js';
+
+const ALL_METHODS = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD', 'OPTIONS', 'TRACE', 'XHR'];
+
+/**
+ * Sets up search and regex filter controls
+ */
+function setupSearchFilter() {
+    if (elements.searchBar) {
+        elements.searchBar.addEventListener('input', (e) => {
+            // Use action to set search (automatically emits events)
+            actions.filter.setSearch(e.target.value.toLowerCase(), state.useRegex);
+        });
+    }
+
+    if (elements.regexToggle) {
+        elements.regexToggle.addEventListener('click', () => {
+            const newUseRegex = !state.useRegex;
+            // Use action to set search with new regex flag
+            actions.filter.setSearch(state.currentSearchTerm, newUseRegex);
+            elements.regexToggle.classList.toggle('active', newUseRegex);
+            elements.regexToggle.title = newUseRegex
+                ? 'Regex mode enabled (click to disable)'
+                : 'Toggle Regex Mode (enable to use regex patterns)';
+        });
+    }
+}
+
+/**
+ * Updates search bar placeholder based on current mode
+ */
+function updateSearchPlaceholder() {
+    if (elements.searchBar) {
+        if (state.hostnameOnlyMode) {
+            elements.searchBar.placeholder = 'Filter by hostname only (e.g., api.example.com)';
+        } else {
+            elements.searchBar.placeholder = 'Filter by URL, method, headers...';
+        }
+    }
+}
+
+/**
+ * Sets up star filter toggle
+ */
+function setupStarFilter() {
+    const starFilterBtn = document.querySelector('.filter-btn[data-filter="starred"]');
+
+    if (starFilterBtn) {
+        // Initialize button state
+        starFilterBtn.classList.toggle('active', state.starFilterActive);
+
+        starFilterBtn.addEventListener('click', () => {
+            const currentlyActive = starFilterBtn.classList.contains('active');
+            const newActive = !currentlyActive;
+
+            // Use action to set star filter (automatically emits events)
+            actions.filter.setStarFilter(newActive);
+
+            // Update UI
+            starFilterBtn.classList.toggle('active', newActive);
+            if (elements.methodFilterMenu) elements.methodFilterMenu.classList.remove('open');
+        });
+    }
+}
+
+/**
+ * Sets up color filter picker
+ */
+function setupColorFilter() {
+    if (!elements.colorFilterBtn) return;
+
+    elements.colorFilterBtn.addEventListener('click', (e) => {
+        e.stopPropagation();
+        // Close any existing popovers
+        document.querySelectorAll('.color-picker-popover').forEach(el => el.remove());
+
+        const popover = document.createElement('div');
+        popover.className = 'color-picker-popover';
+        popover.style.top = '100%';
+        popover.style.left = '0'; // Align left
+        popover.style.right = 'auto';
+
+        const colors = ['all', 'red', 'green', 'blue', 'yellow', 'purple', 'orange'];
+        const colorValues = {
+            'all': 'transparent',
+            'red': '#ff6b6b', 'green': '#51cf66', 'blue': '#4dabf7',
+            'yellow': '#ffd43b', 'purple': '#b197fc', 'orange': '#ff922b'
+        };
+
+        colors.forEach(color => {
+            const swatch = document.createElement('div');
+            swatch.className = `color-swatch ${color === 'all' ? 'none' : ''}`;
+            if (color !== 'all') swatch.style.backgroundColor = colorValues[color];
+            swatch.title = color === 'all' ? 'Show All' : color.charAt(0).toUpperCase() + color.slice(1);
+
+            // Highlight active filter
+            if (state.currentColorFilter === color) {
+                swatch.style.border = '2px solid var(--accent-color)';
+                swatch.style.transform = 'scale(1.1)';
+            }
+
+            swatch.onclick = (e) => {
+                e.stopPropagation();
+                // Use action to set color filter (automatically emits events)
+                actions.filter.setColorFilter(color);
+
+                // Update button style
+                if (color === 'all') {
+                    elements.colorFilterBtn.classList.remove('active');
+                    elements.colorFilterBtn.style.color = '';
+                } else {
+                    elements.colorFilterBtn.classList.add('active');
+                    elements.colorFilterBtn.style.color = colorValues[color];
+                }
+
+                events.emit(EVENT_NAMES.UI_UPDATE_REQUEST_LIST);
+                popover.remove();
+            };
+            popover.appendChild(swatch);
+        });
+
+        elements.colorFilterBtn.appendChild(popover);
+        elements.colorFilterBtn.style.position = 'relative'; // Ensure popover positions correctly
+
+        // Close on click outside
+        const closeHandler = (e) => {
+            if (!popover.contains(e.target) && e.target !== elements.colorFilterBtn) {
+                popover.remove();
+                document.removeEventListener('click', closeHandler);
+            }
+        };
+        setTimeout(() => document.addEventListener('click', closeHandler), 0);
+    });
+}
+
+/**
+ * Initializes all filter controls
+ */
+export function setupFilters() {
+    setupSearchFilter();
+    setupStarFilter();
+}
diff --git a/js/ui/ui-utils.js b/js/ui/ui-utils.js
index c931d68..4291710 100644
--- a/js/ui/ui-utils.js
+++ b/js/ui/ui-utils.js
@@ -55,7 +55,7 @@ export function toggleAllObjects() {
 
 export function clearAllRequestsUI() {
     const requestList = document.getElementById('request-list');
-    
+
     // First, manually remove all groups and items from DOM
     if (requestList) {
         // Remove all page groups, domain groups, path groups, and request items
@@ -70,7 +70,7 @@ export function clearAllRequestsUI() {
                 }
             }
         });
-        
+
         // Forcefully remove all remaining child nodes
         while (requestList.firstChild) {
             requestList.removeChild(requestList.firstChild);
@@ -82,7 +82,7 @@ export function clearAllRequestsUI() {
         emptyState.textContent = 'Listening for requests...';
         requestList.appendChild(emptyState);
     }
-    
+
     // Then clear state (this will emit events)
     actions.request.clearAll();
     actions.blocking.clearBlockedQueue();
@@ -141,21 +141,21 @@ export function setupResizeHandle() {
         } else {
             const offsetX = e.clientX - containerRect.left;
             const containerWidth = containerRect.width;
-            
+
             // Check if chat pane is open
             const chatPane = document.getElementById('llm-chat-pane');
             const isChatOpen = chatPane && chatPane.style.display !== 'none' && window.getComputedStyle(chatPane).display !== 'none';
-            
+
             if (isChatOpen) {
                 // When chat is open, only resize request and response, keep chat fixed
                 const chatRect = chatPane.getBoundingClientRect();
                 const chatWidth = chatRect.width;
                 const chatResizeHandle = document.querySelector('.chat-resize-handle');
                 const chatResizeHandleWidth = chatResizeHandle ? (chatResizeHandle.offsetWidth || 5) : 5;
-                
+
                 // Available width is container minus chat pane and its resize handle
                 const availableWidth = containerWidth - chatWidth - chatResizeHandleWidth;
-                
+
                 // Enforce minimum pixel widths
                 const minLeftPx = 200;
                 const minRightPx = 200;
@@ -163,16 +163,16 @@ export function setupResizeHandle() {
                     Math.max(offsetX, minLeftPx),
                     Math.max(availableWidth - minRightPx, minLeftPx)
                 );
-                
+
                 // Calculate percentages of available width (not full container)
                 let requestPercentage = (clampedOffsetX / availableWidth) * 100;
                 let responsePercentage = 100 - requestPercentage;
-                
+
                 // Convert to container percentages
                 const availablePercentage = (availableWidth / containerWidth) * 100;
                 requestPercentage = (requestPercentage / 100) * availablePercentage;
                 responsePercentage = (responsePercentage / 100) * availablePercentage;
-                
+
                 // Keep chat pane fixed, only adjust request and response
                 requestPane.style.flex = `0 0 ${requestPercentage}%`;
                 responsePane.style.flex = `0 0 ${responsePercentage}%`;
@@ -259,7 +259,7 @@ export function setupUndoRedo() {
     elements.rawRequestInput.addEventListener('blur', () => {
         const content = elements.rawRequestInput.innerText;
         elements.rawRequestInput.innerHTML = highlightHTTP(content);
-        
+
         // Auto-save editor state when user leaves the editor (switching requests, etc.)
