PhishClean by PhishClean
Privacy-first phishing and token leakage protection. All detection runs locally on your device.
Some features may require paymentSome features may require payment
Available on Firefox for Android™Available on Firefox for Android™
Extension Metadata
Screenshots
About this extension
PhishClean detects phishing pages, token leaks, and credential theft in real time — entirely inside your browser. No data ever leaves your device.
What it catches:
How it works:
Install and browse normally. PhishClean runs in the background, scanning every page using local pattern matching and heuristics. No cloud lookups, no browsing history transmitted, no tracking. When a threat is detected, you see an on-page warning with a risk score, a plain-English explanation of what was found, and options to go back, ignore, or trust the domain.
Free vs Pro:
The free plan covers basic phishing detection — login page analysis, domain mismatch checks, and form structure scanning. Pro unlocks all 14 detection signals: secret leak scanning, JWT monitoring, hidden iframe detection, HTTPS downgrade alerts, network request analysis, and downloadable PDF threat reports.
Privacy by design:
The only data PhishClean sends to our server is an anonymous install ID and your extension version — used solely for license verification. Zero browsing data, zero page content, zero tokens. Everything else stays on your machine.
Website: https://phishclean.com
Privacy policy: https://phishclean.com/privacy
What it catches:
- Phishing login pages with domain mismatches and suspicious form structures
- Leaked API keys and secrets exposed in page source code (AWS, Google Cloud, Stripe, GitHub, Firebase, and more)
- JWT tokens exposed in URLs, localStorage, or network requests
- Hidden iframes used for clickjacking and session hijacking
- HTTPS-to-HTTP downgrade attacks that strip your encryption
- Authorization headers silently sent to third-party domains
- Passwords submitted over unencrypted HTTP connections
How it works:
Install and browse normally. PhishClean runs in the background, scanning every page using local pattern matching and heuristics. No cloud lookups, no browsing history transmitted, no tracking. When a threat is detected, you see an on-page warning with a risk score, a plain-English explanation of what was found, and options to go back, ignore, or trust the domain.
Free vs Pro:
The free plan covers basic phishing detection — login page analysis, domain mismatch checks, and form structure scanning. Pro unlocks all 14 detection signals: secret leak scanning, JWT monitoring, hidden iframe detection, HTTPS downgrade alerts, network request analysis, and downloadable PDF threat reports.
Privacy by design:
The only data PhishClean sends to our server is an anonymous install ID and your extension version — used solely for license verification. Zero browsing data, zero page content, zero tokens. Everything else stays on your machine.
Website: https://phishclean.com
Privacy policy: https://phishclean.com/privacy
Rated 5 by 1 reviewer
Permissions and data
Required permissions:
- Access browser tabs
- Access browser activity during navigation
- Access your data for all websites
Optional permissions:
- Access your data for all websites
Data collection:
- The developer says this extension doesn't require data collection.
More information
- Add-on Links
- Version
- 1.1.1
- Size
- 161.43 KB
- Last updated
- 13 hours ago (Mar 10, 2026)
- Related Categories
- License
- All Rights Reserved
- Privacy Policy
- Read the privacy policy for this add-on
- Version History
- Add to collection