SecureLint – Secret Masking & Phishing Shield

Tracking since May 7, 2026.

Changelog

• Jun 5, 2026
  description

  🔒 SECURELINT – SENSITIVE DATA PROTECTOR & PHISHING SHIELD
  
  SecureLint automatically detects and masks sensitive data — API keys, passwords, tokens, credentials, and personal information — as you type or paste into any web-based editor. It also blocks phishing sites, malware domains, and IT-restricted websites in real-time before they can reach you.
  
  ────────────────────────────────────────
  🌟 KEY FEATURES
  ────────────────────────────────────────
  
  🔍 Universal Editor Support
  Works across all major web editors and platforms:
  • Standard inputs, textareas, and contenteditable elements
  • Rich text editors: CodeMirror, Monaco, Ace, TinyMCE, CKEditor
  • Popular productivity, project management, email, and coding platforms
  
  🎨 Editor Overlay
  • A subtle icon appears at the bottom-right of any active editor
  • Shows a live count of detected secrets, color-coded by severity
  • Hover to see exactly what was detected and the risk level
  • Non-intrusive — disappears when you're not in an editor
  
  🛡️ Real-Time Phishing & Malware Protection
  • Blocks dangerous sites BEFORE they load using a 2.5M+ domain blocklist
  • 14-layer detection engine: bloom filter, URL heuristics, homograph/IDN analysis, typosquat detection, WHOIS domain-age check, SSL certificate validation, and Google Safe Browsing (Transparency Report)
  • Page-content scanning for credential-harvesting, crypto-drainer, and social-engineering language
  • Beautiful warning page shows trust score, domain age, SSL status, blocklist status, and detailed detection reasons
  • If Google Safe Browsing confirms the site is safe (all threat flags false), the site is automatically unblocked — no false positives from local heuristics
  
  📧 Webmail Protection (Gmail, Outlook, Yahoo Mail)
  • Detects and masks secrets typed or pasted into email compose fields
  • Shows a DLP warning if sensitive content is detected before you send
  • Checks whether the email is addressed outside your organisation (Enterprise only)
  • All checks are local — no email body content is transmitted
  
  🚨 4-Level Risk Classification
  • 🔴 Critical – Private keys, AWS credentials, certificate secrets
  • 🟠 High – Passwords, API keys, OAuth tokens, database URLs
  • 🟡 Medium – Emails, phone numbers, SSNs, connection strings
  • 🔵 Low – Generic tokens, test credentials, low-risk identifiers
  
  🧠 Context-Aware Masking
  • Development Mode: Shows partial secrets (sk-1234****5678) so you can debug
  • Content Writing Mode: Full masking (***API_KEY***) for blogs and documents
  • Automatically detects which mode applies based on URL, element type, and content
  
  ⚙️ Fully Configurable
  • Toggle detection globally or per-site
  • Set minimum severity level for auto-masking
  • Choose masking style: Smart, Full, Compliance-Safe, or Context-Aware
  • Exclude specific websites from scanning
  • Export detection reports
  
  🔐 100+ Detection Patterns including:
  • Major cloud provider credentials (AWS, GCP, Azure)
  • JWT tokens, OAuth access/refresh tokens
  • Database connection strings (MongoDB, Redis, MySQL, PostgreSQL)
  • Private keys and certificates (RSA, EC, PGP)
  • Payment, messaging, and developer service API key formats
  • SSNs, Aadhaar numbers, credit card patterns
  
  ────────────────────────────────────────
  🏢 ENTERPRISE & PRO — FOR IT & SECURITY TEAMS
  ────────────────────────────────────────
  
  SecureLint includes Pro and Enterprise tiers designed for organisations:
  
  🚫 WAF Social & Content Blocking (Pro & Enterprise)
  • IT administrators define a blocklist of domains (social media, streaming, non-work sites) via the SecureLint admin panel
  • Users on managed devices are instantly blocked when navigating to listed domains — no page content loads
  • Domain lists sync every 60 seconds so policy changes take effect immediately
  • Domain-list blocks cannot be bypassed by end users
  