         if (state.selectedRequest) {
             const requestIndex = state.requests.indexOf(state.selectedRequest);
@@ -371,15 +371,15 @@ export function setupContextMenu() {
             // Store selected text and range in context menu dataset for later use
             elements.contextMenu.dataset.selectedText = selectedText;
             currentSelection = selection; // Store the selection object
-            
+
             if (selection.rangeCount > 0) {
                 const range = selection.getRangeAt(0);
                 currentRange = range.cloneRange(); // Clone the range to preserve it
-                
+
                 // Calculate character offset from start of editor for reliable positioning
                 // Get plain text first (this strips HTML)
                 const editorText = editor.textContent || editor.innerText || '';
-                
+
                 // Create a range from start of editor to selection start to count characters
                 // This method works even when editor has HTML content
                 try {
@@ -393,7 +393,7 @@ export function setupContextMenu() {
                             null
                         );
                         const firstTextNode = walker.nextNode();
-                        
+
                         if (firstTextNode) {
                             range.setStart(firstTextNode, 0);
                         } else {
@@ -403,10 +403,10 @@ export function setupContextMenu() {
                         range.setEnd(container, offset);
                         return range.toString().length;
                     }
-                    
+
                     const startOffset = getCharacterOffset(range.startContainer, range.startOffset);
                     const endOffset = getCharacterOffset(range.endContainer, range.endOffset);
-                    
+
                     // Verify the offsets make sense and match the selected text
                     if (startOffset >= 0 && endOffset >= startOffset && endOffset <= editorText.length) {
                         const selectedTextFromRange = editorText.substring(startOffset, endOffset);
@@ -423,7 +423,7 @@ export function setupContextMenu() {
                                 contextBefore: editorText.substring(Math.max(0, startOffset - 20), startOffset), // Context for verification
                                 contextAfter: editorText.substring(endOffset, Math.min(editorText.length, endOffset + 20))
                             };
-                            
+
                             // Store character offsets in context menu dataset for bulk replay
                             // This allows marking the exact selected text even if it appears multiple times
                             elements.contextMenu.dataset.charStart = startOffset.toString();
@@ -467,7 +467,7 @@ export function setupContextMenu() {
             }
 
             elements.contextMenu.dataset.fullSelection = isFullSelection ? 'true' : 'false';
-            
+
             showContextMenu(e.clientX, e.clientY, editor);
         });
     });
@@ -493,13 +493,13 @@ export function setupContextMenu() {
             return;
         }
 
-            e.stopPropagation();
-            const action = item.dataset.action;
+        e.stopPropagation();
+        const action = item.dataset.action;
         if (!action) return;
 
         // "Mark Payload (§)" is handled elsewhere
         if (action === 'mark-payload') {
-                hideContextMenu();
+            hideContextMenu();
             return;
         }
 
@@ -694,11 +694,11 @@ function handleEncodeDecode(action) {
         // Strategy: Try to use the range directly first (fastest and most accurate)
         // If that fails, use stored character offsets
         // Last resort: text search
-        
+
         const editorText = editor.textContent || editor.innerText || '';
         let replacementDone = false;
         let startIndex = -1;
-        
+
         // First, try to use the stored range directly (most reliable if still valid)
         if (editor.contentEditable === 'true' && rangeToUse) {
             try {
@@ -726,11 +726,11 @@ function handleEncodeDecode(action) {
                 console.warn('Range invalid, using fallback:', e);
             }
         }
-        
+
         // If range didn't work, use stored character offset
         if (!replacementDone && storedRangeInfo && storedRangeInfo.editor === editor && storedRangeInfo.charStart !== undefined) {
             startIndex = storedRangeInfo.charStart;
-            
+
             // Verify the text at this position matches
             if (startIndex >= 0 && startIndex < editorText.length) {
                 const textAtPosition = editorText.substring(startIndex, startIndex + selectedText.length);
@@ -770,7 +770,7 @@ function handleEncodeDecode(action) {
                 startIndex = -1; // Invalid offset
             }
         }
-        
+
         // Last resort: try to recreate range from stored info, or use indexOf
         if (!replacementDone && startIndex === -1) {
             if (storedRangeInfo && storedRangeInfo.editor === editor) {
@@ -779,7 +779,7 @@ function handleEncodeDecode(action) {
                     const range = document.createRange();
                     range.setStart(storedRangeInfo.startContainer, storedRangeInfo.startOffset);
                     range.setEnd(storedRangeInfo.endContainer, storedRangeInfo.endOffset);
-                    
+
                     if (editor.contains(range.commonAncestorContainer) || range.commonAncestorContainer === editor) {
                         const rangeText = range.toString().trim();
                         if (rangeText === selectedText.trim()) {
@@ -800,7 +800,7 @@ function handleEncodeDecode(action) {
                     // Failed to recreate range
                 }
             }
-            
+
             // Final fallback: use indexOf (but warn if text appears multiple times)
             if (!replacementDone) {
                 startIndex = editorText.indexOf(selectedText);
@@ -810,7 +810,7 @@ function handleEncodeDecode(action) {
                 }
             }
         }
-        
+
         // Perform the replacement using text-based method if range didn't work
         if (!replacementDone && startIndex !== -1 && startIndex >= 0 && startIndex < editorText.length) {
             // Verify the text at this position matches what we expect
@@ -837,7 +837,7 @@ function handleEncodeDecode(action) {
                     return;
                 }
             }
-            
+
             // Extra validation: if startIndex is 0, make sure we have context or stored info
             if (startIndex === 0 && (!storedRangeInfo || storedRangeInfo.charStart !== 0)) {
                 // Position 0 without stored confirmation - this might be wrong
@@ -866,11 +866,11 @@ function handleEncodeDecode(action) {
                     }
                 }
             }
-            
+
             const before = editorText.substring(0, startIndex);
             const after = editorText.substring(startIndex + selectedText.length);
             const newText = before + transformedText + after;
-            
+
             // Replace the text content (this removes HTML, which is fine - we'll re-apply highlighting)
             editor.textContent = newText;
         } else if (!replacementDone) {
@@ -1057,6 +1057,55 @@ function handleCopyAs(action) {
         jsLines.push('  .then(console.log)');
         jsLines.push('  .catch(console.error);');
         textToCopy = jsLines.join('\n');
+    } else if (action === 'copy-as-fetch-poc') {
+        // POC-ready JavaScript fetch (clean, no cookies in headers, relative URL)
+        const urlObj = new URL(req.url);
+        const relativeUrl = urlObj.pathname + urlObj.search;
+
+        // Filter out sensitive/browser-managed headers
+        const ignoreHeaders = ['host', 'connection', 'content-length', 'cookie', 'referer',
