SubWatch

Subresource integrity watcher. Warns against site content that has changed since last visit.

SubWatch is a lightweight integrity sentinel for the modern web. The sites you visit today aren’t simple HTML files; they’re sprawling collections of JavaScript, CSS, images, fonts, iframes, and API calls pulled from dozens of servers. Every one of those sub-resources can change silently, for better or for worse. SubWatch watches them all. Why you need SubWatch Dynamic stacks, shifting code Modern build pipelines redeploy multiple times a day. A benign update might break critical workflows, or an attacker might slip in malicious script (think Magecart / web-skimming). Sensitive data deserves stability Banking portals, health dashboards, and internal admin tools shouldn’t mutate unexpectedly. If they do, you want to know immediately. You set the tolerance Some pages (news, social feeds) change constantly; others (checkout pages) should stay put. SubWatch lets you decide when a change is acceptable and when it’s a red flag. How it works First visit ➜ baseline The moment you open a domain, SubWatch fingerprints every resource with a SHA-256 hash and stores that baseline locally. Every subsequent visit ➜ compare As each sub-resource finishes loading, SubWatch re-hashes it in real time. If the hash differs from the baseline, it’s flagged as changed. Instant visual warning The extension badge lights up with the exact number of changed resources, no need to click first. Deep-dive popup Click the badge to see a color-coded table (green ✓ unchanged, red ✗ changed) plus a quick pie chart overview. Long URLs are neatly ellipsed but still clickable (with safe noopener noreferrer). You decide If you’re happy with an update, simply keep browsing. SubWatch will adopt that version as the new baseline next time. Prefer a stricter stance? Treat any red count as a cue to log out or halt transactions. Key features - Real-time badge alerts as soon as any resource deviates - Covers all resource types: scripts, styles, images, iframes, even background-image URLs - Works across HTTP & HTTPS (ideal for staging / local dev as well) - Compact visual summary (pie chart) plus full hash details on demand - Zero external calls: all hashing happens client-side; your browsing stays private - Minimal permissions: only storage, tabs, webRequest, and webNavigation - No performance drag: hashing runs after each resource loads, without blocking page render Perfect for - Security-minded users who handle banking, crypto, or PII online - DevOps and QA teams validating that prod assets match the last approved build - Researchers tracking unauthorized third-party injections over time - Anyone curious about how often their favorite sites silently swap code Quick start 1. Install SubWatch and pin it to your toolbar. 2. Browse as usual. If the badge shows 0, every resource matches the last baseline. 3. See a red number? Click to inspect changed URLs, decide if you trust them, or step away. Stay one step ahead of silent site changes and skimming attacks, install SubWatch and surf with eyes wide open.