DomainGuard Monitor

Enterprise URL, DLP and domain monitoring for centralized visibility.

DomainGuard Monitor is a Manifest V3 browser extension for IT and security teams who need centralized visibility into what their fleet is doing on the web. Pair it with the DomainGuard dashboard (self-hosted by your organization) to see URL activity, clipboard-paste DLP events, file upload signals, and policy enforcement decisions across every managed browser. Built for the managed-install model: - Force-installed via enterprise browser management, Group Policy, or endpoint management platforms - Configured via managed_storage (server URL and tenant API key) or auto-configured by the optional local helper agent - Disclosed to end users via a one-time in-extension consent screen or via your organization's existing acceptable-use disclosure What it monitors (only after user acknowledgement or admin-managed deployment): - URLs and page titles of pages visited (main frame only) - Clipboard pastes with a built-in DLP detector that classifies cloud credentials, API keys, private keys, national ID numbers, payment card numbers, and other sensitive patterns - File upload selections (names and sizes only, never contents) - Browser, OS, and machine identity for fleet inventory What it never monitors: - Cookies, session tokens, or stored passwords - Form contents (other than the clipboard paste preview) - The contents of files you upload - Incognito or Private browsing - Browser-internal pages What the extension delivers to admins: - Real-time activity feed and policy-decision history - Per-group feature flags (audit-only, warn, or block) for incremental rollouts - Tamper-evident audit log of every administrator action - Signed compliance evidence bundles covering major security and AI governance frameworks - Threat-intel category feeds automatically synced from open-source sources - Optional AI visibility module that discovers desktop AI development tools and applies the same DLP detector to outbound prompts (detect-only by default) Privacy: every transmission uses HTTPS. Data lives on infrastructure your organization controls. Default retention is 90 days; admins can tune it. Full policy at: https://domainguard-backend-production.up.railway.app/privacy Architecture: Manifest V3 service worker, native messaging to an optional local helper agent on loopback only (never opens an external network port), per-tenant API keys, signed compliance bundles.