Live|7,500+ fingerprints · 12 CVE feeds · 0 telemetry

Browser-grade
threat intelligence
for every website.

ThreatForge Pro audits the page you're on in milliseconds — fingerprinting the full tech stack, grading security headers, inspecting CSP and mixed content, matching detected versions against known CVEs, and surfacing trackers, JWTs and dangling subdomains. No accounts. No external calls. Your data never leaves the tab.

See it in action

7.5K+: fingerprints
140+: CVE patterns
0: external calls

popup · 420×640

⌘⇧T

ThreatForgePro

netflix.com · scanned 0.42s

Export

Overview

Tech

Security

Network

grade B

Security posture

Strong

14 pass3 warn1 crit

Stack

3rd parties

Trackers

Live findings

3 of 18

HIGHMissing Content-Security-Policy
MEDCookie 'sid' without Secure flag
LOWjQuery 3.4.1 → CVE-2020-11023

01Capabilities

Eleven analyzers running in parallel — every page, every reload.

Security · A–F grade

Posture scoring with weighted heuristics across headers, cookies, CSP, SRI, mixed-content & detected stack.

Severity-banded findings, remediation hints, and one-click drill-down to the exact failing directive.

CSPHSTSXFOXCTORef-PolicyPerm-PolicySRI

Tech fingerprint

7,500+ technologies, versioned.

JS globals, DOM, headers, cookies, regex & probe rules — confidence scored 0–100.

CVE matching

Known-vulnerable versions, flagged.

140+ curated CVE patterns across React, jQuery, Bootstrap, WordPress, nginx, PHP, Node, more.

Trackers

Tracker & analytics map

Classifies hosts against the open trackers DB.

JWT scan

JWTs in client storage

Decode, validate, surface XSS-exfil risk.

Watchlist

Daily monitoring

Track posture drift across domains you care about.

Perf

Web Vitals + render-blocking

LCP, FCP, TTFB & resource budgets — live from the page.

Export

JSON · Markdown · PDF

One-click reports, clipboard or file.

Private

Zero external calls

All analysis runs in your browser. No telemetry, ever.

02The engine

A real audit, not a wallpaper.

Eleven inspectors. One pass. Under half a second.

ThreatForge Pro injects an isolated probe into the active tab, mirrors the page's response headers, snapshots cookies and storage, replays performance entries, and runs every analyzer in parallel. Findings stream into the popup as they resolve.

Probe
Same-origin scripts + JS-globals + DOM signatures
Headers
CSP parser, HSTS, XFO, XCTO, Referrer & Permissions policies
Network
3rd-party host map, tracker classifier, takeover hints
Forms
CC-field exposure, missing CSRF, autocomplete leakage

~ threatforge · scan

> tforge scan https://example.com
[ok]   target acquired · 1 frame
[ok]   headers · 14 fields parsed
[ok]   probe  · 23 technologies (avg 91% confidence)
[warn] cookies · 'sid' missing Secure & SameSite
[crit] headers · no Content-Security-Policy
[warn] mixed   · 2 active mixed-content references
[ok]   csp     · upgrade-insecure-requests verified
[warn] cve     · jquery 3.4.1 → CVE-2020-11023
[ok]   trackers · 4 hosts categorised
[ok]   vitals  · LCP 1.84s · FCP 0.71s
score  86 / 100  · grade B
$ _

03Deployment

Four steps. Thirty seconds. No store required.

step · 01

Download

Pull the signed .zip bundle.

step · 02

chrome://extensions

Paste into Chrome, Edge, Brave, Arc, Opera.

step · 03

Developer mode

Toggle on, top-right of the page.

step · 04

Load unpacked

Select the unzipped folder. Pin for one-click access.

ready

Deploy ThreatForge Pro v2.0.0

Manifest V3 · 412 KB · Chromium-compatible browsers

Zero data exfiltration

No analytics, no server. Every byte stays in the tab.

Auditable source

Open analyzers, deterministic rules — no black-box ML.

Manifest V3

Minimum-privilege permissions, isolated content script.

Browser-gradethreat intelligencefor every website.