+            'sec-fetch-dest', 'sec-fetch-mode', 'sec-fetch-site', 'te'];
+        const filteredHeaders = headers.filter(h => !ignoreHeaders.includes(h.name.toLowerCase()));
+        const hasBody = body && (method === 'POST' || method === 'PUT' || method === 'PATCH' || method === 'DELETE');
+
+        const pocLines = [];
+        pocLines.push(`fetch("${relativeUrl}", {`);
+        pocLines.push(`  method: "${method}",`);
+
+        // Only include important headers (exclude cookie and browser stuff)
+        if (filteredHeaders.length > 0) {
+            pocLines.push('  headers: {');
+            filteredHeaders.forEach((h, idx) => {
+                const key = h.name.toLowerCase();
+                const val = String(h.value).replace(/"/g, '\\"');
+                const comma = idx < filteredHeaders.length - 1 ? ',' : '';
+                pocLines.push(`    "${key}": "${val}"${comma}`);
+            });
+            pocLines.push('  },');
+        }
+
+        // Body
+        if (hasBody) {
+            const ct = headers.find(h => h.name.toLowerCase() === 'content-type')?.value || '';
+            if (ct.toLowerCase().includes('application/json')) {
+                try {
+                    const parsed = JSON.parse(body);
+                    pocLines.push(`  body: JSON.stringify(${JSON.stringify(parsed)}),`);
+                } catch {
+                    pocLines.push(`  body: ${JSON.stringify(body)},`);
+                }
+            } else {
+                pocLines.push(`  body: ${JSON.stringify(body)},`);
+            }
+        }
+
+        // credentials: "include" to let browser handle cookies
+        pocLines.push('  credentials: "include"');
+        pocLines.push('})');
+        pocLines.push('.then(r => r.json())');
+        pocLines.push('.then(data => console.log(data))');
+        pocLines.push('.catch(err => console.error(err));');
+        textToCopy = pocLines.join('\n');
     } else {
         return;
     }
@@ -1093,10 +1142,10 @@ export async function captureScreenshot() {
     // Capture only the full request and response content (no headers/search bars),
     // and make sure the entire text is visible in the image.
     try {
-    if (typeof html2canvas === 'undefined') {
-        alert('html2canvas library not loaded');
-        return;
-    }
+        if (typeof html2canvas === 'undefined') {
+            alert('html2canvas library not loaded');
+            return;
+        }
 
         const requestEditor = document.querySelector('#raw-request-input');
         const responseActiveView = document.querySelector('.response-pane .view-content.active');
diff --git a/manifest.json b/manifest.json
index 6572551..dd8df98 100644
--- a/manifest.json
+++ b/manifest.json
@@ -1,10 +1,11 @@
 {
     "manifest_version": 3,
     "name": "rep+",
-    "version": "1.3.1",
+    "version": "1.3.2",
     "description": "rep+ - Capture, modify, and replay HTTP requests in Firefox DevTools with AI-powered security analysis.",
     "permissions": [
-        "webRequest"
+        "webRequest",
+        "webRequestBlocking"
     ],
     "host_permissions": [
         "<all_urls>",
@@ -19,20 +20,28 @@
     },
     "devtools_page": "devtools.html",
     "background": {
-        "scripts": ["background.js"]
+        "scripts": [
+            "background.js"
+        ]
     },
     "web_accessible_resources": [
         {
-            "resources": ["rules/*"],
-            "matches": ["<all_urls>"]
+            "resources": [
+                "rules/*"
+            ],
+            "matches": [
+                "<all_urls>"
+            ]
         }
     ],
     "browser_specific_settings": {
         "gecko": {
-            "id": "rep-plus@extension",
+            "id": "rep-plus-h0tak88r@extension",
             "strict_min_version": "109.0",
             "data_collection_permissions": {
-                "required": ["none"],
+                "required": [
+                    "none"
+                ],
                 "optional": []
             }
         }
diff --git a/panel.html b/panel.html
index 78da1df..c158ef6 100644
--- a/panel.html
+++ b/panel.html
@@ -7,6 +7,9 @@
     <title>Repeater Panel</title>
     <link rel="stylesheet" href="css/panel.css">
     <link rel="stylesheet" href="css/json-viewer.css">
+    <link rel="stylesheet" href="css/auth-analyzer-config-panel.css">
+    <link rel="stylesheet" href="css/rep-config-panel.css">
+    <link rel="stylesheet" href="css/auth-analyzer-panel.css">
     <!-- Highlight.js for syntax highlighting -->
     <link rel="stylesheet" href="css/github-dark.min.css" id="hljs-style">
     <script src="lib/highlight.min.js"></script>
@@ -14,15 +17,6 @@
 
 <body>
     <!-- Promotional Banner -->
-    <div id="promo-banner" class="promo-banner">
-        <div class="promo-content">
-            <span>⭐ Give rep+ a star on <a href="https://github.com/bscript/rep" target="_blank">GitHub</a> and consider
-                <a href="https://github.com/sponsors/bscript" target="_blank">sponsoring</a> on GitHub or
-                <a href="https://opencollective.com/rep" target="_blank">Open Collective</a>!</span>
-        </div>
-        <button id="close-banner" class="close-banner" title="Dismiss">×</button>
-    </div>
-
     <div class="container">
         <!-- Left Sidebar: Request List -->
         <div class="sidebar">
@@ -30,20 +24,23 @@
                 <div class="search-container">
                     <!-- Primary Actions: Search and Most Used Buttons -->
                     <div class="search-input-wrapper">
-                        <input type="text" id="search-bar" placeholder="Filter requests...">
+                        <input type="text" id="search-bar" placeholder="Filter by URL, hostname, method, headers...">
                         <button id="regex-toggle" class="regex-toggle-inline" title="Toggle Regex Mode">
                             <span class="regex-icon">.*</span>
                         </button>
                     </div>
                     <div class="primary-actions">
-                        <button id="remove-duplicates-btn" class="icon-btn" title="Remove duplicate requests (enabled by default)">
+                        <button id="remove-duplicates-btn" class="icon-btn"
+                            title="Remove duplicate requests (enabled by default)">
                             <svg viewBox="0 0 24 24" width="14" height="14" fill="currentColor">
-                                <path d="M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z"/>
+                                <path d="M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z" />
                             </svg>
                         </button>
                         <button id="clear-all-btn" class="icon-btn" title="Clear all requests">
-                            <svg viewBox="0 0 24 24" width="14" height="14" fill="currentColor" style="pointer-events: none;">
-                                <path d="M6 19c0 1.1.9 2 2 2h8c1.1 0 2-.9 2-2V7H6v12zM19 4h-3.5l-1-1h-5l-1 1H5v2h14V4z" />
+                            <svg viewBox="0 0 24 24" width="14" height="14" fill="currentColor"
+                                style="pointer-events: none;">
+                                <path
+                                    d="M6 19c0 1.1.9 2 2 2h8c1.1 0 2-.9 2-2V7H6v12zM19 4h-3.5l-1-1h-5l-1 1H5v2h14V4z" />
                             </svg>
                         </button>
                         <button id="toggle-groups-btn" class="icon-btn" title="Collapse/Expand All Groups">
@@ -52,32 +49,60 @@
                                     d="M12 5.83L15.17 9l1.41-1.41L12 3 7.41 7.59 8.83 9 12 5.83zm0 12.34L8.83 15l-1.41 1.41L12 21l4.59-4.59L15.17 15 12 18.17z" />
                             </svg>
                         </button>
-                        <button id="llm-chat-toggle-btn" class="icon-btn ai-icon-btn" title="Rep+ AI Assistance">
-                            <svg class="ai-icon" viewBox="0 0 24 24" width="16" height="16" fill="none" xmlns="http://www.w3.org/2000/svg">
