How it works

No cloud inspection.
No network reconfiguration.
Just the browser.

SnareEdge works entirely inside the browser. Everything happens on-device, at the moment a user lands on a page or enters a credential. Here's exactly how.

The four steps that happen in every page load

From URL resolution to credential submit.

SnareEdge runs continuously while a browser tab is active, but the decisive moments are these four.

  1. 01

    URL landing and reputation check

    When a user navigates to a page, SnareEdge compares the URL against a locally-cached reputation list. Typosquats, homograph domains, newly-registered lookalikes, and suspicious SSL patterns are flagged within the first 200ms.

  2. 02

    Content-level phishing analysis

    For pages that pass URL reputation but still look suspicious (hosted on legitimate cloud infrastructure, for example), SnareEdge runs on-device classification on the rendered page for phishing indicators. Still entirely local: nothing leaves the browser.

  3. 03

    Credential reuse detection

    When a user enters a password, SnareEdge computes a one-way hash locally and checks it against known-good-site hashes it has cached. If the same credential has been used on a legitimate site, the user is warned before submit: the phishing page never gets the credential.

  4. 04

    Warning banner and reporting

    If any of the above triggers, the user sees a full-page warning banner and can choose to stay or go back. The event is logged for the admin dashboard (aggregated metadata only: no URLs, no credentials).

Why this architecture

The three design choices that make it fast enough for the browser.

Most enterprise phishing protection runs in the cloud. SnareEdge runs in the browser. These are the trade-offs we made.

Local-first classifier

The phishing classifier is a small model that runs entirely in the browser process, adding under 15ms of latency to page load. No cloud round-trips.

Periodic reputation updates

The URL-reputation list updates every 15 minutes from our reputation service over signed channels. Your browser cache always has the most recent threats.

Hash-based credential checks

Password reuse is checked via a locally-stored one-way hash table. Your real passwords never leave the browser, even to SnareEdge: it's architecturally impossible.

Common questions

What we hear from IT admins.

Specific questions about the how-it-works details. If yours isn't here, email hello@snaredge.com.

Does SnareEdge slow down the browser?

The classifier adds under 15ms per page load on typical hardware. Most users cannot detect it perceptually. We benchmark this on every release against a mixed device fleet.

How do you handle false positives?

Users can dismiss the warning on a per-event basis; the dismissal is logged. Admins can add domain allow-lists. Current false-positive rate is below 0.3%, tuned deliberately.

Does it work in Incognito / private browsing?

Yes, the extension runs in private browsing if the user enables it during install. Admin-pushed installations include the Incognito permission by default.

What about Firefox or Safari?

Currently Chrome and Edge only. Firefox support is on the 2026 roadmap. Safari's extension APIs don't currently support the content-level inspection needed for phishing detection.

Try it on your own browser.

Install yourself in 90 seconds. No account, no admin console. See a warning the first time you hit a suspicious URL, which is usually sooner than you'd expect.

Install for free Book a setup call
Free up to 10 seats, no credit card