Browser Extension Guide

The Noxys browser extension is your first line of defense against AI-driven data loss. It monitors 15+ AI platforms in real-time, detects sensitive data instantly, and enforces your organization's policies without requiring proxy installation or system-level certificates.

Supported Browsers & Versions

Browser	Minimum Version	Installation	Notes
Chrome	90+	Chrome Web Store or sideload	Recommended for enterprises
Edge	90+	Microsoft Edge Add-ons or sideload	Full feature parity with Chrome
Brave	1.40+	Chrome Web Store (same URL)	Drops some tracking, otherwise identical
Firefox	88+	Mozilla Add-ons or sideload (.xpi)	Full feature parity
Opera	76+	Chrome Web Store or sideload	Community-supported

Not supported: Safari, Internet Explorer, mobile browsers (support coming in v0.2)

Installation Methods

Method 1: Chrome Web Store (Recommended)

Best for organizations—automatic updates, centralized management.

1. Visit: https://chrome.google.com/webstore/detail/noxys-ai-firewall/YOUR-EXTENSION-ID
2. Click Add to Chrome
3. Review the permissions dialog
4. Click Add Extension
5. Icon appears in toolbar (top right)

For Edge, visit Microsoft Edge Add-ons with the same extension ID. For Firefox, visit Mozilla Add-ons.

Method 2: Manual Sideload (Development / Self-Hosted)

Use this if you're self-hosting or testing.

Chrome / Edge

1. Download extension ZIP: https://your-noxys.instance/downloads/extension.zip
2. Extract to a folder: /path/to/noxys-extension/
3. Open chrome://extensions/ (Chrome) or edge://extensions/ (Edge)
4. Enable Developer Mode (toggle, top right)
5. Click Load unpacked
6. Select the extracted folder
7. Icon appears in toolbar

Firefox

1. Download extension XPI: https://your-noxys.instance/downloads/extension.xpi
2. Open about:addons in Firefox
3. Click the gear icon → Install Add-on From File
4. Select the .xpi file
5. Click Add

Note: Firefox requires re-signing for some builds. If it says "This add-on is not available for your version," use the sideload method via about:debugging.

Method 3: Enterprise Deployment

For organizations using Group Policy (GPO) or Mobile Device Management (MDM):

Google Chrome (via GPO)

1. Create GPO with: Software\Policies\Google\Chrome\ExtensionInstallForcelist
2. Add value: YOUR-EXTENSION-ID;https://chrome.google.com/webstore/detail/noxys-ai-firewall/YOUR-EXTENSION-ID
3. Apply to your domain
4. Users get auto-installed extension on next login

Microsoft Edge (via GPO)

1. Create GPO with: Software\Policies\Microsoft\Edge\ExtensionInstallForcelist
2. Same value as Chrome
3. Apply to your domain

Contact your Noxys account manager for your extension ID.

Initial Configuration

After installation, configure the extension to connect to your Noxys backend.

Setup Wizard (First Run)

On first click of the extension icon:

1. Popup appears asking for Backend URL and API Token
2. Backend URL defaults to your Noxys instance (auto-detected from your browser history)
3. Paste your API token (from Dashboard → Settings → API Keys)
4. Click Save

Manual Configuration

1. Click the Noxys icon in your toolbar
2. Click the gear icon (Settings)
3. Enter:
   • Backend URL: Your Noxys instance (e.g., https://noxys.cloud)
   • API Token: From Dashboard → Settings → API Keys
   • Mode: Strict (enforce policies) or Permissive (log only)
4. Click Save

Status Indicator

The extension icon changes color based on connection status:

Color	Status	Meaning
Green	Connected	Successfully authenticated and monitoring
Red	Error	Can't reach backend or invalid token
Gray	Offline	No internet connection (local policies still enforced)
Yellow	Warning	Connection unstable or token expiring soon

Hover over the icon to see connection details.

