Last updated: 27 June 2026
Weblyzer (the “extension”) runs entirely in your browser. It has no backend server and does not collect, store, sell, or transmit your browsing data to the developer or to any analytics, advertising, or tracking service. This policy explains what the extension processes and where.
To detect the technologies a site uses, Weblyzer reads — locally, in your browser — the active page’s content (HTML, scripts, runtime JavaScript globals, and cookies set on the page) and network metadata (request URLs, response headers, and the resolved server IP). This processing happens on your device. Results are kept only in your browser’s local/session storage to render the popup, report and History list, and are removed when you clear the extension’s storage. They never leave your device on their own.
A few features make a network request, and only when you trigger them. None of them send data to a Weblyzer-controlled server:
IP look-up (Hosting & network): sends the IP address you select to public IP-intelligence services (get.geojs.io, with ipwho.is and ipapi.co as fallbacks) to retrieve ASN, ISP, type and location, and to dns.google for the reverse-DNS (PTR) record. Only that IP is sent, only when you click.
DNS records look-up (DNS & email): sends the site’s domain name to dns.google (DNS-over-HTTPS) to read its public A / AAAA / MX / NS / TXT / CAA records. Only the domain name is sent, only when you click.
Probe public files (Well-known & public files): fetches a few public files from the site you are analyzing — robots.txt, /.well-known/security.txt, /.well-known/openid-configuration and apple-app-site-association. It reaches only that site; nothing is sent to any other party.
Probe GraphQL schema: sends a single GraphQL introspection query to the GraphQL endpoint the page itself already uses, executed in the page’s own context.
Header re-fetch: for a tab that was open before Weblyzer started observing it, clicking the toolbar icon re-requests that same page once to read its response headers. It reaches only the site you are already viewing.
Toolbar badge: after a page finishes loading, Weblyzer runs its detection locally and shows the number of detected technologies on the extension icon.
Scan for JWT (opt-in): reads JWT-shaped tokens from the current page’s localStorage, sessionStorage and cookies and decodes the header and claims locally so you can inspect them. The signature is not verified and no token or claim is transmitted anywhere.
TLS / certificate (Firefox only): reads the negotiated TLS version and the server certificate of the page you are viewing from the browser’s own connection info — shown to you locally, never sent.
webRequest + host access (<all_urls>) — observe requests locally to read response headers and the server IP of the sites you analyze.
scripting — inject the detector into the current tab on demand.
storage — save your settings and analysis history locally.
tabs — read the active tab’s URL, title and favicon to label the report.
clipboardWrite — copy reports (image / text / Markdown / JSON) to your clipboard.
Weblyzer does not collect, sell, or transfer any personal or sensitive user data. There is no advertising, no tracking, no telemetry, no user account, and no remote code execution. We do not use or transfer user data for any purpose unrelated to the extension’s single purpose, and never to determine creditworthiness or for lending purposes.
Weblyzer is a developer tool that collects no personal data and is not directed at children.
If this policy changes, the updated version will be posted at this URL with a revised “Last updated” date.
Weblyzer - Web Analyzer · Published by Technopartner.