-                                <path d="M12 2C8.13 2 5 5.13 5 9c0 2.38 1.19 4.47 3 5.74V17c0 .55.45 1 1 1h6c.55 0 1-.45 1-1v-2.26c1.81-1.27 3-3.36 3-5.74 0-3.87-3.13-7-7-7z" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" fill="none"/>
-                                <circle cx="9" cy="9" r="1" fill="currentColor"/>
-                                <circle cx="15" cy="9" r="1" fill="currentColor"/>
-                                <path d="M9 13c.5.5 1.5 1 3 1s2.5-.5 3-1" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/>
-                                <circle class="ai-sparkle ai-sparkle-1" cx="4" cy="6" r="0.8" fill="currentColor"/>
-                                <circle class="ai-sparkle ai-sparkle-2" cx="20" cy="8" r="0.8" fill="currentColor"/>
-                                <circle class="ai-sparkle ai-sparkle-3" cx="6" cy="18" r="0.8" fill="currentColor"/>
-                                <circle class="ai-sparkle ai-sparkle-4" cx="18" cy="20" r="0.8" fill="currentColor"/>
-                            </svg>
-                        </button>
                         <button id="toggle-sidebar-btn" class="icon-btn" title="Hide sidebar">
                             <svg viewBox="0 0 24 24" width="14" height="14" fill="currentColor">
                                 <path d="M4 4h4v16H4V4zm5 0h11v2H9V4zm0 6h11v2H9v-2zm0 6h11v2H9v-2z" />
                             </svg>
                         </button>
+                        <button id="auth-results-btn" class="icon-btn" title="Auth Analyzer Results">
+                            <span style="font-size: 14px;">🔒</span>
+                        </button>
                     </div>
                     <!-- Secondary Actions: More Menu -->
                     <div class="more-menu-wrapper">
                         <button id="more-menu-btn" class="icon-btn more-menu-btn" title="More options">
                             <svg viewBox="0 0 24 24" width="14" height="14" fill="currentColor">
-                                <path d="M12 8c1.1 0 2-.9 2-2s-.9-2-2-2-2 .9-2 2 .9 2 2 2zm0 2c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2zm0 6c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2z"/>
+                                <path
+                                    d="M12 8c1.1 0 2-.9 2-2s-.9-2-2-2-2 .9-2 2 .9 2 2 2zm0 2c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2zm0 6c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2z" />
                             </svg>
                         </button>
                         <div id="more-menu" class="more-menu hidden">
+                            <button id="auth-analyzer-toggle" class="more-menu-item"
+                                style="border-bottom: 1px solid var(--border-color); margin-bottom: 4px; padding-bottom: 8px;">
+                                <span style="font-size: 14px;">🔒</span>
+                                <span>Auth Analyzer</span>
+                                <span class="badge"
+                                    style="display: none; background: #f44336; color: white; padding: 1px 5px; border-radius: 10px; font-size: 9px; margin-left: auto;"></span>
+                            </button>
+                            <button id="rep-config-btn" class="more-menu-item">
+                                <svg viewBox="0 0 24 24" width="14" height="14">
+                                    <path
+                                        d="M19.14 12.94c.04-.3.06-.61.06-.94 0-.32-.02-.64-.07-.94l2.03-1.58c.18-.14.23-.41.12-.61l-1.92-3.32c-.12-.22-.37-.29-.59-.22l-2.39.96c-.5-.38-1.03-.7-1.62-.94L14.4 2.81c-.04-.24-.24-.41-.48-.41h-3.84c-.24 0-.43.17-.47.41l-.36 2.54c-.59.24-1.13.57-1.62.94l-2.39-.96c-.22-.08-.47 0-.59.22L2.74 8.87c-.12.21-.08.47.12.61l2.03 1.58c-.05.3-.09.63-.09.94s.02.64.07.94l-2.03 1.58c-.18.14-.23.41-.12.61l1.92 3.32c.12.22.37.29.59.22l2.39-.96c.5.38 1.03.7 1.62.94l.36 2.54c.05.24.24.41.48.41h3.84c.24 0 .44-.17.47-.41l.36-2.54c.59-.24 1.13-.56 1.62-.94l2.39.96c.22.08.47 0 .59-.22l1.92-3.32c.12-.22.07-.47-.12-.61l-2.01-1.58zM12 15.6c-1.98 0-3.6-1.62-3.6-3.6s1.62-3.6 3.6-3.6 3.6 1.62 3.6 3.6-1.62 3.6-3.6 3.6z"
+                                        fill="currentColor" />
+                                </svg>
+                                <span>rep+ Config</span>
+                            </button>
+                            <button id="llm-chat-toggle-btn" class="more-menu-item" title="Rep+ AI Assistance">
+                                <svg viewBox="0 0 24 24" width="16" height="16" fill="none" stroke="currentColor"
+                                    stroke-width="2">
+                                    <path
+                                        d="M12 2C8.13 2 5 5.13 5 9c0 2.38 1.19 4.47 3 5.74V17c0 .55.45 1 1 1h6c.55 0 1-.45 1-1v-2.26c1.81-1.27 3-3.36 3-5.74 0-3.87-3.13-7-7-7z"
+                                        stroke="currentColor" stroke-width="1.5" stroke-linecap="round"
+                                        stroke-linejoin="round" fill="none" />
+                                    <circle cx="9" cy="9" r="1" fill="currentColor" />
+                                    <circle cx="15" cy="9" r="1" fill="currentColor" />
+                                    <path d="M9 13c.5.5 1.5 1 3 1s2.5-.5 3-1" stroke="currentColor" stroke-width="1.5"
+                                        stroke-linecap="round" />
+                                    <circle class="ai-sparkle ai-sparkle-1" cx="4" cy="6" r="0.8" fill="currentColor" />
+                                    <circle class="ai-sparkle ai-sparkle-2" cx="20" cy="8" r="0.8"
+                                        fill="currentColor" />
+                                    <circle class="ai-sparkle ai-sparkle-3" cx="6" cy="18" r="0.8"
+                                        fill="currentColor" />
+                                    <circle class="ai-sparkle ai-sparkle-4" cx="18" cy="20" r="0.8"
+                                        fill="currentColor" />
+                                </svg>
+                                <span>AI Assistant</span>
+                            </button>
                             <button id="settings-btn" class="more-menu-item">
                                 <svg viewBox="0 0 24 24" width="14" height="14">
                                     <path
@@ -98,7 +123,8 @@
                                 </svg>
                                 <span>Export</span>
                             </button>
-                            <button id="extractor-btn" class="more-menu-item" title="Extract secrets, endpoints, parameters, and search responses">
+                            <button id="extractor-btn" class="more-menu-item"
+                                title="Extract secrets, endpoints, parameters, and search responses">
                                 <svg viewBox="0 0 24 24" width="14" height="14">
                                     <path
                                         d="M12 1L3 5v6c0 5.55 3.84 10.74 9 12 5.16-1.26 9-6.45 9-12V5l-9-4zm0 10.99h7c-.53 4.12-3.28 7.79-7 8.94V12H5V6.3l7-3.11v8.8z"
@@ -111,79 +137,7 @@
                     <input type="file" id="import-file" accept=".json" style="display: none;">
                 </div>
                 <div class="filters">
-                    <div class="method-filter" id="method-filter">
-                        <button id="method-filter-btn" class="filter-btn method-filter-btn" title="Filter by method">
-                            <span id="method-filter-label">All</span>
-                            <span class="method-caret">▾</span>
-                        </button>
-                        <div id="method-filter-menu" class="method-filter-menu">
-                            <div class="method-filter-actions">
-                                <button class="method-filter-action-btn" id="method-select-all">Select all</button>
-                                <button class="method-filter-action-btn" id="method-clear-all">Clear all</button>