  🔞 Adult-Content Detection (Enterprise only)
  • When enabled by IT, the extension scans visible page text locally for adult/explicit content
  • Pages with explicit material are blocked with a policy warning
  • No page content is ever transmitted — scanning is 100% in-browser
  
  🛡️ Enterprise Incident Reporting (IT Admin Feature)
  • IT administrators can enable centralised incident reporting from within the extension settings
  • When enabled, the extension sends masked detection reports to the organisation's SecureLint security dashboard
  • Reports include: secret type, severity level, masked preview (e.g. AKIA****XXXX), page URL and title, and employee email — RAW SECRET VALUES ARE NEVER SENT
  • Allows the IT/security team to:
    – Detect recurring leak patterns across the organisation
    – Alert the employee and trigger secret rotation before damage occurs
    – Meet compliance and DLP (Data Loss Prevention) requirements
  • This feature is OFF by default — only an IT admin can enable it
  • Employees are notified via a visible "Enterprise Reporting — Active" banner inside the extension popup
  
  ────────────────────────────────────────
  🔏 PRIVACY
  ────────────────────────────────────────
  
  For Free and Pro individual users:
  • All detection, masking, and phishing checks happen 100% locally in your browser
  • No page content, typed text, or detected secrets are ever sent to any server
  • Phishing checks use Google's public Transparency Report endpoint (no API key, no user data sent — only the URL is queried)
  • WHOIS lookups query rdap.org; SSL checks query crt.sh — both are public, free services
  • Only your extension settings are synced if you create an optional account
  
  For Enterprise users:
  • Masked incident reports are sent to your organisation's admin dashboard only when your IT admin explicitly enables this
  • WAF domain lists are fetched from your organisation's settings via authenticated HTTPS
  • Raw secret values and page content are never transmitted — only masked previews and metadata
  • Full disclosure: https://securelint.in/privacy.html
  
  ────────────────────────────────────────
  👥 WHO IS THIS FOR?
  ────────────────────────────────────────
  
  ✅ Developers – Catch hardcoded secrets before they leak in code reviews or collaboration tools
  ✅ Security Engineers – Enforce secret hygiene across teams working in web tools
  ✅ Content Writers – Mask sensitive info before pasting into documents or emails
  ✅ DevOps Teams – Prevent credentials from appearing in chat or ticket systems
  ✅ IT Admins – Deploy enterprise-wide DLP with centralised incident visibility, phishing protection, and site blocking
  ✅ Remote Workers – Stay protected from phishing and social engineering on managed devices
  
  ────────────────────────────────────────
  📋 PERMISSIONS EXPLAINED
  ────────────────────────────────────────
  
  SecureLint requests only the permissions it needs:
  
  • Access to all websites (host_permissions): Required to detect secrets on any site and to run phishing checks on navigated URLs. All scanning is local.
  • Storage: Saves your settings, cached scan results, and WAF domain lists locally.
  • Scripting: Used to read visible page text for phishing content analysis (credential-harvesting detection, crypto-drainer phrases) and enterprise adult-content scanning. Text is processed in-browser and never transmitted.
  • Web Navigation: Monitors navigation events (onBeforeNavigate, onCompleted, onErrorOccurred) to block known phishing domains before pages load and run full security scans after pages load.
  • Tabs: Sends setting updates to open tabs and reads the active tab URL for phishing detection context.
  • Active Tab: Allows the popup to display live detection stats for the current page.
  • Alarms: Schedules periodic settings sync (every 60 seconds) to keep WAF domain lists current, and token-expiry checks.
  • Notifications: Alerts you when a Critical secret is detected (optional, can be disabled).
  • Downloads: Used only if you export a detection report to a file on your device.
  • Context menus: Adds "Scan page for secrets" and "Mask selected text" right-click options.
  