Supported AI Platforms

The extension monitors 15+ AI platforms. Here's the complete list:

Platform	URL	Aliases	Status
ChatGPT	chat.openai.com, chatgpt.com	chatgpt	✅ Yes
Claude (Anthropic)	claude.ai	claude	✅ Yes
Google Gemini	gemini.google.com	gemini	✅ Yes
DeepSeek	chat.deepseek.com	deepseek	✅ Yes
Perplexity	perplexity.ai	perplexity	✅ Yes
Mistral	chat.mistral.ai	mistral	✅ Yes
Microsoft Copilot	copilot.microsoft.com	copilot	✅ Yes
Poe	poe.com	poe	✅ Yes (beta)
HuggingChat	huggingface.co/chat	huggingchat	✅ Yes
Grok (X AI)	grok.com	grok	✅ Yes
Mammouth AI	mammouth.ai	mammouth	✅ Yes
TypingMind	typingmind.com	typingmind	✅ Yes
OpenRouter	openrouter.ai	openrouter	✅ Yes
Windsurf (Codeium)	windsurf.com	windsurf	✅ Yes
Cursor	cursor.com	cursor	✅ Yes

Coming Soon (v0.2):

• Ollama (local)
• GitHub Copilot Chat (IDE integration)
• VS Code Copilot (IDE integration)

Note: Cursor and Windsurf are primarily IDE tools; browser extension catches web-based use only. VS Code plugin support is on the roadmap.

PII Detection Architecture

The extension uses a three-tier detection strategy, with Tier 1 running locally for speed and privacy.

Tier 1: Extension-Based Regex Detection

Runs client-side in your browser — no data sent to backend unless server-side classification is enabled.

Supported Classifications:

Type	Pattern	Examples
EMAIL	RFC 5322 regex	alice@acme.fr, john.smith@company.co.uk
PHONE	Intl formats (E.164)	+33612345678, +1-555-0123
CREDIT_CARD	Luhn algorithm (PAN)	4532-1234-5678-9010
IBAN	ISO 13616 checksum	FR1420041010050500013M02606
FR_NIR	French social security	1 85 07 75 056 045 72
FR_SIRET	French business ID	73282932000074
FR_SIREN	French company ID	732829320

Performance:

• Execution time: <10ms per message
• Memory footprint: <5MB
• Runs only on 15 AI platforms (doesn't slow down other browsing)

Tier 2: Backend-Based NER (Optional)

Deeper classification using Microsoft Presidio Named Entity Recognition.

Additional Types Detected:

• Medical terms (patient names, codes, diagnoses)
• Legal references (contract clauses, party names)
• API keys and secrets
• IP addresses (IPv4, IPv6)
• Custom patterns

How to Enable:

1. Go to extension settings → Advanced
2. Toggle Enable Server-Side Classification
3. This sends the prompt text to the backend for Tier 2 analysis (30ms latency added)

Privacy Note: With server-side enabled, the original text is temporarily processed on the backend (Presidio + custom models) then immediately deleted. See Security & Privacy for details.

Tier 3: Async SLM Classification

Context-aware classification using smaller language models (async, no impact on user experience).

Use Cases:

• Classify ambiguous content (is "smith" a name or tool name?)
• Context-dependent sensitivity (medical vs. non-medical contexts)
• Custom classification rules per organization

Risk Score Calculation

risk_score = (number_of_detections) / (content_length) × (average_confidence)

Examples:

• 1 email detected in 500 chars → risk_score ≈ 0.25
• 3 emails + 2 phone numbers in 100 chars → risk_score ≈ 0.95 (very high)
• No detections → risk_score = 0

