Runtime frontend security

Your frontend only runs when we say so.

TokenGuard issues temporary, domain-bound tokens. A 2KB loader validates every page load and decrypts the protected bundle at runtime — no token, no execution.

Start protecting Sign in

Token-gated execution

Frontend bundle stays encrypted until the loader proves possession of a valid, unexpired token.

Domain-bound

Tokens only authorize on the exact hostname you whitelist. Stolen tokens are useless elsewhere.

Single-session locks

Optionally consume the token on first init — second load is blocked.

Live audit log

Every validation — authorized or blocked — is recorded with masked IP, domain and verdict.

Drop-in loader

<!-- index.html on your client site -->
<div id="app"></div>
<script
  src="https://tokenguard.app/api/public/loader.js"
  data-token="tg_xxxxxxxx_yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
  data-mount="#app"
></script>