  Full permission and privacy details: https://securelint.in/privacy.html
  
  ────────────────────────────────────────
  🔗 LINKS
  ────────────────────────────────────────
  
  • Privacy Policy: https://securelint.in/privacy.html
  • Enterprise Reporting: https://securelint.in/privacy.html#enterprise-reporting
  • WAF & Content Blocking: https://securelint.in/privacy.html#waf-social-block
  • Support / Feedback: [email protected]
  • Manifest V3 · Minimum Chrome 88+

  🔒 SECURELINT – SENSITIVE DATA PROTECTOR & PHISHING SHIELD
  
  SecureLint automatically detects and masks sensitive data — API keys, passwords, tokens, credentials, and personal information — as you type or paste into any web-based editor. It also blocks phishing sites, malware domains, and IT-restricted websites in real-time before they can reach you.
  
  ────────────────────────────────────────
  🌟 KEY FEATURES
  ────────────────────────────────────────
  
  🔍 Universal Editor Support
  Works across all major web editors and platforms:
  • Standard inputs, textareas, and contenteditable elements
  • Rich text editors: CodeMirror, Monaco, Ace, TinyMCE, CKEditor
  • Popular productivity, project management, email, and coding platforms
  
  🎨 Editor Overlay
  • A subtle icon appears at the bottom-right of any active editor
  • Shows a live count of detected secrets, color-coded by severity
  • Hover to see exactly what was detected and the risk level
  • Non-intrusive — disappears when you are not in an editor
  
  🛡️ Real-Time Phishing & Malware Protection
  • Blocks dangerous sites BEFORE they load using a 2.5M+ domain blocklist
  • 14-layer detection engine: bloom filter, URL heuristics, homograph/IDN analysis, typosquat detection, domain-age check, SSL certificate validation, and public transparency report checks
  • Page-content scanning for credential-harvesting, crypto-drainer, and social-engineering language
  • Beautiful warning page shows trust score, domain age, SSL status, blocklist status, and detailed detection reasons
  • If public safety checks confirm a site is safe, it is automatically unblocked — zero false positives from local heuristics
  
  📧 Webmail Protection
  • Detects and masks secrets typed or pasted into email compose fields
  • Shows a DLP warning if sensitive content is detected before you send
  • Checks whether the email is addressed outside your organisation (Enterprise only)
  • All checks are local — no email body content is ever transmitted
  
  🔗 Hovered Link Safety Score
  • Hover over any link to see an instant threat score before you click
  • Scans the domain in the background using GTR reputation, SSL checks, and local blocklist
  • Lightweight tooltip — safe score shown in milliseconds
  
  🚨 4-Level Risk Classification
  • 🔴 Critical – Private keys, cloud provider credentials, certificate secrets
  • 🟠 High – Passwords, API keys, OAuth tokens, database URLs
  • 🟡 Medium – Emails, phone numbers, national ID numbers, connection strings
  • 🔵 Low – Generic tokens, test credentials, low-risk identifiers
  
  🧠 Context-Aware Masking
  • Development Mode: Shows partial secrets (sk-1234****5678) for debugging
  • Content Writing Mode: Full masking (***API_KEY***) for blogs and documents
  • Automatically detects which mode applies based on URL, element type, and content
  
  ⚙️ Fully Configurable
  • Toggle detection globally or per-site
  • Set minimum severity level for auto-masking
  • Choose masking style: Smart, Full, Compliance-Safe, or Context-Aware
  • Exclude specific websites from scanning
  • Export detection reports
  
  🔐 100+ Detection Patterns including:
  • Major cloud provider credentials and access keys
  • JWT tokens, OAuth access/refresh tokens
  • Database connection strings (relational, NoSQL, in-memory)
  • Private keys and certificates (RSA, EC, PGP)
  • Payment, messaging, and developer service API key formats
  • National ID numbers, credit card patterns, and PII
  
  ────────────────────────────────────────
  🏢 ENTERPRISE & PRO — FOR IT & SECURITY TEAMS
  ────────────────────────────────────────
  
  SecureLint includes Pro and Enterprise tiers designed for organisations:
  
