SiteRay - Website Trust Scores od SiteRay Site Security

SiteRay displays website trust scores directly in your browser toolbar, helping you assess the trustworthiness of any website you visit.

Features

• Trust score badge on the toolbar icon — shows a numeric score (0–100) or color-coded symbol (green/yellow/red) for every website you visit
• Optional trust bar — a thin color-coded bar at the top or bottom of the page for at-a-glance safety indication
• Trigger scans for websites that haven't been analyzed yet, or request a rescan for stale results
• View full scan reports on the SiteRay website with one click
• Customizable display — choose between numeric scores or symbols, adjust trust bar position and size
• Sign in with email/password or via Google, GitHub, or Apple

Requirements

A free SiteRay account is required. You can create one at https://siteray.eu or through the extension's sign-up link.

Permissions and why we need them

• Access your data for all websites (content script on all HTTP/HTTPS pages): Used solely to inject the optional trust bar — a thin colored line indicating the site's risk level. The content script does not read, collect, or transmit any page content.
• Storage: Stores your authentication tokens and extension settings (icon display mode, trust bar preferences) locally on your device.
• Tabs: Allows the extension to detect which website is in the active tab and update the toolbar badge and trust bar across all open tabs when results change.
• Alarms: Used to periodically check for scan completion when a scan is in progress, so your badge updates even if the popup is closed.
• Host permission (api.siteray.eu): All API communication goes exclusively to SiteRay's API server for authentication, trust score lookups, and scan operations.

Privacy and data collection

What we send to SiteRay servers:
- Domain names only — when you navigate to a website, the extension sends only the domain name (e.g., "example.com") to the SiteRay API to retrieve its trust score. Full URLs, paths, query strings, and page content are never sent.
- Account credentials — your email and password (or OAuth token) are sent once during login to authenticate your session.

What we do NOT collect:
- We do not collect, read, or transmit any page content, form data, or browsing history.
- We do not track which pages you visit within a site — only the domain is used.
- We do not send data to any third parties. All communication is exclusively with api.siteray.eu.
- Local and private network addresses (localhost, 127.0.0.1, 192.168.x.x, 10.x.x.x, and other private ranges) are never sent to the server — they are filtered out entirely on the client side.

What is stored locally on your device:
- Authentication tokens (access and refresh tokens) for your logged-in session
- Your basic account info (email and subscription tier) for display in the popup
- Extension settings (icon display mode, trust bar enabled/position/size)
- Temporary in-memory cache of recent lookup results (cleared when the browser restarts)

All local data is cleared when you log out.

Open source

This extension is open source under the MIT license. Source code: https://github.com/AriKimelman/SiteRay-Extension