Reveal URLs — User Manual

Reveal URLs is a small browser extension (and Thunderbird add-on) that shows you where a link in your email really goes, so you can spot a phishing link before you click it.

This manual explains how to install Reveal URLs and how to use it. For how your data is handled see the privacy policy; for a technical overview of how the extension is built see the architecture overview.

Found a bug, a link that was flagged wrongly (or missed), or a webmail host that should be supported? Please report it on the Codeberg issue tracker.

What it does and why
Supported browsers and the mail client
Installing
Using it
The Outlook and Gmail add-ons
Languages
Privacy
Troubleshooting
Licence and source

What it does and why

A phishing email hides a hostile destination behind trustworthy-looking link text. The text may read paypal.com, while the link actually points at paypa1.com or some other look-alike host. The visible text can lie; the real destination cannot.

Reveal URLs reads each link in the message you are reading and shows you its real destination. When the host named in the link text disagrees with the host the link actually points to, Reveal URLs flags it, so the mismatch is obvious before you click.

A Gmail message with Reveal URLs active: a deceptive link is flagged in red with its real tracking destination revealed above the link text, while an honest link is shown in green.

In the browser extension and the Thunderbird add-on, everything happens on your own device, transmitting nothing. Across every form, Reveal URLs sends none of your email data to us or to any third party — there is no analytics and no tracking. (The forms differ in where they run and how the Outlook pane's code is served; see the Privacy section and the privacy policy for the full details.)

Supported browsers and the mail client

Reveal URLs runs on:

Google Chrome
Microsoft Edge
Opera
Mozilla Firefox
Mozilla Thunderbird (the desktop mail client)

A Safari build is not yet shipped; it is planned for a later phase.

On the browser targets, Reveal URLs annotates links in your webmail. In Thunderbird it annotates the links in the email you are reading directly in the mail client.

Installing

From your browser's or mail client's store (recommended)

Once published, install Reveal URLs from the store for your browser or mail client. Publication is pending, so these listings are the intended distribution route rather than live links today:

Chrome — the Chrome Web Store
Edge — Microsoft Edge Add-ons
Opera — the Opera add-ons site
Firefox — Firefox Add-ons (AMO)
Thunderbird — Thunderbird Add-ons (ATN)

Loading a build yourself (developers and early testing)

If you have built Reveal URLs from source, you can load the unpacked build directly. Each target is built with a make command and produced under dist/<target>/:

make build-chrome        # produces dist/chrome
make build-edge          # produces dist/edge
make build-opera         # produces dist/opera
make build-firefox       # produces dist/firefox
make build-thunderbird   # produces dist/thunderbird

Then load the resulting folder:

Chrome — open chrome://extensions, turn on Developer mode, click Load unpacked and select dist/chrome.
Edge — open edge://extensions, turn on Developer mode, click Load unpacked and select dist/edge.
Opera — open opera://extensions, turn on Developer mode, click Load unpacked and select dist/opera.
Firefox — open about:debugging, choose This Firefox, click Load Temporary Add-on and select any file inside dist/firefox (for example its manifest.json). A temporary add-on is removed when Firefox restarts.
Thunderbird — install the temporary add-on from dist/thunderbird the same way (via Tools → Developer Tools → Debug Add-ons → Load Temporary Add-on).

The settings page opens automatically the first time the extension is installed.

Using it

Out of the box, Reveal URLs annotates the links in messages on the built-in providers — no setup required:

Gmail (mail.google.com)
Outlook Live (outlook.live.com)
Outlook on the web / Microsoft 365 (outlook.office.com)
Proton Mail (mail.proton.me)

Annotation is scoped to the message body, so the app's own chrome — its sidebar, compose window and toolbars — is left untouched. In Thunderbird, the whole rendered email is covered.

Reveal URLs annotating a Gmail message: each link's real destination is shown on its own line above the link text, with a mismatching tracking link flagged in red and an honest link in green.

The two reveal modes

You choose how the real URL is shown, under Reveal the URL on the settings page:

Inline — the real URL is shown on its own line, just above the link text. This is the default.
In the link's tooltip (title) — the real URL is placed in the link's tooltip, so it appears when you hover over the link.

Mismatch highlighting

When the host named in a link's visible text disagrees with the host the link actually points to, Reveal URLs flags it as a mismatch. The comparison is done on the registrable domain, so an honest sub-domain such as mail.example.com for example.com is not flagged, while a look-alike such as paypa1.com for paypal.com is.