Detection Flow

How It Works

1. User types in ChatGPT input box
   ↓
2. Extension content script detects DOM change via observer
   ↓
3. Extracts text from input field
   ↓
4. Runs Tier 1 regex patterns (emails, phone, IBAN, etc.)
   ↓
5. If matches found, calculates risk_score
   ↓
6. Calculates SHA-256 hash of content
   ↓
7. Sends to backend:
   POST /api/v1/interactions {
     platform_id: "chatgpt",
     content_hash: "a665a45920...",
     classifications: [{ type: "EMAIL", ... }],
     risk_score: 0.15,
     content_metadata: { url: "https://chat.openai.com", ... }
   }
   ↓
8. Backend evaluates policies (block/coach/log)
   ↓
9. If action = "block", backend sends response
   ↓
10. Extension prevents submission (blocks button click or shows warning)

No Proxy Required

Unlike other security tools, Noxys extension does NOT require:

• MITM proxy installation
• Corporate certificate installation
• VPN integration
• System-level interception

It works entirely in the browser sandbox using the WebExtensions API.

Policy Actions

When the extension detects content matching a policy, three outcomes are possible:

Block

The interaction is prevented. Extension blocks the send button or form submission.

• User sees: Red banner "This message contains sensitive data. Blocked by policy: Block PII on ChatGPT"
• Backend logs: Policy violation with timestamp, user, platform, risk score
• Admin sees: Alert in dashboard
• Action: User must edit or cancel

Coach

A warning appears, but the message is NOT blocked. User can still send.

• User sees: Yellow banner "This message contains sensitive data. Review before sending."
• Backend logs: Coaching event with classifications
• Admin sees: Alert in dashboard (non-blocking)
• Action: User can click "Send anyway" or edit

Log

Interaction is silently logged (no UI). User doesn't see a warning.

• User sees: Nothing
• Backend logs: Interaction with classifications and policy decision
• Admin sees: In Interactions list and Audit Log (after filtering)
• Action: User behavior unaffected

Privacy & Security Model

What's Captured

• Platform ID (chatgpt, claude, deepseek, etc.)
• SHA-256 hash of your message (NOT the message itself)
• Classifications detected (PII types, counts)
• URL and metadata (model, timestamp)
• Your user ID (from JWT token)

What's NOT Captured

• Raw prompt text (except for server-side Tier 2, which is immediately deleted)
• Response text from the AI
• Your password or session tokens
• Other browser tabs or history
• Any personal files or desktop data

Data Flow (Secure)

Browser Extension (local)
    ↓
    SHA-256 hash + classifications only
    ↓
TLS 1.3 encrypted connection
    ↓
Noxys Backend (encrypted at rest)
    ↓
PostgreSQL (with AES-256 encryption)

All communication is encrypted in transit (TLS 1.3) and at rest (database encryption).

Offline Mode

If the backend is unreachable (network offline, server down), the extension enters offline mode:

• Status icon turns gray
• Local policies (if cached) are still enforced
• Interactions are queued locally
• When connection restored, queued interactions are sent in batch
• Queue persists for up to 24 hours in extension storage

To test offline mode:

1. Open DevTools (F12) → Application → Service Workers
2. Check Offline checkbox
3. Try using ChatGPT — warning should still appear if cached policies apply

Advanced Configuration

Change Backend URL

For self-hosted or multi-region deployments:

1. Click extension icon → Settings → Advanced
2. Change Backend URL to your custom domain (e.g., https://noxys.mycompany.com)
3. Click Test Connection

Adjust Detection Sensitivity

1. Click extension icon → Settings → Advanced
2. Under Classification Sensitivity:
   • Strict (default): Requires high confidence matches (>0.9)
   • Balanced: Medium confidence (>0.7)
   • Permissive: Any match (>0.5)
3. Save

Lower sensitivity = more false positives but catches edge cases.

Enable Debug Mode

For troubleshooting:

1. Click extension icon → Settings → Advanced
2. Toggle Debug Mode
3. Open DevTools (F12) → Console
4. Refresh page
5. You'll see detailed logs of DOM scanning, hash calculation, and API calls

Troubleshooting

Extension Shows Red Icon (Connection Error)

Problem: Can't connect to backend.