-                            </div>
-                            <div class="method-filter-divider"></div>
-                            <div class="method-filter-item" data-filter="GET">
-                                <input type="checkbox" class="method-checkbox" data-filter="GET">
-                                <span>GET</span>
-                            </div>
-                            <div class="method-filter-item" data-filter="POST">
-                                <input type="checkbox" class="method-checkbox" data-filter="POST">
-                                <span>POST</span>
-                            </div>
-                            <div class="method-filter-item" data-filter="PUT">
-                                <input type="checkbox" class="method-checkbox" data-filter="PUT">
-                                <span>PUT</span>
-                            </div>
-                            <div class="method-filter-item" data-filter="DELETE">
-                                <input type="checkbox" class="method-checkbox" data-filter="DELETE">
-                                <span>DELETE</span>
-                            </div>
-                            <div class="method-filter-item" data-filter="PATCH">
-                                <input type="checkbox" class="method-checkbox" data-filter="PATCH">
-                                <span>PATCH</span>
-                            </div>
-                            <div class="method-filter-item" data-filter="HEAD">
-                                <input type="checkbox" class="method-checkbox" data-filter="HEAD">
-                                <span>HEAD</span>
-                            </div>
-                            <div class="method-filter-item" data-filter="OPTIONS">
-                                <input type="checkbox" class="method-checkbox" data-filter="OPTIONS">
-                                <span>OPTIONS</span>
-                            </div>
-                            <div class="method-filter-item" data-filter="TRACE">
-                                <input type="checkbox" class="method-checkbox" data-filter="TRACE">
-                                <span>TRACE</span>
-                            </div>
-                            <div class="method-filter-divider"></div>
-                            <div class="method-filter-item" data-filter="XHR"
-                                title="Show only XHR/Fetch requests (exclude images, fonts, text files)">
-                                <input type="checkbox" class="method-checkbox" data-filter="XHR">
-                                <span>XHR/Fetch</span>
-                            </div>
-                        </div>
-                    </div>
-                    <button id="color-filter-btn" class="filter-btn" title="Filter by Color">
-                        <svg viewBox="0 0 24 24" width="14" height="14" fill="currentColor">
-                            <path
-                                d="M12 3c-4.97 0-9 4.03-9 9s4.03 9 9 9c.83 0 1.5-.67 1.5-1.5 0-.39-.15-.74-.39-1.01-.23-.26-.38-.61-.38-.99 0-.83.67-1.5 1.5-1.5H16c2.76 0 5-2.24 5-5 0-4.42-4.03-8-9-8zm-5.5 9c-.83 0-1.5-.67-1.5-1.5S5.67 9 6.5 9 8 9.67 8 10.5 7.33 12 6.5 12zm3-4C8.67 8 8 7.33 8 6.5S8.67 5 9.5 5s1.5.67 1.5 1.5S10.33 8 9.5 8zm5 0c-.83 0-1.5-.67-1.5-1.5S13.67 5 14.5 5s1.5.67 1.5 1.5S15.33 8 14.5 8zm3 4c-.83 0-1.5-.67-1.5-1.5S16.67 9 17.5 9s1.5.67 1.5 1.5-.67 1.5-1.5 1.5z" />
-                        </svg>
-                    </button>
                     <button class="filter-btn" data-filter="starred" title="Show Starred">★</button>
-                    <div class="divider-vertical"
-                        style="width: 1px; height: 20px; background: var(--border-color); margin: 0 4px;"></div>
-                    <button id="block-toggle-btn" class="icon-btn block-toggle-btn" title="Block incoming requests" aria-label="Block incoming requests">
-                        <svg class="block-icon" viewBox="0 0 24 24" width="14" height="14" fill="currentColor"><path d="M8 5h3v14H8zm5 0h3v14h-3z"/></svg>
-                    </button>
-                    <div class="forward-combo" id="forward-combo">
-                        <button id="forward-btn" class="icon-btn forward-combo-btn" title="Forward blocked requests">
-                            <span class="forward-label">Forward (0)</span>
-                            <span class="forward-caret" data-caret>▾</span>
-                        </button>
-                        <div id="forward-menu" class="forward-menu">
-                            <div class="forward-menu-item active" data-mode="next">Forward next</div>
-                            <div class="forward-menu-item" data-mode="all">Forward all</div>
-                        </div>
-                    </div>
                 </div>
 
             </div>
@@ -205,7 +159,8 @@
                     <div class="pane-header">
                         <h3>Request</h3>
                         <div class="header-actions">
-                            <button id="show-sidebar-btn" class="icon-btn show-sidebar-btn" title="Show sidebar" aria-label="Show sidebar" style="display: none;">
+                            <button id="show-sidebar-btn" class="icon-btn show-sidebar-btn" title="Show sidebar"
+                                aria-label="Show sidebar" style="display: none;">
                                 <svg viewBox="0 0 24 24" width="16" height="16" fill="currentColor">
                                     <path d="M3 4h4v16H3V4zm5 0h16v2H8V4zm0 6h16v2H8v-2zm0 6h16v2H8v-2z" />
                                 </svg>
@@ -239,13 +194,15 @@ <h3>Request</h3>
                             <div class="history-nav">
                                 <button id="undo-btn" class="icon-btn" title="Undo (Ctrl/Cmd+Z)" disabled>
                                     <svg viewBox="0 0 24 24" width="16" height="16">
-                                        <path d="M12 5V1L7 6l5 5V7c3.31 0 6 2.69 6 6 0 1.01-.25 1.96-.7 2.8l1.46 1.46A7.932 7.932 0 0020 13c0-4.42-3.58-8-8-8z"
+                                        <path
+                                            d="M12 5V1L7 6l5 5V7c3.31 0 6 2.69 6 6 0 1.01-.25 1.96-.7 2.8l1.46 1.46A7.932 7.932 0 0020 13c0-4.42-3.58-8-8-8z"
                                             fill="currentColor" />
                                     </svg>
                                 </button>
                                 <button id="redo-btn" class="icon-btn" title="Redo (Ctrl/Cmd+Y or Shift+Z)" disabled>
                                     <svg viewBox="0 0 24 24" width="16" height="16">
-                                        <path d="M12 5V1l5 5-5 5V7c-3.31 0-6 2.69-6 6 0 1.01.25 1.96.7 2.8L5.24 17.26A7.932 7.932 0 014 13c0-4.42 3.58-8 8-8z"
+                                        <path
+                                            d="M12 5V1l5 5-5 5V7c-3.31 0-6 2.69-6 6 0 1.01.25 1.96.7 2.8L5.24 17.26A7.932 7.932 0 014 13c0-4.42 3.58-8 8-8z"
                                             fill="currentColor" />
                                     </svg>
                                 </button>
@@ -266,6 +223,8 @@ <h3>Request</h3>
                                     <path d="M3 5v14h18V5H3zm16 12h-6V7h6v10zm-8 0H5V7h6v10z" fill="currentColor" />
                                 </svg>
                             </button>
+                            <button id="test-auth-btn" class="secondary-btn" style="margin-right: 8px;">Test
+                                Auth</button>
                             <button id="send-btn" class="primary-btn">Send</button>
                         </div>
                     </div>
@@ -399,15 +358,20 @@ <h3>Response</h3>
                                 <pre id="res-json-display" class="json-display"></pre>
                             </div>
                             <div id="res-view-preview" class="view-content" style="display: none;">
