Stop Claude Code from Asking Permission for Every Web Search
Claude Code prompts you to approve every single domain for WebSearch and WebFetch. Here's a 30-second fix using hooks that eliminates the nagging forever.
Stop Claude Code from Asking Permission for Every Web Search
TL;DR: Add a PreToolUse hook to ~/.claude/settings.json that auto-approves WebSearch and WebFetch. These tools are read-only and safe to auto-approve. Takes 30 seconds, eliminates permission prompts forever.
You ask Claude Code to research something. It starts a web search. Then this happens:
Allow WebSearch for "claude code hooks tutorial"? (y/n)
You press y. It fetches a result. Opens a link. Another prompt:
Allow WebFetch for stevekinney.com? (y/n)
You press y. It finds another source. Another prompt:
Allow WebFetch for datacamp.com? (y/n)
And another. And another. Five approvals for one research task. Ten if the topic is broad. You end up babysitting a process that should run autonomously.
After hundreds of hours running Claude Code across 6 projects simultaneously, this is easily the most annoying friction point.
The worst part? Each domain gets its own approval. Allow stevekinney.com today, and tomorrow you'll approve eesel.ai, then smartscope.blog, then whatever new site has relevant content. The allowlist in your settings.json grows line by line, but never catches up.
Why this happens
Claude Code's permission system is cautious by design. Every tool needs explicit approval, and every new domain counts as a new context. Makes sense for Bash (which runs commands) or Edit (which changes files). But WebSearch and WebFetch are read-only. They fetch web content. That's it. No file modifications. No command execution. It's the equivalent of opening a browser tab — which nobody asks permission for.
The fix: one hook, 30 seconds
Open your global Claude Code settings:
~/.claude/settings.json
Add this hooks block:
{
"hooks": {
"PreToolUse": [
{
"matcher": "WebFetch|WebSearch",
"hooks": [
{
"type": "command",
"command": "echo '{\"decision\":\"allow\"}'",
"timeout": 5
}
]
}
]
}
}
That's the entire fix. Save the file. Next Claude Code session, web searches and fetches run without interruption.
How it works
Claude Code hooks are shell commands that run at specific points in the tool lifecycle. PreToolUse fires before Claude uses any tool.
Here's what happens step by step:
- Claude decides to use
WebSearch - The
matcherchecks: is thisWebFetchorWebSearch? Yes. - The hook runs:
echo '{"decision":"allow"}' - Claude Code reads the JSON output, sees
"allow", skips the permission prompt - The search executes immediately
The matcher field uses regex — WebFetch|WebSearch matches both tools. The timeout: 5 means the hook must respond within 5 seconds (it responds in milliseconds since it's just echo).
If you're curious about the full settings file structure, here's what it looks like in context:
{
"permissions": {
"allow": [
"Read",
"Glob",
"Grep"
]
},
"hooks": {
"PreToolUse": [
{
"matcher": "WebFetch|WebSearch",
"hooks": [
{
"type": "command",
"command": "echo '{\"decision\":\"allow\"}'",
"timeout": 5
}
]
}
]
}
}
The hooks block sits alongside your existing permissions. They don't conflict — hooks run first, and if a hook approves the action, the permission system is bypassed entirely.
What about the domains already in your allowlist?
If you've been approving domains one by one, your settings.json probably has something like this in permissions.allow:
"WebFetch(stevekinney.com:*)",
"WebFetch(datacamp.com:*)",
"WebFetch(eesel.ai:*)",
"WebFetch(smartscope.blog:*)"
You can clean those out. The hook handles all WebFetch domains now, so individual domain entries are redundant. Keep your allowlist clean.
Why not just add WebFetch and WebSearch to permissions.allow?
You can add "WebSearch" and "WebFetch" to your permissions.allow array. That works too. But there's a reason I prefer the hook approach:
Permissions are blunt. Adding "WebFetch" to the allow list grants blanket access with no logging, no conditions, no future flexibility. A hook gives you a place to add logic later — rate limiting, domain blocking, logging which sites Claude visits — without restructuring your config.
For a simple auto-approve, both approaches work. The hook is slightly more future-proof.
What else can hooks do?
This WebSearch fix is the simplest possible hook — three lines that solve one annoyance. But hooks can do much more:
- Block dangerous commands — prevent
rm -rf,git push --force, orDROP TABLEbefore they execute - Auto-format code — run Prettier or ESLint after every file edit
- Send notifications — ping Slack or show a macOS notification when Claude finishes a long task
- Enforce conventions — block
npmif your project usespnpm - Log everything — record every Bash command Claude runs for audit trails
Hooks turn Claude Code from an AI that asks permission into an AI that follows your rules automatically. The WebSearch fix is just the entry point.
For a complete reference with 20+ ready-to-use configurations, see Claude Code Hooks: Complete Guide.
Common Questions
Why does Claude Code ask permission for every web search?
Claude Code's permission system treats each new domain as a separate approval. When you allow stevekinney.com, it doesn't cover datacamp.com. WebSearch can hit any domain, so you end up approving dozens of sites one by one.
Is it safe to auto-approve WebSearch and WebFetch?
Yes. These tools are read-only — they fetch web content but can't modify files, run commands, or change anything on your machine. Auto-approving them is equivalent to opening a browser tab.
Will this hook work in all my projects?
Yes. When added to ~/.claude/settings.json (your global settings), the hook applies to every Claude Code session across all projects.
Can I auto-approve other tools the same way?
Yes. Change the matcher pattern to target any tool. For example, Read|Glob|Grep would auto-approve file reading tools. Be careful with Write, Edit, and Bash — those modify your system and you probably want to keep approvals for them.
Running into other Claude Code annoyances? I'm building AI Org — AI kits that handle marketing, product, and ops for solo founders. Follow me on LinkedIn or Twitter/X for more practical AI workflow tips.
Frequently Asked Questions
- Why does Claude Code ask permission for every web search?
- Claude Code's permission system treats each new domain as a separate approval. When you allow stevekinney.com, it doesn't cover datacamp.com. WebSearch can hit any domain, so you end up approving dozens of sites one by one.
- Is it safe to auto-approve WebSearch and WebFetch?
- Yes. These tools are read-only — they fetch web content but can't modify files, run commands, or change anything on your machine. Auto-approving them is equivalent to opening a browser tab, which you'd never ask permission for.
- What are Claude Code hooks?
- Hooks are shell commands that run automatically before or after Claude uses a tool. A PreToolUse hook runs before a tool executes and can approve, block, or modify the action. They're configured in your settings.json file.
- Will this hook work in all my projects?
- Yes. When added to ~/.claude/settings.json (your global settings), the hook applies to every Claude Code session across all projects.
- Can I auto-approve other tools the same way?
- Yes. Change the matcher pattern to target any tool. For example, 'Read|Glob|Grep' would auto-approve file reading tools. Be careful with Write, Edit, and Bash — those modify your system and you probably want to keep approvals for them.