Browser Lock

Potency Medium
Resilience Medium
Cost Medium
Tags: browser, lock


Browser Lock locks code to a list of browsers. This will ensure that the code will only work in one of the allowed browsers. This is a good transformation to enforce license agreements. Countermeasures can be specified (optionally) to be executed when the code is executed on an unauthorized browser.

Consider combining this transformation with obfuscation transformations to harden the resulting code making it more resilient to automated de-obfuscator tools and harder to understand by a human. You may also find useful to combine this transformation with other locks:

Code Annotation Example

// @jscrambler define browserLock {browsers: [chrome], countermeasures: {breakApplication: 1, customCallback: testFunction}} as bl1
// @jscrambler enable bl1

Option Types

Name Required Default Value Description
toleratePoisoning No N/A Avoid poisoning detection
browsers Yes N/A List of browsers where the code is allowed to run.
countermeasures Yes {"deleteCookies": false,"breakApplication": true,"realTimeNotifications": false,"dataExfiltrationPrevention": false,"selfDestruct": false} List of available countermeasures


Name Description
customCallback Name of the function to be called as a countermeasure.
deleteCookies Deletes all the cookies accessible via JavaScript.
redirect Redirects the user to a specific URL.
breakApplication Breaks the application's functionality.
realTimeNotifications Sends a notification when a violation occurs.
dataExfiltrationPrevention Prevents a malicious actor from carrying out an unauthorized data transfer by blocking network requests.
selfDestruct Attempts to damage the state and behavior of the application and/or the environment that is running the application.

Browser Compatibility

Browser Compatible Versions Tested Versions Notes
Chrome 80+ 80+
Firefox 90+ 90+
Internet Explorer 9+ 8+
Microsoft Edge 116+ 116+
Safari 13.1+ 13.1+

API Parameters


  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  "applicationId": "ZZZZZZ",
  "params": [
      "name": "browserLock",
      "options": {
        "toleratePoisoning": "VALUE",
        "browsers": [
        "countermeasures": {
          "customCallback": null,
          "deleteCookies": false,
          "redirect": null,
          "breakApplication": true,
          "realTimeNotifications": false,
          "dataExfiltrationPrevention": false,
          "selfDestruct": false