Source Code $19

Checkout Security Shield

The padlock means the connection is encrypted. It says nothing about what the scripts on the page are doing.

The fraud happens on legitimate sites

Formjacking — also called Magecart attacks — injects malicious JavaScript into legitimate retailers' checkout pages. The attack runs silently: you type your card number, the store processes your order normally, and a second script copies your card data to a remote server in the same fraction of a second.

You receive the order confirmation. The fraud charges appear on your statement days or weeks later. The FTC reported $15.9 billion in consumer fraud losses in the most recent annual report. The FBI's Internet Crime Complaint Center processes roughly 3,000 cybercrime complaints every day.

A significant share of these involve payment data stolen at checkout from legitimate, HTTPS-secured websites.

Step by step

  1. Install the extension in Chrome.
  2. Navigate to any checkout page.
  3. The extension audits every script loaded on the page against a list of known legitimate payment processor domains.
  4. It intercepts navigator.sendBeacon and fetch calls during form submission to detect unauthorized data exfiltration attempts.
  5. Suspicious activity is flagged before you submit your card details.

Online shoppers

Anyone who regularly enters card details online and wants a script-level check running before they hit submit.

Developers building payment security tools

The source code includes the script auditor, beacon interceptor, and payment endpoint verification logic.

  • Full Chrome extension source code (Manifest V3)
  • Script domain auditor against known payment processors
  • navigator.sendBeacon interceptor
  • fetch() monitoring during form submission
  • Vanilla JavaScript, no dependencies

Your card details deserve more than a padlock.

The attack happens before you click submit. The defense has to happen there too.

Get the source code ($19) →

One-time payment · No account required · Instant download