In inline mode a mismatch is shown in your chosen mismatch colour and in bold.
In tooltip (title) mode a distinctive ⚠ URL mismatch badge is added beside the link.

Two related settings control this:

Highlight mismatching links turns the mismatch emphasis on or off.
Only annotate mismatching links leaves honest links completely untouched, so only the suspicious ones are revealed.

The settings page: the 'Reveal the URL' mode selector, the 'Highlight mismatching links' toggle, and the mismatch and match colour fields.

In Chrome, Edge, Opera and Firefox, the Reveal URLs toolbar icon is a quick on/off switch — click it to toggle annotation. When the extension is switched off, an OFF badge appears on the icon, and its tooltip tells you whether clicking will turn it on or off. The change takes effect in every open tab at once.

(Thunderbird does not have this toolbar button; use the Enable switch on the settings page instead.)

The settings page

The settings page holds every option. Open it from your browser's extensions page (for example Details → Extension options), or it opens automatically on first install.

Enable Reveal URLs — the master on/off switch, at the very top of the page. It takes effect immediately, without needing to save the rest of the form.
Display language — choose the language the settings page is shown in. By default it follows your browser's language, falling back to English; pick another from the list to override it. Your choice takes effect at once, is remembered for next time, and is stored only on this device (it never changes the rest of your settings).
Reveal the URL — choose inline or tooltip (title) mode (see above).
Highlight mismatching links — turn mismatch emphasis on or off.
Mismatch colour — the CSS colour used for a flagged link (for example red, #cc0000 or rgb(200, 0, 0)). The default is red.
Match colour — the colour of the revealed URL on honest (non-mismatch) links (for example green or #0a0). The default is green.
Only annotate mismatching links — leave honest links untouched.
Ignore these hosts — a list of hostnames to skip entirely, one per line. Sub-domains of a listed host are skipped too.
Maximum displayed URL length — long URLs are truncated past this many characters, keeping the host visible. Allowed range: 20 to 2000.
Revealed URL font size / weight and Warning badge font size / weight — optional typography overrides; leave blank to keep the defaults.

Apart from the master Enable switch and the Active sites controls (which apply immediately), changes are saved with the Save settings button.

The lower settings: the 'Ignore these hosts' list, the maximum displayed URL length, and the optional revealed-URL and warning-badge font size and weight fields, above the 'Save settings' button.

Active sites — adding your own webmail

The Active sites section, at the top of the settings page, lists the pages Reveal URLs runs on and the container that holds each message body.

The top of the settings page: the 'Enable Reveal URLs' master switch and the 'Active sites' list, each built-in provider showing its match pattern, an 'Enabled' toggle, a 'Sub-frames' toggle and its message-body selector.

Each row shows:

the site's match pattern (for example https://mail.example.com/*);
an Enabled toggle;
the message-body selector (the CSS selector for the container Reveal URLs annotates), which you can edit;
a Sub-frames toggle, for sites whose message body is rendered inside an iframe;
a Remove button (for your own sites only).

The built-in providers (Gmail, Outlook and Proton) can be toggled off and re-targeted, but they cannot be removed.

To add your own webmail site:

Under Add site, enter a Match URL — a match pattern such as https://mail.example.com/*.
Enter a Message-body selector — a CSS selector for the container that holds the message body, for example .message-body.
If the message body is rendered inside a sub-frame, tick Also run inside sub-frames.
Click Add site. Your browser will ask for permission to access that site; grant it. The site is only added once you grant the permission.

Changes here apply immediately. Removing a site you added also revokes its permission, so Reveal URLs stops accessing it.

Thunderbird (and other mail clients). Thunderbird already shows every message you read, whatever the provider, so it has no need for a per-host list. The Active sites section is therefore not shown on the Thunderbird settings page — only the master switch, display language, reveal mode, colours, fonts and the ignore-list appear. Any active-sites configuration you may have set in a browser is preserved untouched: saving the Thunderbird settings never clears it.

The Outlook and Gmail add-ons

Alongside the browser extension and the Thunderbird add-on, Reveal URLs comes as a native add-on for two mail apps a browser extension cannot reach: an Outlook add-in and a Gmail add-on. Both use the same link detection as the extension, so they reveal the same real destinations and flag the same look-alike hosts.