-                                <div class="preview-controls" style="padding: 8px; border-bottom: 1px solid var(--border-color); display: flex; align-items: center; gap: 8px; flex-wrap: wrap;">
+                                <div class="preview-controls"
+                                    style="padding: 8px; border-bottom: 1px solid var(--border-color); display: flex; align-items: center; gap: 8px; flex-wrap: wrap;">
                                     <label style="display: flex; align-items: center; gap: 4px; font-size: 12px;">
                                         <input type="checkbox" id="preview-allow-scripts" style="margin: 0;">
                                         <span>Allow Scripts</span>
                                     </label>
-                                    <span style="font-size: 11px; color: var(--text-secondary);">⚠️ Enabling scripts may pose security risks</span>
-                                    <span style="font-size: 10px; color: var(--text-secondary); margin-left: auto;">Note: Console warnings are expected for sandboxed content</span>
+                                    <span style="font-size: 11px; color: var(--text-secondary);">⚠️ Enabling scripts may
+                                        pose security risks</span>
+                                    <span
+                                        style="font-size: 10px; color: var(--text-secondary); margin-left: auto;">Note:
+                                        Console warnings are expected for sandboxed content</span>
                                 </div>
-                                <iframe id="response-preview-iframe" sandbox="allow-forms allow-same-origin" style="width: 100%; height: 100%; border: none; background: white;"></iframe>
+                                <iframe id="response-preview-iframe" sandbox="allow-forms allow-same-origin"
+                                    style="width: 100%; height: 100%; border: none; background: white;"></iframe>
                             </div>
                         </div>
                         <div class="search-bar-container">
@@ -436,23 +400,28 @@ <h3>Response</h3>
                     <div class="pane-header">
                         <div style="display: flex; align-items: center; gap: 8px;">
                             <h3>Rep+ AI Assistance</h3>
-                            <span id="llm-chat-request-badge" class="llm-chat-request-badge" style="display: none;"></span>
-                            <span id="llm-chat-token-estimate" class="llm-chat-token-estimate" style="display: none;"></span>
+                            <span id="llm-chat-request-badge" class="llm-chat-request-badge"
+                                style="display: none;"></span>
+                            <span id="llm-chat-token-estimate" class="llm-chat-token-estimate"
+                                style="display: none;"></span>
                         </div>
                         <div class="header-actions">
                             <button id="llm-chat-close-btn" class="icon-btn" title="Close Chat">
                                 <svg viewBox="0 0 24 24" width="16" height="16" fill="currentColor">
-                                    <path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/>
+                                    <path
+                                        d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z" />
                                 </svg>
                             </button>
                         </div>
                     </div>
                     <div class="pane-body llm-chat-body">
-                        <div id="llm-chat-reference-container" class="llm-chat-reference-container" style="display: none;">
+                        <div id="llm-chat-reference-container" class="llm-chat-reference-container"
+                            style="display: none;">
                             <div class="llm-chat-reference-header">
-                                <button id="llm-chat-reference-toggle" class="llm-chat-reference-toggle" title="Toggle reference list">
+                                <button id="llm-chat-reference-toggle" class="llm-chat-reference-toggle"
+                                    title="Toggle reference list">
                                     <svg viewBox="0 0 24 24" width="12" height="12" fill="currentColor">
-                                        <path d="M7 10l5 5 5-5z"/>
+                                        <path d="M7 10l5 5 5-5z" />
                                     </svg>
                                 </button>
                                 <span>🔗 Reference previous requests:</span>
@@ -462,15 +431,18 @@ <h3>Rep+ AI Assistance</h3>
                         <div id="llm-chat-messages" class="llm-chat-messages"></div>
                         <div class="llm-chat-input-container">
                             <div class="llm-chat-input-wrapper">
-                                <textarea id="llm-chat-input" class="llm-chat-input" placeholder="Ask me anything about the selected request..." rows="1"></textarea>
-                                <button id="llm-chat-send-btn" class="llm-chat-send-btn" title="Send message (Enter)" type="button">
+                                <textarea id="llm-chat-input" class="llm-chat-input"
+                                    placeholder="Ask me anything about the selected request..." rows="1"></textarea>
+                                <button id="llm-chat-send-btn" class="llm-chat-send-btn" title="Send message (Enter)"
+                                    type="button">
                                     <svg viewBox="0 0 24 24" width="16" height="16" fill="currentColor">
-                                        <path d="M12 4l-1.41 1.41L16.17 11H4v2h12.17l-5.58 5.59L12 20l8-8z"/>
+                                        <path d="M12 4l-1.41 1.41L16.17 11H4v2h12.17l-5.58 5.59L12 20l8-8z" />
                                     </svg>
                                 </button>
                             </div>
                             <div class="llm-chat-disclaimer">Rep+ can make mistakes. Check important info.</div>
-                            <button id="llm-chat-clear-btn" class="llm-chat-clear-btn" title="Clear conversation">Clear</button>
+                            <button id="llm-chat-clear-btn" class="llm-chat-clear-btn"
+                                title="Clear conversation">Clear</button>
                         </div>
                     </div>
                 </div>
@@ -571,12 +543,193 @@ <h3>Bulk Replay Results</h3>
                 <div class="context-menu-item" data-action="copy-as-fetch" data-requires-full-selection="true">
                     JavaScript fetch
                 </div>
+                <div class="context-menu-item" data-action="copy-as-fetch-poc" data-requires-full-selection="true">
+                    JavaScript fetch (POC)
+                </div>
             </div>
         </div>
         <div class="context-menu-separator"></div>
         <div class="context-menu-item" data-action="mark-payload">Mark Payload (§)</div>
     </div>
 
+    <!-- Auth Analyzer Configuration Panel -->
+    <div id="auth-analyzer-config-panel">
+        <div class="auth-config-header">
+            <h3>🔒 Auth Analyzer Configuration</h3>
+            <button id="auth-config-close-btn" class="auth-config-close" title="Close">×</button>
+        </div>
+        <div class="auth-config-content">
+            <div id="auth-config-status" class="auth-config-status disabled">
+                <span class="auth-config-status-icon">⚪</span>
+                <span id="auth-config-status-text">Auth Analyzer is DISABLED</span>
+            </div>
+
+            <div class="auth-config-section">
+                <h4>Authorization Headers Configuration</h4>
+                <div class="auth-config-description">
+                    Configure test session credentials (cookie, header, or URL param).
