Browser Lock

Potency Medium
Resilience Medium
Cost Medium
Tags: browser, lock


Browser Lock locks code to a list of browsers. This will ensure that the code will only work in one of the allowed browsers. This is a good transformation to enforce license agreements. Countermeasures can be specified (optionally) to be executed when the code is executed on an unauthorized browser.

Consider combining this transformation with obfuscation transformations to harden the resulting code making it more resilient to automated de-obfuscator tools and harder to understand by a human. You may also find useful to combine this transformation with other locks:

Code Annotation Example

// @jscrambler define browserLock {browsers: [chrome], countermeasures: {breakApplication: 1, customCallback: testFunction}} as bl1
// @jscrambler enable bl1

Option Types

Name Required Default Value Description
browsers Yes N/A List of browsers where the code is allowed to run.
countermeasures Yes {"deleteCookies": false,"breakApplication": true,"realTimeNotifications": false,"selfDestruct": false} List of available countermeasures


Name Description
customCallback Name of the function to be called as a countermeasure.
deleteCookies Deletes all the cookies accessible via JavaScript.
redirect Redirects the user to a specific URL.
breakApplication Breaks the application's functionality.
realTimeNotifications Sends a notification when a violation occurs.
selfDestruct Attempts to damage the state and behavior of the application and/or the environment that is running the application.

Browser Compatibility

Browser Compatible Versions Tested Versions Notes
Chrome 50+ 50+
Firefox 50+ 40+
Internet Explorer 8+ 8+
Microsoft Edge 18+ 18+
Safari 9.1+ 9.1+

API Parameters


  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  "applicationId": "ZZZZZZ",
  "params": [
      "name": "browserLock",
      "options": {
        "browsers": [
        "countermeasures": {
          "customCallback": null,
          "deleteCookies": false,
          "redirect": null,
          "breakApplication": true,
          "realTimeNotifications": false,
          "selfDestruct": false