WEBCAT

Verifiable code for the web

WEBCAT helps people trust the websites they use by making it possible to verify the code running in their browser.

Get the Firefox extension Go to the documentation Go to the source code

The Problem

Websites can change their code at any time, and HTTPS alone does not guarantee that every user receives the same, intended web application. WEBCAT addresses this by enabling signed delivery and transparency log–backed distribution of participating web applications, allowing end users to verify exactly what they received from a website.

How WEBCAT Works

  1. Decentralized infrastructure records the trust configuration of participating domains.
  2. Transparency logs record signed manifests describing web applications, making changes publicly auditable and tamper-evident.
  3. The WEBCAT browser extension verifies: (a) that the manifest served by a domain is valid and anchored in its declared root of trust and (b) that the web application and its execution environment match the manifest.
    Verification is performed locally, and without contacting third parties or privacy leaks. If verification fails, mismatching assets are never loaded or rendered.

Read the architecture documentation

News

Resources

Browser Extension

Verify what code your browser is running

View Repository

Enrollment Infrastructure

Public, auditable infrastructure for enrollment data

View Repository

Specifications

How WEBCAT works, in detail

View Specifications

Developer CLI

Tools for integrating WEBCAT into your workflow

View CLI

For Developers and Website Administrators

If you want to enroll your website or adapt your web application to use WEBCAT, these resources will help you get started.

Enroll now Read the documentation