Skip to content

Security Features

DurgaShield provides comprehensive security protection that goes far beyond basic ad blocking.

Malware Protection

Blocks 133+ known malware domains including:

  • Ransomware distribution sites
  • Trojan droppers and spyware installers
  • Fake antivirus pages and tech support scams
  • Drive-by download sites

Phishing Protection

172+ blocked phishing domains targeting major brands:

  • Financial: PayPal, Bank of America, Chase, Wells Fargo, Citibank, Capital One
  • Tech: Apple ID, iCloud, Microsoft, Outlook, Office 365, Adobe, Dropbox
  • E-commerce: Amazon, Netflix
  • Social: Google, Facebook, Instagram, Twitter/X, LinkedIn
  • Gaming: Discord, Steam, Epic Games

Plus:

  • Fake form detection: Warns when a form with password fields submits to a different domain
  • Fake address bar detection: Detects suspicious overlays mimicking browser UI

XSS Protection

Cross-site scripting protection inspired by NoScript:

  • CSP injection: Injects a Content-Security-Policy meta tag with restrictive defaults
  • URL parameter sanitization: Scans URL query parameters for XSS payloads (<script>, javascript:, onerror=, alert(), eval())
  • DOM mutation monitoring: Observes DOM for injected <script>, <iframe> with data:text/html, and <a> with javascript: hrefs
  • Form submission protection: Intercepts form submissions and strips XSS patterns from text inputs
  • Opt-in: Disabled by default (CSP can break sites relying on inline scripts)

ClearClick (Anti-Clickjacking)

  • Overlay detection: Scans for transparent or low-opacity elements positioned fixed/absolute with high z-index
  • Click interception: Shows a confirmation dialog before allowing clicks through suspicious overlays
  • Visual indicator: Marks detected overlays with a subtle red outline
  • Opt-in: Disabled by default

ABE — Application Boundaries Enforcer

  • Local network isolation: Detects when public pages load content from private IP addresses
  • Automatic blocking: Removes elements referencing local network resources from non-local pages
  • Visual warning: Shows a prominent red banner when local network content is blocked

Secure Payment Gateway

  • HTTP payment detection: Scans forms for payment-related fields (credit card number, CVV, expiry, UPI ID, netbanking account, OTP, PIN)
  • Block on HTTP: Intercepts form submission and shows a full-screen warning if the page is served over HTTP
  • Proceed anyway: Users can override the block if they understand the risk

Download Scanner

  • No external dependencies: Works entirely in-browser with zero setup
  • URL check: Monitors all downloads, checks source URL against 40+ malware domain keywords
  • Dangerous extension warning: Warns about executable file types (.exe, .scr, .bat, .vbs, .ps1, .jar, .msi, .docm, and 25+ more) from untrusted sites
  • User prompt: Shows notification with “Proceed anyway” / “Cancel download” buttons; 60-second auto-cancel timeout

Password Leak Detection

  • HIBP k-anonymity: Checks passwords against Have I Been Pwned using SHA-1 prefix (only first 5 hex chars sent)
  • No plaintext transmission: Your password never leaves your device
  • Automatic: Monitors password fields on all pages; checks on input (2s debounce) and form submission
  • Desktop notification: Shows a browser notification if a compromised password is detected

Phone Scam Detection

  • Scam keyword scanning: Analyzes page content for common phone scam phrases
  • Multi-match threshold: Only triggers when 3+ distinct scam patterns are detected
  • Clear warning: Shows warning to not call any phone numbers on the page
  • Opt-in: Disabled by default

GenAI Data Leak Prevention

  • AI chat platform support: Detects sensitive data typed into ChatGPT, Gemini, Claude, Copilot, DeepSeek, Perplexity
  • Pattern detection: Scans for credit card numbers (PAN), SSN/passport numbers, API keys/secrets, passwords, and dates of birth
  • Real-time warning: Shows a prominent notification when sensitive data is detected
  • XHR/fetch monitoring: Also checks request bodies for leaked sensitive data
  • Opt-in: Disabled by default

Defacement Detection

  • Known site monitoring: Checks page title on major sites for defacement indicators
  • Title analysis: Scans for “hacked”, “deface”, “pwned”, “owned”, “breach” in the page title
  • Immediate warning: Shows a warning banner if defacement is suspected
  • Opt-in: Disabled by default

Extension Risk Audit

  • Permission analysis: Scans all installed extensions and categorizes risk level (critical/high/medium/low)
  • Dangerous detection: Flags extensions with nativeMessaging, debugger, proxy, history, <all_urls> access
  • Risk scoring: Critical = high-risk permissions + all-sites access; High = high-risk permissions or all-sites + medium permissions
  • On-demand scan: “Scan Now” button in the Advanced tab

Phishing Link Detection

  • Brand impersonation check: Scans all <a> links for misspelled brand domains (g00gle.com, faceb00k.com, paypa1.com)
  • IP-based URL detection: Flags IP-address links combined with login/banking keywords
  • URL shortener identification: Detects bit.ly, tinyurl, t.co, and more
  • Excessive subdomain detection: Flags 4+ subdomains combined with login/verify paths
  • Click interceptor: Prevents navigation to flagged links with confirmation modal
  • Opt-in: Disabled by default

HTTPS Enforcement

  • Automatic upgrades: 80 DNR upgradeScheme rules for major sites
  • Main frame only: Upgrades top-level navigations to HTTPS; sub-resources handled by mixed content detection

Mixed Content Detection

  • HTTPS page scanning: Detects HTTP resources on HTTPS pages
  • Upgrade to HTTPS: Automatically rewrites http:// to https:// for images, iframes, embeds, and objects
  • Script removal: Removes HTTP scripts (cannot be safely upgraded)