Diagnostic Steps:

1. Click the extension icon
2. Look at the status message (hover over the icon)
3. Go to Settings → Advanced
4. Verify Backend URL is correct (should be your Noxys instance domain)
5. Verify API Token is valid (copy from Dashboard → Settings → API Keys)
6. Check your internet connection (try opening Noxys dashboard in browser)

Solution:

• If token expired, generate a new one: Dashboard → Settings → API Keys → Generate Key
• Paste into extension settings
• Click Test Connection button
• If error persists, check network tab (F12 → Network) for exact error

Extension Not Detecting AI Interactions

Problem: Dashboard shows no activity even though you're using ChatGPT.

Diagnostic Steps:

1. Confirm extension is installed and enabled (check toolbar)
2. Confirm backend is connected (status icon should be green)
3. Open ChatGPT in the browser where extension is installed
4. Check extension permissions: Go to chrome://extensions/ → Noxys → Details → Permissions
   • Must include: "Read and change your data on chat.openai.com" and similar for other platforms
5. Open F12 (DevTools) → Console tab
6. Refresh ChatGPT
7. Look for errors related to Noxys or API calls

Solution:

• If permission missing, uninstall and reinstall extension
• Some enterprise policies block WebExtensions; contact IT
• For Brave browser, ensure Shields down for ChatGPT (click shield icon → turn off)
• Try a different AI platform (e.g., Claude instead of ChatGPT) to isolate the issue

Policy Not Blocking Interaction

Problem: Policy is enabled but message wasn't blocked.

Diagnostic Steps:

1. Go to Dashboard → Interactions
2. Find the recent interaction that should have been blocked
3. Click to view details: platform_id, risk_score, classifications
4. Go to Dashboard → Policies
5. Click the policy that should have triggered
6. Review conditions and compare against the interaction's fields:
   • Does platform_id match?
   • Is risk_score above threshold?
   • Do classifications match the classification_types condition?
7. Check priority: Is this policy's priority lower (higher precedence) than others?

Solution:

• If conditions don't match, edit the policy to be more permissive (or the interaction data is unexpected)
• If priority is wrong, adjust so critical policies run first
• Confirm policy is enabled (toggle must be on)

Extension Slowing Down Browser

Problem: Performance degrades after installing extension.

Diagnosis:

• Noxys uses <5MB memory (extension + background script)
• DOM scanning runs only on AI platforms (15 sites)
• Regex matching is optimized (<10ms per message)

Potential causes:

• Other extensions conflicting
• Too many tabs open
• Backend under load (API responses slow)

Solution:

• Check browser memory: Ctrl+Shift+Esc (Chrome) → Task Manager → Extensions
• Disable Noxys temporarily via chrome://extensions/ (toggle off)
• If performance improves, Noxys isn't the culprit
• Enable back and check API connectivity (Settings → Test Connection)
• If backend is slow, contact support

Extension Crashes or Stops Working

Problem: Status icon disappears or "extension has an error" message.

Solution:

1. Go to chrome://extensions/
2. Find Noxys
3. Toggle off then on (force reload)
4. If still broken, click Remove
5. Reinstall from Chrome Web Store
6. Reconfigure with API token

If crash persists, share the error details:

• Open chrome://extensions/ → Noxys → Errors
• Copy error message
• Email support@noxys.eu with browser version and error

Permissions Denied on Some Platforms

Problem: Extension works on ChatGPT but not Claude.

Cause: Browser permissions for content scripts.

Solution:

1. Go to chrome://extensions/ → Noxys → Details
2. Scroll to Permissions → Manage permissions
3. Add claude.ai to the allowed sites
4. Refresh Claude in browser
5. Extension should now work

Next Steps

• Admin Console Guide — Manage policies and users
• Policy Configuration — Create blocking and coaching policies
• PII Detection Types — Understand detection tiers and classifications
• Admin Console — Common issues and solutions

---

Need help?

• Email: support@noxys.eu
• Documentation: /docs/
• Status: Check our status page at status.noxys.cloud

Extension version: 0.1.0 | Last updated: 2026-03-20