  🚫 WAF Social & Content Blocking (Pro & Enterprise)
  • IT administrators define a blocklist of domains (social media, streaming, non-work sites) via the SecureLint admin panel
  • Users on managed devices are instantly blocked when navigating to listed domains — no page content loads
  • Domain lists sync every 60 seconds so policy changes take effect immediately
  • Domain-list blocks cannot be bypassed by end users
  
  📧 Email DLP — Outbound Data Loss Prevention (Enterprise)
  • Monitors outbound emails on webmail clients for personal or non-approved recipient domains
  • Warns or blocks sending based on your IT security policy (WARN / BLOCK mode)
  • 50-second countdown warning with regulatory references (GDPR, DPDP Act, IT Act, CCPA)
  • Automatically adds the IT admin address to BCC if the user proceeds after a warning
  • Only recipient addresses are checked — email body and subject are never read or transmitted
  
  🔞 Adult-Content Detection (Enterprise)
  • When enabled by IT, the extension scans visible page text locally for adult/explicit content
  • Pages with explicit material are blocked with a policy warning
  • No page content is ever transmitted — scanning is 100% in-browser
  
  🛡️ Enterprise Incident Reporting
  • IT administrators can enable centralised incident reporting from within the extension settings
  • When enabled, the extension sends masked detection reports to the organisation's SecureLint security dashboard
  • Reports include: secret type, severity level, masked preview (e.g. AKIA****XXXX), page URL and title, and employee email — RAW SECRET VALUES ARE NEVER SENT
  • Allows the IT/security team to:
    – Detect recurring leak patterns across the organisation
    – Alert the employee and trigger secret rotation before damage occurs
    – Meet compliance and DLP (Data Loss Prevention) requirements
  • This feature is OFF by default — only an IT admin can enable it
  • Employees are notified via a visible "Enterprise Reporting ACTIVE" banner inside the extension popup
  
  ────────────────────────────────────────
  🔏 PRIVACY
  ────────────────────────────────────────
  
  For Free and Pro individual users:
  • All detection, masking, and phishing checks happen 100% locally in your browser
  • No page content, typed text, or detected secrets are ever sent to any server
  • Phishing checks use only public, keyless transparency report endpoints — no user data is sent, only the URL is queried
  • Only your extension settings are synced if you create an optional account
  
  For Enterprise users:
  • Masked incident reports are sent to your organisation's admin dashboard only when your IT admin explicitly enables this
  • Domain lists are fetched from your organisation's settings via authenticated HTTPS
  • Raw secret values and page content are never transmitted — only masked previews and metadata
  • Full disclosure: https://securelint.in/privacy.html
  
  ────────────────────────────────────────
  👥 WHO IS THIS FOR?
  ────────────────────────────────────────
  
  ✅ Developers – Catch hardcoded secrets before they leak in code reviews or collaboration tools
  ✅ Security Engineers – Enforce secret hygiene across teams working in web tools
  ✅ Content Writers – Mask sensitive info before pasting into documents or emails
  ✅ DevOps Teams – Prevent credentials from appearing in chat or ticket systems
  ✅ IT Admins – Deploy enterprise-wide DLP with centralised incident visibility, phishing protection, and site blocking
  ✅ Remote Workers – Stay protected from phishing and social engineering on managed devices
  
  ────────────────────────────────────────
  📋 PERMISSIONS EXPLAINED
  ────────────────────────────────────────
  
  SecureLint requests only the permissions it needs:
  
  • Access to all websites: Required to detect secrets on any site and to run phishing checks on navigated URLs. All scanning is local.
  • Storage: Saves your settings, cached scan results, and domain lists locally.
  • Scripting: Reads visible page text locally for phishing content analysis and enterprise content scanning. Text is processed in-browser and never transmitted.
  • Web Navigation: Monitors navigation events to block known phishing domains before pages load and run security scans after pages load.
  • Tabs: Sends setting updates to open tabs and reads the active tab URL for phishing detection context.
  • Active Tab: Allows the popup to display live detection stats for the current page.
  • Alarms: Schedules periodic settings sync (every 60 seconds) and storage cleanup.
  • Notifications: Alerts you when a critical secret is detected (optional, can be disabled).
  • Downloads: Used only if you export a detection report to a file on your device.
  • Context menus: Adds "Scan page for secrets" and "Mask selected text" right-click options.
  