+                </div>
+
+                <!-- Cookie Configuration -->
+                <div style="margin-bottom: 20px; padding: 12px; background: var(--bg-secondary); border-radius: 8px;">
+                    <label
+                        style="display: flex; align-items: center; gap: 8px; cursor: pointer; font-weight: 500; margin-bottom: 12px;">
+                        <input type="checkbox" id="auth-use-cookie">
+                        <span>🍪 Use Session Cookie</span>
+                    </label>
+
+                    <div id="auth-cookie-config" style="margin-left: 24px; display: none;">
+                        <label class="auth-config-label">Cookie Value</label>
+                        <textarea id="auth-cookie-value" class="auth-config-input" style="min-height: 60px;"
+                            placeholder="session=abc12345; user_role=admin"></textarea>
+                        <div class="auth-config-hint">
+                            <strong>Tip:</strong> Copy the full Cookie header from test session.
+                        </div>
+                    </div>
+                </div>
+
+                <!-- Custom Header Configuration -->
+                <div style="margin-bottom: 20px; padding: 12px; background: var(--bg-secondary); border-radius: 8px;">
+                    <label
+                        style="display: flex; align-items: center; gap: 8px; cursor: pointer; font-weight: 500; margin-bottom: 12px;">
+                        <input type="checkbox" id="auth-use-custom-header">
+                        <span>🔑 Use Custom Header(s)</span>
+                    </label>
+
+                    <div id="auth-custom-header-config" style="margin-left: 24px; display: none;">
+                        <div id="auth-custom-headers-list"></div>
+                        <button id="auth-add-custom-header-btn" type="button"
+                            style="margin-top: 8px; padding: 6px 12px; background: var(--accent-color); color: white; border: none; border-radius: 4px; cursor: pointer; font-size: 12px;">
+                            + Add Custom Header
+                        </button>
+                        <div class="auth-config-hint" style="margin-top: 8px;">
+                            <strong>Tip:</strong> For Bearer tokens, include "Bearer " prefix.
+                        </div>
+                    </div>
+                </div>
+
+
+            </div>
+
+            <!-- Realtime Analysis Settings -->
+            <div class="auth-config-section">
+                <h4>Realtime Analysis Settings</h4>
+                <div style="margin-bottom: 12px;">
+                    <label style="display: flex; align-items: center; gap: 8px; cursor: pointer; font-weight: 500;">
+                        <input type="checkbox" id="auth-realtime-toggle" checked>
+                        <span>Enable Realtime Analysis</span>
+                    </label>
+                    <div class="auth-config-hint" style="margin-left: 24px;">
+                        If enabled, requests will be automatically analyzed as they are captured.
+                    </div>
+                </div>
+                <div>
+                    <label class="auth-config-label">Scope (Optional)</label>
+                    <input type="text" id="auth-realtime-scope" class="auth-config-input" style="min-height: 40px;"
+                        placeholder="e.g. api.example.com or /api/v1">
+                    <div class="auth-config-hint">
+                        Only analyze requests where URL contains this string (or matches regex). Leave empty to analyze
+                        all.
+                    </div>
+                </div>
+                <div style="margin-top: 12px;">
+                    <label style="display: flex; align-items: center; gap: 8px; cursor: pointer; font-weight: 500;">
+                        <input type="checkbox" id="auth-filter-static" checked>
+                        <span>Filter Static Files</span>
+                    </label>
+                    <div class="auth-config-hint" style="margin-left: 24px;">
+                        Skip common static resources (CSS, JS, images, fonts, etc.) to reduce noise.
+                    </div>
+                </div>
+            </div>
+
+            <!-- URL Parameter Swapping Section -->
+            <div class="auth-config-section"
+                style="margin-top: 20px; border-top: 2px solid var(--border-color); padding-top: 20px;">
+                <label style="display: flex; align-items: center; gap: 8px; cursor: pointer;">
+                    <input type="checkbox" id="auth-use-url-param">
+                    <span style="font-weight: 600; font-size: 13px;">🔗 Use URL Parameter(s)</span>
+                </label>
+                <div id="auth-url-param-config" style="display: none; margin-top: 12px;">
+                    <div id="auth-url-params-list"></div>
+                    <button id="auth-add-url-param-btn" type="button"
+                        style="margin-top: 8px; padding: 6px 12px; background: var(--accent-color); color: white; border: none; border-radius: 4px; cursor: pointer; font-size: 12px;">
+                        + Add URL Parameter
+                    </button>
+                    <div class="auth-config-hint" style="margin-top: 8px;">
+                        <strong>Tip:</strong> Replaces query param value in URL.
+                    </div>
+                </div>
+            </div>
+
+            <!-- Bulk Replay Section (Inside Config Panel for now) -->
+            <div class="auth-config-section"
+                style="margin-top: 24px; border-top: 2px solid var(--border-color); padding-top: 24px;">
+                <h4>Bulk Replay (Existing Requests)</h4>
+                <div class="auth-config-description">
+                    Run Auth Analyzer against requests already captured in your history.
+                </div>
+                <label class="auth-config-label">Target Hosts (comma separated, optional)</label>
+                <input type="text" id="auth-bulk-hosts-input" class="auth-config-input" style="min-height: 40px;"
+                    placeholder="e.g. example.com, api.test.com">
+                <div id="auth-bulk-status" style="margin: 10px 0; font-size: 12px; color: var(--text-secondary);"></div>
+                <button id="auth-bulk-replay-btn" class="auth-config-btn auth-config-btn-secondary"
+                    style="width: 100%; margin-top: 8px;">
+                    ▶ Run Bulk Replay
+                </button>
+            </div>
+        </div>
+        <div class="auth-config-footer">
+            <button id="auth-config-disable-btn" class="auth-config-btn auth-config-btn-secondary"
+                disabled>Disable</button>
+            <button id="auth-config-save-btn" class="auth-config-btn auth-config-btn-primary">Save & Enable</button>
+        </div>
+    </div>
+
+    <!-- rep+ Global Configuration Panel -->
+    <div id="rep-config-panel">
+        <div class="auth-config-header">
+            <h3>⚙️ rep+ Configuration</h3>
+            <button id="rep-config-close-btn" class="auth-config-close" title="Close">×</button>
+        </div>
+        <div class="auth-config-content">
+            <!-- Filter Static Section -->
+            <div class="auth-config-section">
+                <h4>🗂️ Filter Static Files</h4>
+                <div class="auth-config-description">
+                    Remove static resources (JS, CSS, Images, Fonts, etc.) from the request list to focus on API
+                    endpoints.
+                </div>
+                <label style="display: flex; align-items: center; gap: 8px; cursor: pointer; margin-top: 12px;">
+                    <input type="checkbox" id="rep-config-filter-static">
+                    <span>Enable Static File Filtering</span>
+                </label>
+            </div>
+
+            <!-- Scope (Hostname Filter) Section -->
+            <div class="auth-config-section"
+                style="margin-top: 24px; border-top: 2px solid var(--border-color); padding-top: 24px;">
+                <h4>🌐 Scope (Hostname Filter)</h4>
+                <div class="auth-config-description">
+                    Only show requests from specific hostname(s). This filters the entire request list to your target
+                    scope.
+                </div>
+                <label class="auth-config-label" style="margin-top: 12px;">Hostname(s) - comma separated (leave empty
+                    for all)</label>
+                <input type="text" id="rep-config-scope-hostnames" class="auth-config-input" style="min-height: 40px;"
+                    placeholder="e.g., api.example.com, app.test.com">
+                <div class="auth-config-hint">
+                    <strong>Tip:</strong> Use this to focus on specific domains. All requests from other domains will be
+                    hidden.
