Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

For Users

Getting Started

Users can install the WEBCAT extension via the Mozilla Add-ons Store (AMO). Firefox is currently the only supported browser.

👉 Get the extension

The extension is currently untested on Firefox for Android and is known not to work on Tor Browser.

Once installed, the extension runs autonomously in the background without any further configuration.

Successful Validation

When visiting a successfully validated WEBCAT-enrolled website, the following icon will appear on the top-right of the URL bar:

Screenshot of element.demo.webcat.tech with the icon in the url bar highlighted.

You can test the extension on the following demo websites:

Validation or Integrity Errors

If an integrity or validation error occurs, the user will be redirected to a dedicated error page.

The error page displays a specific error code indicating at which stage of the validation process the issue occurred.

Screenshot of enrollment-error.demo.webcat.tech being blocked.

You can test various validation and integrity error cases at:

Error Codes

Below is a reference table describing all WEBCAT error codes.

Each error code indicates the validation stage and failure reason. As an end user, you might want to report any of these errors to the website administrators, if it is safe to do so.

Fetch Errors

Error CodeComponentDescription
ERR_WEBCAT_BUNDLE_FETCH_PROMISE_MISSINGFetchInternal fetch promise missing when attempting to retrieve bundle data.
ERR_WEBCAT_BUNDLE_FETCH_ERRORFetchFailed to fetch required enrollment or manifest data from the website.

Bundle Errors

Error CodeComponentDescription
ERR_WEBCAT_BUNDLE_MALFORMEDBundleThe WEBCAT bundle structure is invalid or improperly formatted.
ERR_WEBCAT_BUNDLE_MISSING_ENROLLMENTBundleEnrollment information is missing from the bundle.
ERR_WEBCAT_BUNDLE_MISSING_MANIFESTBundleManifest information is missing from the bundle.
ERR_WEBCAT_BUNDLE_MISSING_SIGNATURESBundleSignatures are missing from the manifest.

Enrollment Errors

Error CodeComponentDescription
ERR_WEBCAT_ENROLLMENT_TYPE_INVALIDEnrollmentEnrollment type is invalid or unsupported.
ERR_WEBCAT_ENROLLMENT_MISMATCHEnrollmentEnrollment information does not match the expected value.
ERR_WEBCAT_ENROLLMENT_POLICY_MALFORMEDEnrollment (Sigsum)The enrollment policy is malformed.
ERR_WEBCAT_ENROLLMENT_POLICY_LENGTHEnrollment (Sigsum)The enrollment policy exceeds allowed limits.
ERR_WEBCAT_ENROLLMENT_SIGNERS_MALFORMEDEnrollment (Sigsum)The list of signers is malformed.
ERR_WEBCAT_ENROLLMENT_SIGNERS_EMPTYEnrollment (Sigsum)No valid signers are defined in the enrollment.
ERR_WEBCAT_ENROLLMENT_SIGNERS_KEY_MALFORMEDEnrollment (Sigsum)A signer's public key is invalid or improperly formatted.
ERR_WEBCAT_ENROLLMENT_THRESHOLD_MALFORMEDEnrollment (Sigsum)The signature threshold value is malformed.
ERR_WEBCAT_ENROLLMENT_THRESHOLD_IMPOSSIBLEEnrollment (Sigsum)The threshold cannot be satisfied with the given signers.
ERR_WEBCAT_ENROLLMENT_LOGS_MALFORMEDEnrollment (Sigsum)Transparency log configuration is malformed.
ERR_WEBCAT_ENROLLMENT_MAX_AGE_MALFORMEDEnrollmentThe max-age parameter is invalid.
ERR_WEBCAT_ENROLLMENT_TRUSTED_ROOT_MISSINGEnrollment (Sigstore)Trusted root information is missing.
ERR_WEBCAT_ENROLLMENT_CLAIMS_MISSINGEnrollment (Sigstore)Required OIDC claims are missing.
ERR_WEBCAT_ENROLLMENT_CLAIMS_MALFORMEDEnrollment (Sigstore)OIDC claims are malformed.
ERR_WEBCAT_ENROLLMENT_CLAIMS_EMPTYEnrollment (Sigstore)No OIDC claims were provided.

Manifest Errors

Error CodeComponentDescription
ERR_WEBCAT_MANIFEST_VERIFY_FAILEDManifestManifest signature verification failed.
ERR_WEBCAT_MANIFEST_THRESHOLD_UNSATISFIEDManifestSignature threshold was not satisfied.
ERR_WEBCAT_MANIFEST_MISSING_TIMESTAMPManifestRequired timestamp is missing.
ERR_WEBCAT_MANIFEST_TIMESTAMP_VERIFY_FAILEDManifestTimestamp verification failed.
ERR_WEBCAT_MANIFEST_EXPIREDManifestManifest has expired based on max-age.
ERR_WEBCAT_MANIFEST_FILES_MISSINGManifestRequired file entries are missing.
ERR_WEBCAT_MANIFEST_DEFAULT_INDEX_MISSINGManifestDefault index configuration missing.
ERR_WEBCAT_MANIFEST_DEFAULT_INDEX_MISSING_FILEManifestDefault index file not found in manifest.
ERR_WEBCAT_MANIFEST_DEFAULT_FALLBACK_MISSINGManifestDefault fallback configuration missing.
ERR_WEBCAT_MANIFEST_DEFAULT_FALLBACK_MISSING_FILEManifestDefault fallback file not found in manifest.
ERR_WEBCAT_MANIFEST_DEFAULT_CSP_MISSINGManifestDefault Content Security Policy missing.
ERR_WEBCAT_MANIFEST_DEFAULT_CSP_INVALIDManifestDefault CSP is invalid.
ERR_WEBCAT_MANIFEST_EXTRA_CSP_INVALIDManifestAdditional CSP directive invalid.
ERR_WEBCAT_MANIFEST_EXTRA_CSP_MALFORMEDManifestAdditional CSP directive malformed.
ERR_WEBCAT_MANIFEST_WASM_MISSINGManifestWebAssembly information missing.

CSP Errors

Error CodeComponentDescription
ERR_WEBCAT_CSP_PARSE_FAILEDCSPFailed to parse Content Security Policy header.
ERR_WEBCAT_CSP_MISMATCHCSPCSP header does not match the manifest specification.

Header Errors

Error CodeComponentDescription
ERR_WEBCAT_HEADERS_MISSINGHeadersRequired WEBCAT headers are missing.
ERR_WEBCAT_HEADERS_LOCATION_EXTERNALHeadersRedirected to an external location not allowed by policy.
ERR_WEBCAT_HEADERS_FORBIDDENHeadersForbidden header configuration detected.
ERR_WEBCAT_HEADERS_DUPLICATEHeadersDuplicate critical headers detected.
ERR_WEBCAT_HEADERS_MISSING_CRITICALHeadersMissing required security-critical headers.
ERR_WEBCAT_HEADERS_ENROLLMENT_MALFORMEDHeadersEnrollment header is malformed.

URL Errors

Error CodeComponentDescription
ERR_WEBCAT_URL_UNSUPPORTEDURLThe visited URL scheme is unsupported by WEBCAT.

File Integrity Errors

Error CodeComponentDescription
ERR_WEBCAT_FILE_MISMATCHFileA file's hash does not match the manifest entry.