  Full permission and privacy details: https://securelint.in/privacy.html
  
  ────────────────────────────────────────
  🔗 LINKS
  ────────────────────────────────────────
  
  • Website: https://securelint.in
  • Privacy Policy: https://securelint.in/privacy.html
  • Support / Feedback: [email protected]
  • Manifest V3 · Minimum Chrome 88+

• Jun 5, 2026
  short_description

  Detects and masks API keys, passwords, and secrets in real-time across all web editors. Keeps sensitive data private as you type.

  Masks API keys, passwords & secrets in real-time. Blocks phishing, malware & data leaks. Enterprise DLP & browser security.

• Jun 5, 2026
  name

  SecureLint – Sensitive Data Protector

  SecureLint – Secret Masking & Phishing Shield

• Jun 5, 2026
  permissions

  storage, activeTab, tabs, webNavigation, scripting, notifications, downloads, contextMenus, alarms

  storage, identity, identity.email, activeTab, tabs, webNavigation, scripting, notifications, downloads, contextMenus, alarms, management

• May 23, 2026
  description

  🔒 SECURELINT – SENSITIVE DATA PROTECTOR
  
  SecureLint automatically detects and masks sensitive data — API keys, passwords, tokens, credentials, and personal information — as you type or paste into any web-based editor. It acts as a real-time guard that prevents accidental exposure of secrets across platforms you use every day.
  
  ────────────────────────────────────────
  🌟 KEY FEATURES
  ────────────────────────────────────────
  
  🔍 Universal Editor Support
  Works across all major web editors and platforms:
  • Standard inputs, textareas, and contenteditable elements
  • Rich text editors: CodeMirror, Monaco, Ace, TinyMCE, CKEditor
  • Popular productivity, project management, email, and coding platforms
  
  🎨 Editor Overlay
  • A subtle icon appears at the bottom-right of any active editor
  • Shows a live count of detected secrets, color-coded by severity
  • Hover to see exactly what was detected and the risk level
  • Non-intrusive — disappears when you're not in an editor
  
  📧 Webmail Protection (Gmail, Outlook, Yahoo Mail)
  • Detects and masks secrets typed or pasted into email compose fields
  • Shows a DLP warning if sensitive content is detected before you send
  • Checks whether the email is addressed outside your organisation (Enterprise only)
  • All checks are local — no email body content is transmitted
  
  🚨 4-Level Risk Classification
  • 🔴 Critical – Private keys, AWS credentials, certificate secrets
  • 🟠 High – Passwords, API keys, OAuth tokens, database URLs
  • 🟡 Medium – Emails, phone numbers, SSNs, connection strings
  • 🔵 Low – Generic tokens, test credentials, low-risk identifiers
  
  🧠 Context-Aware Masking
  • Development Mode: Shows partial secrets (sk-1234****5678) so you can debug
  • Content Writing Mode: Full masking (***API_KEY***) for blogs and documents
  • Automatically detects which mode applies based on URL, element type, and content
  
  ⚙️ Fully Configurable
  • Toggle detection globally or per-site
  • Set minimum severity level for auto-masking
  • Choose masking style: Smart, Full, Compliance-Safe, or Context-Aware
  • Exclude specific websites from scanning
  • Export detection reports
  
  🔐 100+ Detection Patterns including:
  • Major cloud provider credentials (AWS, GCP, Azure)
  • JWT tokens, OAuth access/refresh tokens
  • Database connection strings (MongoDB, Redis, MySQL, PostgreSQL)
  • Private keys and certificates (RSA, EC, PGP)
  • Payment, messaging, and developer service API key formats
  • SSNs, Aadhaar numbers, credit card patterns
  
  ────────────────────────────────────────
  🏢 ENTERPRISE EDITION — FOR IT & SECURITY TEAMS
  ────────────────────────────────────────
  
