URLert Guard Documentation

Comprehensive guide for using and configuring the URLert Guard browser extension. URLert Guard provides immediate visibility into the security posture of the websites you visit, offering risk assessments, URL scanning, and community intelligence directly in your browser.

Install from Chrome Web Store View Source on GitHub

Capabilities

URLert Guard provides immediate visibility into the security posture of the websites you visit through several key features.

  • Domain Risk Assessment: Instantly view risk levels, domain age, traffic ranking context, and hosting provider details for the active tab based on cached URLert classifications.
  • Unobtrusive Risk Overlay: A customizable on-page visual indicator alerts you to suspicious or dangerous domains without interrupting your workflow.
  • On-Demand URL Scanning: Authenticated users with verified emails can initiate manual, real-time AI scans of any URL directly from the extension interface.
  • Community Threat Reporting: Easily flag and report suspicious URLs. Reports are submitted directly to the URLert community intelligence platform.
  • Keyboard Shortcuts: Trigger the intelligence popup or initiate a page scan instantly using native keyboard shortcuts.

Installation

From the Chrome Web Store

The easiest way to install URLert Guard is directly from the Chrome Web Store.

  1. Click the Add to Chrome button on the store page.
  2. A confirmation dialog will appear, as shown below. Click Add extension to proceed.
  3. Pin the extension to your toolbar for easy access.
Chrome installation dialog showing required permissions.

Standard Permission Warning

When installing URLert Guard, Chrome will display a warning that it can "Read and change all your data on all websites". This is the standard browser terminology for extensions that request access to analyze sites you visit.

Usage Guide

Authentication & Accounts

While basic domain risk assessment operates without an account, advanced features require authentication.

Email Verification Required

To prevent abuse, some features are locked behind email verification. You must verify your account email before these features become active.

  • Secure URLert Authentication: The extension never handles your URLert account credentials. Authentication is managed exclusively by the official URLert web portal; clicking "Sign in" opens a secure browser tab on urlert.com to authorize the extension.
  • Automatic Registration: If you do not have an existing URLert account, logging in via the web portal automatically creates one for you.

On-Page Risk Overlay

When navigating the web, URLert Guard evaluates the current domain's risk level. If a domain is flagged, a small floating overlay badge appears in the bottom-right corner of your browser window.

Dangerous Dangerous

Flagged for phishing, malware, or high-risk activity

Suspicious Suspicious

Exhibits characteristics that warrant caution

Safe Safe

Not currently flagged — hidden by default

Open the popup by clicking the extension icon, using the configured keyboard shortcut, or clicking an active overlay badge.

Security Tab

Displays the current domain's classification profile. If you visit a domain that has not yet been classified, URLert Guard will automatically trigger a background classification request.

Security Tab: Detailed domain risk assessment and infrastructure data.
  • Primary Status: A prominent badge indicating the overall trust level.
  • Risks Detected: Expandable items detailing specific threat vectors (e.g., URL Shorteners, File Hosting).
  • Infrastructure Data: Technical categorization and the specific Hosting Provider.

Scan Tab

Provides real-time, deep AI analysis of the webpage you are currently viewing.

Scan Tab: Real-time AI analysis results and actionable security tips.

Explicit Privacy

URLert Guard will never capture or send page content automatically. Scans must be manually initiated by the user via the popup or keyboard shortcut.

  • AI Insights: Once finished, results outline specific risks found within the page content alongside actionable security tips.
  • Next Steps: Dismiss the alert or report the findings to the community board.

Permissions & Privacy

URLert Guard is built with a privacy-first, zero-fluff approach. We only request the permissions strictly necessary to assess threats and provide on-demand analysis.

Required Browser Permissions

  • activeTab & tabs: Required to read the URL of the website you are currently visiting so we can fetch its threat classification. Also required to capture the page's HTML and screenshot only when you explicitly initiate a manual AI scan.
  • storage: Used to securely cache domain risk data locally on your machine and to save your user preferences.

Host Permissions

  • api.urlert.com: URLert Guard communicates exclusively with our own API. No other external hosts are contacted. We do not inject tracking scripts or communicate with third-party advertising networks.

Note: Page content (HTML and screenshots) is never captured or transmitted automatically. This only happens when you manually initiate a scan.

Our extension source code is publicly available on GitHub so you can independently verify these claims. See the Source Code section for details.

Settings & Configuration

The extension's options page allows you to tailor URLert Guard's behavior. Access it via the gear icon in the popup or by right-clicking the extension icon and selecting Options.

Settings: Configure overlay behavior, account details, and view shortcuts.

General

  • Enable overlay: Toggle on-page risk indicators on or off.
  • Show on safe sites: Enable this to also display indicators on domains classified as safe/neutral.
  • Auto-dismiss after: Choose how long the overlay remains visible (e.g., 10 seconds).
  • Position: Select the corner of the browser window where the overlay appears.

Account

  • Profile: View the active email address and connection status.
  • Sign Out: Securely disconnect your URLert account from the browser extension.

Keyboard Shortcuts

Default shortcuts are listed below. You can rebind them through your browser's native extension shortcut manager.

ActionWindows / LinuxmacOS
Open popupAlt + Shift + UOption (⌥) + Shift (⇧) + U
Quick scanAlt + Shift + SOption (⌥) + Shift (⇧) + S

Source Code

We believe in "Transparency over Obscurity." The client-side source code for URLert Guard is publicly available so that security researchers, reviewers, and users can inspect exactly what the extension does and verify our privacy claims.

View Source on GitHub →

Building from Source

Prerequisites: Node.js (v18+) and npm.

npm install        # install dependencies
npx wxt            # dev mode with hot reload (Chromium)
npx wxt build      # production build → .output/chrome-mv3/

For Firefox:

npx wxt -b firefox          # dev mode
npx wxt build -b firefox    # production build

Security Audit Guide

The repository includes a comprehensive security audit guide covering permissions, network requests, authentication flow, content scripts, on-demand scanning, data storage, and HTML sanitization. See the Security Audit Guide in the repository README for full details.

Reporting a Vulnerability

If you discover a potential security vulnerability in URLert Guard, please report it privately via support@urlert.com. Do not report security vulnerabilities through public GitHub issues. See our Security Policy for full details.

License

The source code is published under a source-available license for inspection only. Copying, modification, redistribution, and commercial use are not permitted without prior written consent. See the LICENSE file for full terms.