The one difference is how they show their findings. The browser extension annotates the links in place — colouring the URL above or beside each link. The Outlook and Gmail frameworks do not allow an add-on to change the rendered message, so instead each add-on shows a side panel (Outlook) or card (Gmail) listing the links it found. For each link it shows the visible text, the real destination and the registrable host, and it flags a mismatch when the visible text names a different registrable domain than the link actually points to.

Outlook add-in — a task pane that reads the message you have open and analyses it on your own device; no email or message data is sent anywhere. Its task-pane code (HTML, JavaScript, CSS and icons) is loaded from Codeberg Pages over HTTPS, as happens when you open any web page. It reaches Outlook on the web, Windows, Mac, iOS and Android, and Outlook.com.
Gmail add-on — a card in Gmail's sidebar. Open a message, then click the Reveal URLs icon in the right-hand sidebar to see its links: Gmail does not pop the card open by itself, but if you leave the panel open it refreshes as you move between messages. Each link's real destination is shown in green for an honest link and red for a look-alike. It reaches Gmail on the web, Android and iOS. Unlike the other forms, the Gmail add-on runs on Google's servers (this is how Gmail add-ons work): the message you open is read and checked there, each time you open it, and is not retained. See the privacy policy for what each form accesses and stores.

Both add-ons will be distributed through their app stores — the Outlook add-in via Microsoft AppSource, the Gmail add-on via the Google Workspace Marketplace. Publication is pending; direct install links will be added here once each listing is live.

Languages

Reveal URLs is available in English and ten more languages — Danish, German, Spanish, Finnish, French, Italian, Dutch, Norwegian, Polish and Swedish.

The settings page follows your browser's language automatically, falling back to English when your language is not one of the above. You can override it at any time with the Display language switcher near the top of the page; your choice is remembered on that device (see The settings page).
This website (the home page and these documentation pages) detects your browser's language too and offers a language switcher in the header. The manual and privacy pages are available translated; where a page has no translation yet, it is shown in English.

The non-English text is machine-translated and is pending human review, so a phrase may occasionally read awkwardly; the meaning is intended to match the English original. If you spot a mistranslation, please open an issue on the Codeberg issue tracker.

Privacy

Reveal URLs sends none of your email or message data to us or to any third party, in any of its forms — there is no analytics and no tracking. How and where the work happens depends on the form:

The browser extension and the Thunderbird add-on work entirely on your own device and transmit nothing: they read the link text, destinations and the page's colours as the page renders, never storing or sending them.
The Outlook add-in analyses the open message on your own device and sends no email or message data anywhere; its task-pane code (HTML, JavaScript, CSS and icons) is loaded from Codeberg Pages over HTTPS, as happens when you open any web page.
The Gmail add-on runs on Google's own servers (this is how Gmail add-ons work): the open message is read and checked there, each time you open it, and is not retained.

The only thing stored is your own settings (such as enabled/disabled, reveal mode, colours, font sizes, your ignore-list and any sites you have added), kept in your browser's, Outlook's or Google's per-user storage and never sent to us.

See the privacy policy for the full details.

Troubleshooting

A link is not being revealed.

Check that Reveal URLs is switched on — the toolbar icon must not show the OFF badge, and the Enable Reveal URLs switch on the settings page must be on.
Check that the site is covered. Built-in providers (Gmail, Outlook, Proton) work out of the box; any other webmail must be added under Active sites with its match URL and message-body selector.
Check the message-body selector. If it does not match the container that holds the message body, links inside that container will not be revealed.
Note that links to in-page anchors, and links using schemes other than http/https (such as mailto:), are deliberately skipped — as are hosts on your Ignore these hosts list.

A built-in provider stopped working after a redesign.

Webmail providers change their page markup from time to time. If a built-in provider's selector no longer matches after such a change, you can correct it yourself: in Active sites, edit that provider's message-body selector to the new container.

The tooltip URL is not showing.

In tooltip (title) mode the real URL is placed in the link's tooltip, so it only appears when you hover over the link. If you would rather see the URL without hovering, switch Reveal the URL to inline mode.

Licence and source

Reveal URLs is free software, licensed under the GNU Affero General Public License v3.0 (AGPL-3.0-only).

Source code: https://codeberg.org/Magentron/reveal-urls
Technical overview: Architecture
Further reading on link phishing: Email link phishing: your app should always show the URL