  SecureLint includes an Enterprise tier designed for organisations deploying it across their workforce:
  
  🛡️ Enterprise Incident Reporting (IT Admin Feature)
  • IT administrators can enable centralised incident reporting from within the extension settings
  • When enabled, the extension sends masked detection reports to the organisation's SecureLint security dashboard
  • Reports include: secret type, severity level, masked preview (e.g. AKIA****XXXX), page URL and title, and employee email — RAW SECRET VALUES ARE NEVER SENT
  • Allows the IT/security team to:
    – Detect recurring leak patterns across the organisation
    – Alert the employee and trigger secret rotation before damage occurs
    – Meet compliance and DLP (Data Loss Prevention) requirements
  • This feature is OFF by default — only an IT admin can enable it
  • Employees are notified via a visible "Enterprise Reporting — Active" banner inside the extension popup
  
  ────────────────────────────────────────
  🔏 PRIVACY — INDIVIDUAL USERS
  ────────────────────────────────────────
  
  For Free and Pro individual users:
  • All detection and masking happens 100% locally in your browser
  • No page content, typed text, or detected secrets are ever sent to any server
  • Only your extension settings are synced if you create an optional account
  
  For Enterprise users:
  • Masked incident reports are sent to your organisation's admin dashboard only when your IT admin explicitly enables this
  • Raw secret values are never transmitted — only masked previews
  • Full disclosure: https://securelint.in/privacy#enterprise-reporting
  
  ────────────────────────────────────────
  👥 WHO IS THIS FOR?
  ────────────────────────────────────────
  
  ✅ Developers – Catch hardcoded secrets before they leak in code reviews or collaboration tools
  ✅ Security Engineers – Enforce secret hygiene across teams working in web tools
  ✅ Content Writers – Mask sensitive info before pasting into documents or emails
  ✅ DevOps Teams – Prevent credentials from appearing in chat or ticket systems
  ✅ IT Admins – Deploy enterprise-wide DLP with centralised incident visibility and secret rotation alerts
  
  ────────────────────────────────────────
  📋 PERMISSIONS EXPLAINED
  ────────────────────────────────────────
  
  SecureLint requests only the permissions it needs. All access to page content is for local detection only.
  
  • Access to all websites: Required to detect secrets on any site your team uses
  • Storage: Saves your settings and preferences locally
  • Notifications: Alerts you when a Critical secret is detected (optional, can be disabled)
  • Tabs: Sends setting updates to your open tabs so changes apply without reloading
  • Active tab: Allows the popup to read the current page context for live detection stats
  • Alarms: Schedules light periodic re-checks on pages where content loads after the first paint (e.g. many web apps)
  • Downloads: Used only if you export a detection report to a file on your device
  • Context menus: Adds two right-click options — "Scan page for secrets" on any page, and "Mask selected text" on highlighted text — for on-demand scanning and masking
  
  Programmatic script injection is not used; page scripts load from the extension manifest (content scripts) only.
  
  Full permission and privacy details: https://securelint.in/privacy
  
  ────────────────────────────────────────
  🔗 LINKS
  ────────────────────────────────────────
  
  • Privacy Policy: https://securelint.in/privacy
  • Enterprise Reporting Policy: https://securelint.in/privacy#enterprise-reporting
  • Support / Feedback: https://securelint.in
  • Extension version: 1.0.0 (same as manifest for this release)
  • Manifest V3 · Minimum Chrome 88+

  🔒 SECURELINT – SENSITIVE DATA PROTECTOR & PHISHING SHIELD
  
  SecureLint automatically detects and masks sensitive data — API keys, passwords, tokens, credentials, and personal information — as you type or paste into any web-based editor. It also blocks phishing sites, malware domains, and IT-restricted websites in real-time before they can reach you.
  
