Skip to main content

Browser Extension: End-User Guide

This page is for end users of the Control Zero browser extension — the people whose ChatGPT, Claude, Gemini, and other browser AI traffic runs through the extension every day. If you are an admin looking to deploy the extension across a fleet, see Browser Extension Deployment instead.

What the extension does

The extension watches the AI sites you visit and enforces the DLP rules your organization has set. It can:

  • Alert — show a banner and let you continue.
  • Redact — rewrite your message before it leaves the browser.
  • Block — prevent the message from being sent.

Everything runs locally in the browser. Message contents never leave the page unless a rule explicitly captures them.

The badge

The extension adds a small badge to the toolbar. The color tells you the current state:

  • Green — the extension is active and healthy.
  • Yellow — paused or degraded (policy stale, waiting to sync).
  • Red — blocked state. Something is wrong; click for details.

Click the badge to open the popup.

The popup is your day-to-day interface:

  • Status — current state, last policy sync, which org you are enrolled into.
  • Pause for 10 minutes — temporarily suspend enforcement. Useful for quick testing. After 10 minutes the extension snaps back on its own; you cannot pause longer without an admin-granted exemption.
  • Recent activity — the last few rule events (what fired, what action was taken). Click an entry to see details.
  • Help / report issue — opens a pre-filled mail or form to your admin.

What you see when a rule fires

Depending on the action configured by your admin:

Alert

A dismissible banner appears at the top of the AI site with a short message explaining which rule fired. You can continue sending the message. The event is logged.

Redact

The message you typed is rewritten inline before it reaches the AI site. The redacted fragments show up as [redacted:<category>]. You can see a diff of what was changed in the popup's recent-activity log.

Block

A modal stops the submit. The modal explains which rule blocked the message and, if your admin configured one, shows a "request exception" link. The message is not sent.

Keyboard shortcut

  • Cmd/Ctrl+Shift+Z opens the popup from any tab.
  • Cmd/Ctrl+Shift+P toggles the 10-minute pause.

(Both are configurable in the extension's options page.)

Privacy

  • The extension only operates on the domains your admin enrolled it for. It does not read arbitrary pages.
  • Captured events are signed and sent to the governance backend your admin chose. The content that leaves the browser is controlled by the rule action: alerts send a short event summary; redacts send a diff record; blocks send only the rule ID and decision.

Troubleshooting

  • Badge stays yellow. Policy sync is failing. Click the badge and hit Sync now. If it keeps failing, your enrollment may have been revoked. Contact your admin.
  • Badge is red on a site you use daily. The site is on your org's blocked list. Ask your admin.
  • Popup says "not enrolled". Your extension was installed without an enrollment key. Your admin can redeploy with the right key from the browser-extension deployment page.