+                </div>
+            </div>
+        </div>
+        <div class="auth-config-footer">
+            <button id="rep-config-cancel-btn" class="auth-config-btn auth-config-btn-secondary">Cancel</button>
+            <button id="rep-config-save-btn" class="auth-config-btn auth-config-btn-primary">Save</button>
+        </div>
+    </div>
+
     <!-- Bulk Replay Configuration Modal -->
     <div id="bulk-config-modal" class="modal">
         <div class="modal-content">
@@ -698,7 +851,8 @@ <h3>Settings</h3>
                 <div id="local-settings" class="provider-settings" style="display: none;">
                     <div class="form-group">
                         <label for="local-api-url">API URL</label>
-                        <input type="text" id="local-api-url" class="form-control" placeholder="http://localhost:11434/api/generate">
+                        <input type="text" id="local-api-url" class="form-control"
+                            placeholder="http://localhost:11434/api/generate">
                         <p class="help-text">URL endpoint for your local model API (e.g., Ollama). Stored locally.</p>
                     </div>
                     <div class="form-group">
@@ -720,13 +874,19 @@ <h3>Settings</h3>
             <div class="modal-header">
                 <h3>Request Explanation</h3>
                 <div style="position: relative; display: flex; align-items: center; margin-left: auto;">
-                    <button id="ai-export-toggle" class="secondary-btn" title="Export AI output" style="display: flex; align-items: center; gap: 6px;">
+                    <button id="ai-export-toggle" class="secondary-btn" title="Export AI output"
+                        style="display: flex; align-items: center; gap: 6px;">
                         <span>📤 Export</span>
                         <span style="font-size: 11px;">▼</span>
                     </button>
-                    <div id="ai-export-menu" style="display: none; position: absolute; top: 32px; right: 0; background: var(--bg-color); border: 1px solid var(--border-color); border-radius: 6px; box-shadow: 0 4px 12px rgba(0,0,0,0.2); min-width: 170px; z-index: 50;">
-                        <button id="ai-export-md-item" class="menu-item" style="width: 100%; text-align: left; padding: 8px 12px; background: transparent; border: none; color: var(--text-color); display: flex; gap: 8px; align-items: center;">📝 Export as Markdown</button>
-                        <button id="ai-export-pdf-item" class="menu-item" style="width: 100%; text-align: left; padding: 8px 12px; background: transparent; border: none; color: var(--text-color); display: flex; gap: 8px; align-items: center; border-top: 1px solid var(--border-color);">🖨️ Export as PDF</button>
+                    <div id="ai-export-menu"
+                        style="display: none; position: absolute; top: 32px; right: 0; background: var(--bg-color); border: 1px solid var(--border-color); border-radius: 6px; box-shadow: 0 4px 12px rgba(0,0,0,0.2); min-width: 170px; z-index: 50;">
+                        <button id="ai-export-md-item" class="menu-item"
+                            style="width: 100%; text-align: left; padding: 8px 12px; background: transparent; border: none; color: var(--text-color); display: flex; gap: 8px; align-items: center;">📝
+                            Export as Markdown</button>
+                        <button id="ai-export-pdf-item" class="menu-item"
+                            style="width: 100%; text-align: left; padding: 8px 12px; background: transparent; border: none; color: var(--text-color); display: flex; gap: 8px; align-items: center; border-top: 1px solid var(--border-color);">🖨️
+                            Export as PDF</button>
                     </div>
                 </div>
                 <button class="close-modal">&times;</button>
@@ -795,10 +955,10 @@ <h3>Request Explanation</h3>
                     <div id="secrets-pagination" class="pagination-container" style="display: none;"></div>
                     <p class="disclaimer-text"
                         style="margin-top: 15px; font-size: 11px; color: #888; border-top: 1px solid var(--border-color); padding-top: 10px;">
-                        <strong>Note:</strong> Secret scanning only analyzes JavaScript files from the <strong>current inspected tab</strong>.
+                        <strong>Note:</strong> Secret scanning only analyzes JavaScript files from the <strong>current
+                            inspected tab</strong>.
                     </p>
-                    <p class="disclaimer-text"
-                        style="margin-top: 10px; font-size: 11px; color: #888;">
+                    <p class="disclaimer-text" style="margin-top: 10px; font-size: 11px; color: #888;">
                         <strong>Disclaimer:</strong> Automated scanning may produce false positives. Please manually
                         verify all findings.
                     </p>
@@ -825,12 +985,13 @@ <h3>Request Explanation</h3>
                     <div id="parameters-pagination" class="pagination-container" style="display: none;"></div>
                     <p class="disclaimer-text"
                         style="margin-top: 15px; font-size: 11px; color: #888; border-top: 1px solid var(--border-color); padding-top: 10px;">
-                        <strong>Note:</strong> Parameter extraction only analyzes JavaScript files from the <strong>current inspected tab</strong>.
+                        <strong>Note:</strong> Parameter extraction only analyzes JavaScript files from the
+                        <strong>current inspected tab</strong>.
                         Parameters are extracted from request bodies, query strings, headers, and path variables.
                     </p>
-                    <p class="disclaimer-text"
-                        style="margin-top: 10px; font-size: 11px; color: #888;">
-                        <strong>Disclaimer:</strong> Automated extraction may produce false positives. High-risk parameters (role, admin, debug, etc.) are always shown regardless of confidence.
+                    <p class="disclaimer-text" style="margin-top: 10px; font-size: 11px; color: #888;">
+                        <strong>Disclaimer:</strong> Automated extraction may produce false positives. High-risk
+                        parameters (role, admin, debug, etc.) are always shown regardless of confidence.
                     </p>
                 </div>
 
@@ -892,13 +1053,15 @@ <h3>Screenshot Editor</h3>
                     </button>
                     <button id="screenshot-tool-undo" class="secondary-btn" title="Undo">
                         <svg viewBox="0 0 24 24" width="16" height="16">
-                            <path d="M12 5V1L7 6l5 5V7c3.31 0 6 2.69 6 6 0 1.01-.25 1.96-.7 2.8l1.46 1.46A7.932 7.932 0 0020 13c0-4.42-3.58-8-8-8z"
+                            <path
+                                d="M12 5V1L7 6l5 5V7c3.31 0 6 2.69 6 6 0 1.01-.25 1.96-.7 2.8l1.46 1.46A7.932 7.932 0 0020 13c0-4.42-3.58-8-8-8z"
                                 fill="currentColor" />
                         </svg>
                     </button>
                     <button id="screenshot-tool-redo" class="secondary-btn" title="Redo">
                         <svg viewBox="0 0 24 24" width="16" height="16">
-                            <path d="M12 5V1l5 5-5 5V7c-3.31 0-6 2.69-6 6 0 1.01.25 1.96.7 2.8L5.24 17.26A7.932 7.932 0 014 13c0-4.42 3.58-8 8-8z"
+                            <path
+                                d="M12 5V1l5 5-5 5V7c-3.31 0-6 2.69-6 6 0 1.01.25 1.96.7 2.8L5.24 17.26A7.932 7.932 0 014 13c0-4.42 3.58-8 8-8z"
                                 fill="currentColor" />
                         </svg>
                     </button>
diff --git a/rep-plus.xpi b/rep-plus.xpi
new file mode 100644
index 0000000..2c6acde
Binary files /dev/null and b/rep-plus.xpi differ