  ────────────────────────────────────────
  🌟 KEY FEATURES
  ────────────────────────────────────────
  
  🔍 Universal Editor Support
  Works across all major web editors and platforms:
  • Standard inputs, textareas, and contenteditable elements
  • Rich text editors: CodeMirror, Monaco, Ace, TinyMCE, CKEditor
  • Popular productivity, project management, email, and coding platforms
  
  🎨 Editor Overlay
  • A subtle icon appears at the bottom-right of any active editor
  • Shows a live count of detected secrets, color-coded by severity
  • Hover to see exactly what was detected and the risk level
  • Non-intrusive — disappears when you're not in an editor
  
  🛡️ Real-Time Phishing & Malware Protection
  • Blocks dangerous sites BEFORE they load using a 2.5M+ domain blocklist
  • 14-layer detection engine: bloom filter, URL heuristics, homograph/IDN analysis, typosquat detection, WHOIS domain-age check, SSL certificate validation, and Google Safe Browsing (Transparency Report)
  • Page-content scanning for credential-harvesting, crypto-drainer, and social-engineering language
  • Beautiful warning page shows trust score, domain age, SSL status, blocklist status, and detailed detection reasons
  • If Google Safe Browsing confirms the site is safe (all threat flags false), the site is automatically unblocked — no false positives from local heuristics
  
  📧 Webmail Protection (Gmail, Outlook, Yahoo Mail)
  • Detects and masks secrets typed or pasted into email compose fields
  • Shows a DLP warning if sensitive content is detected before you send
  • Checks whether the email is addressed outside your organisation (Enterprise only)
  • All checks are local — no email body content is transmitted
  
  🚨 4-Level Risk Classification
  • 🔴 Critical – Private keys, AWS credentials, certificate secrets
  • 🟠 High – Passwords, API keys, OAuth tokens, database URLs
  • 🟡 Medium – Emails, phone numbers, SSNs, connection strings
  • 🔵 Low – Generic tokens, test credentials, low-risk identifiers
  
  🧠 Context-Aware Masking
  • Development Mode: Shows partial secrets (sk-1234****5678) so you can debug
  • Content Writing Mode: Full masking (***API_KEY***) for blogs and documents
  • Automatically detects which mode applies based on URL, element type, and content
  
  ⚙️ Fully Configurable
  • Toggle detection globally or per-site
  • Set minimum severity level for auto-masking
  • Choose masking style: Smart, Full, Compliance-Safe, or Context-Aware
  • Exclude specific websites from scanning
  • Export detection reports
  
  🔐 100+ Detection Patterns including:
  • Major cloud provider credentials (AWS, GCP, Azure)
  • JWT tokens, OAuth access/refresh tokens
  • Database connection strings (MongoDB, Redis, MySQL, PostgreSQL)
  • Private keys and certificates (RSA, EC, PGP)
  • Payment, messaging, and developer service API key formats
  • SSNs, Aadhaar numbers, credit card patterns
  
  ────────────────────────────────────────
  🏢 ENTERPRISE & PRO — FOR IT & SECURITY TEAMS
  ────────────────────────────────────────
  
  SecureLint includes Pro and Enterprise tiers designed for organisations:
  
  🚫 WAF Social & Content Blocking (Pro & Enterprise)
  • IT administrators define a blocklist of domains (social media, streaming, non-work sites) via the SecureLint admin panel
  • Users on managed devices are instantly blocked when navigating to listed domains — no page content loads
  • Domain lists sync every 60 seconds so policy changes take effect immediately
  • Domain-list blocks cannot be bypassed by end users
  
  🔞 Adult-Content Detection (Enterprise only)
  • When enabled by IT, the extension scans visible page text locally for adult/explicit content
  • Pages with explicit material are blocked with a policy warning
  • No page content is ever transmitted — scanning is 100% in-browser
  
  🛡️ Enterprise Incident Reporting (IT Admin Feature)
  • IT administrators can enable centralised incident reporting from within the extension settings
  • When enabled, the extension sends masked detection reports to the organisation's SecureLint security dashboard
  • Reports include: secret type, severity level, masked preview (e.g. AKIA****XXXX), page URL and title, and employee email — RAW SECRET VALUES ARE NEVER SENT
  • Allows the IT/security team to:
    – Detect recurring leak patterns across the organisation
    – Alert the employee and trigger secret rotation before damage occurs
    – Meet compliance and DLP (Data Loss Prevention) requirements
  • This feature is OFF by default — only an IT admin can enable it
  • Employees are notified via a visible "Enterprise Reporting — Active" banner inside the extension popup
  
