Get started

Phishing warnings in the browser — rolled out in 15 minutes.

Phishgate is a browser extension that warns employees before they enter credentials on an unapproved domain. Central whitelist, transparent logs, no cloud lock-in.

Token connection
Whitelist check
Warning at login
Install the extension

What is Phishgate?

Three building blocks, one moment of protection.

Instead of filtering mail or hardening endpoints, Phishgate intervenes at the moment phishing actually works: when a person types a password.

Token connection

The extension is activated with a company token. Configurations, whitelists and events stay neatly separated per tenant.

Whitelist check

Before any password entry, the extension checks the domain against your company whitelist and the global Phishgate whitelist (Microsoft, Google & co.).

Warning at login

If the domain is unknown, a warning fades in over the login field — a deliberate stop before credentials are lost.

Protection modes

From a gentle nudge to a hard block.

Phishgate is not a 100 % protection promise — but it creates a clear moment of friction. You decide how forceful.

LOW mode

Notice with override

Employees see the warning but can deliberately skip it. Ideal for pilots and teams that regularly evaluate new tools.

Warning overlay before password entry
Conscious confirmation possible
Event is logged in the dashboard

FULL mode

Hard block in the browser

Phishgate prevents the entry and makes the page unusable in the critical moment. Recommended for regulated teams and production rollouts.

Blocks the login page
Optional escalation to IT
Audit-ready event history

Bypassing remains technically possible — Phishgate intentionally relies on the moment of friction, not on prohibition. That very friction is what changes behavior.

Whitelist concept

Two lists, one clear standard.

You only maintain the domains that truly belong to your company. Our curated global whitelist takes care of the rest.

Company whitelist

Your own login domains, SSO endpoints and tools — managed centrally in the dashboard, instantly distributed to all extensions.

Global Phishgate whitelist

Microsoft 365, Google Workspace, Slack, GitHub and hundreds of other well-known services — curated and continuously updated.

Transparent event history

Every warning ends up in the dashboard — including domain, time and mode. Perfect for reports, audits and awareness conversations.

3-step onboarding

Productive in 15 minutes.

Step 1
01
Get a token
Register your company for free and receive an access token in the dashboard.
Step 2
02
Install the extension
Employees install the extension in Chrome, Edge or Firefox — manually or via GPO/MDM rollout.
Step 3
03
Maintain the whitelist
Add your own login domains, choose LOW or FULL mode — done.

Get going

Try Phishgate in your own browser today.

Start free, upgrade anytime. No credit card, no cloud requirement, no vendor lock-in.

Request a demo

Three building blocks, one moment of protection.

Token connection

Whitelist check

Warning at login

From a gentle nudge to a hard block.

Notice with override

Hard block in the browser

Two lists, one clear standard.

Company whitelist

Global Phishgate whitelist

Transparent event history

Productive in 15 minutes.

Get a token

Install the extension

Maintain the whitelist

Try Phishgate in your own browser today.

Three building blocks, one moment of protection.

Token connection

Whitelist check

Warning at login

From a gentle nudge to a hard block.

Notice with override

Hard block in the browser

Two lists, one clear standard.

Company whitelist

Global Phishgate whitelist

Transparent event history

Productive in 15 minutes.

Get a token

Install the extension

Maintain the whitelist

Try Phishgate in your own browser today.