  ────────────────────────────────────────
  🔏 PRIVACY
  ────────────────────────────────────────
  
  For Free and Pro individual users:
  • All detection, masking, and phishing checks happen 100% locally in your browser
  • No page content, typed text, or detected secrets are ever sent to any server
  • Phishing checks use Google's public Transparency Report endpoint (no API key, no user data sent — only the URL is queried)
  • WHOIS lookups query rdap.org; SSL checks query crt.sh — both are public, free services
  • Only your extension settings are synced if you create an optional account
  
  For Enterprise users:
  • Masked incident reports are sent to your organisation's admin dashboard only when your IT admin explicitly enables this
  • WAF domain lists are fetched from your organisation's settings via authenticated HTTPS
  • Raw secret values and page content are never transmitted — only masked previews and metadata
  • Full disclosure: https://securelint.in/privacy.html
  
  ────────────────────────────────────────
  👥 WHO IS THIS FOR?
  ────────────────────────────────────────
  
  ✅ Developers – Catch hardcoded secrets before they leak in code reviews or collaboration tools
  ✅ Security Engineers – Enforce secret hygiene across teams working in web tools
  ✅ Content Writers – Mask sensitive info before pasting into documents or emails
  ✅ DevOps Teams – Prevent credentials from appearing in chat or ticket systems
  ✅ IT Admins – Deploy enterprise-wide DLP with centralised incident visibility, phishing protection, and site blocking
  ✅ Remote Workers – Stay protected from phishing and social engineering on managed devices
  
  ────────────────────────────────────────
  📋 PERMISSIONS EXPLAINED
  ────────────────────────────────────────
  
  SecureLint requests only the permissions it needs:
  
  • Access to all websites (host_permissions): Required to detect secrets on any site and to run phishing checks on navigated URLs. All scanning is local.
  • Storage: Saves your settings, cached scan results, and WAF domain lists locally.
  • Scripting: Used to read visible page text for phishing content analysis (credential-harvesting detection, crypto-drainer phrases) and enterprise adult-content scanning. Text is processed in-browser and never transmitted.
  • Web Navigation: Monitors navigation events (onBeforeNavigate, onCompleted, onErrorOccurred) to block known phishing domains before pages load and run full security scans after pages load.
  • Tabs: Sends setting updates to open tabs and reads the active tab URL for phishing detection context.
  • Active Tab: Allows the popup to display live detection stats for the current page.
  • Alarms: Schedules periodic settings sync (every 60 seconds) to keep WAF domain lists current, and token-expiry checks.
  • Notifications: Alerts you when a Critical secret is detected (optional, can be disabled).
  • Downloads: Used only if you export a detection report to a file on your device.
  • Context menus: Adds "Scan page for secrets" and "Mask selected text" right-click options.
  
  Full permission and privacy details: https://securelint.in/privacy.html
  
  ────────────────────────────────────────
  🔗 LINKS
  ────────────────────────────────────────
  
  • Privacy Policy: https://securelint.in/privacy.html
  • Enterprise Reporting: https://securelint.in/privacy.html#enterprise-reporting
  • WAF & Content Blocking: https://securelint.in/privacy.html#waf-social-block
  • Support / Feedback: [email protected]
  • Manifest V3 · Minimum Chrome 88+

• May 23, 2026
  permissions

  storage, activeTab, tabs, notifications, downloads, contextMenus, alarms

  storage, activeTab, tabs, webNavigation, scripting, notifications, downloads, contextMenus, alarms

Permissions & access

Permissions

storageidentityidentity.emailactiveTabtabswebNavigationscriptingnotificationsdownloadscontextMenusalarmsmanagement

Host access

<all_urls>

Screenshots