Browser extensions
The PanDev Metrics browser extension records which web tools your developers use (domain + page title + time) so that hours spent on documentation, dashboards, and AI assistants are reflected in PanDev Metrics alongside IDE and Git data.
The extension is a thin client that watches active tabs and emits browser events to the PanDev Metrics server. Page content, form values, screenshots, and DOM contents are never captured.
At a glance
| Property | Value |
|---|---|
| Purpose | Track time spent in web tools |
| Captured | Domain, page title, time on page |
| Not captured | Page content, form data, screenshots, DOM |
| Whitelist | Set by the organisation (admin) |
| Blacklist | Set by each user for themselves |
| Backend endpoint | /v1/browser-events |
| Configuration UI | Settings → Browser Settings |
Supported browsers
PanDev Metrics ships extensions for 10 browsers. Chromium-based browsers install from the Chrome Web Store; Firefox installs from Firefox Add-ons.
| Browser | Store | Installation guide |
|---|---|---|
| Google Chrome | Chrome Web Store | Chrome |
| Mozilla Firefox | Firefox Add-ons | Firefox |
| Microsoft Edge | Chrome Web Store | Edge |
| Yandex Browser | Chrome Web Store | Yandex |
| Opera | Chrome Web Store | Opera |
| Arc | Chrome Web Store | Arc |
| Brave | Chrome Web Store | Brave |
| Sidekick | Chrome Web Store | Sidekick |
| Vivaldi | Chrome Web Store | Vivaldi |
| Whale (Naver) | Chrome Web Store | Whale |
The same extension build runs in every Chromium-derived browser. Firefox uses a sibling build.
Tracking model
PanDev Metrics uses a two-layer filter: the organisation defines what can be tracked, then each user can subtract from that.
Whitelist (organisation-level)
The whitelist is configured by an administrator in Settings → Browser Settings. It lists the domains and categories that the organisation cares about — typically documentation sites, internal tools, code hosts, AI assistants, project trackers.
- Domains not on the whitelist are ignored entirely. Nothing is sent to the server for them.
- Whitelist changes apply to every developer in the tenant.
- Typical entries:
github.com,gitlab.com,*.atlassian.net,stackoverflow.com,chat.openai.com, internal*.company.local.
Blacklist (user-level)
The blacklist is each developer's personal exclusion list, configured in the extension popup. It runs after the organisation whitelist.
- Domains the user blacklists are dropped before any event leaves the browser.
- Useful for excluding personal email, banking, healthcare, or any site the user prefers to keep out of work metrics.
- Blacklists are stored locally in the extension and are not visible to the administrator.
visit URL
→ matches whitelist?
no → drop (nothing leaves the browser)
yes → matches user blacklist?
yes → drop
no → send to /v1/browser-events
What gets captured
Each event sent to /v1/browser-events contains:
| Field | Example | Notes |
|---|---|---|
| Domain | github.com | The hostname of the active tab |
| Page title | Pull Request #1234 · org/repo | Tab title at moment of event |
| Timestamp | 2026-05-13T14:21:08Z | Time the event was generated |
| Time on page | 42 (seconds) | Active time on this tab |
| User | PanDev Metrics login | Linked to your account |
What is NOT captured
By design, the extension cannot send:
- Page content (HTML, text, images)
- Form data (search inputs, passwords, messages)
- Screenshots or DOM snapshots
- URLs beyond the hostname — query strings and paths are not transmitted by default
- Cookies or local storage
How it fits the time model
Browser events count toward active developer time using the same 15-minute gap rule as the IDE and CLI plugins. Time spent on whitelisted domains is summed with IDE and terminal time to produce active hours, time-on-task, and DORA inputs.
Authentication
The extension uses a PanDev Metrics user account — the same login as the web UI. After installing the extension, click its icon in the toolbar and enter:
| Parameter | Value |
|---|---|
| Server URL | https://metrics-cloud.pandev.io (Cloud) or your on-prem URL |
| Company Login | Tenant identifier (corporate SaaS only — leave empty for personal Cloud or on-prem) |
| Login | Your email or username |
| Password | Your password |
Configuration in the UI
The whitelist, category mappings, and per-tenant browser extension settings live in:
Settings → Browser Settings
Admins can also see which developers have an active browser extension and the timestamp of the last event per developer.
Privacy
The privacy guarantee for the browser plugin is built on three rules:
- Whitelist-first. Nothing is sent for domains the organisation has not opted into.
- No content. The extension reads only
window.location.hostnameanddocument.title. It does not read page bodies. - User veto. Any developer can blacklist any domain locally — overriding the organisation whitelist for their own browser.
For deeper questions about what reaches the server, contact your PanDev Metrics administrator.
FAQ
Do I need to install the extension on every browser I use?
Yes. Each browser keeps extensions isolated, so the plugin must be installed in each one separately. Reuse the same PanDev login across all of them.
Does the extension track incognito / private browsing?
No. Chromium-based browsers disable extensions in incognito mode by default. The same holds for Firefox private windows. You can opt in manually per-browser if you want incognito coverage.
Will the extension slow down my browser?
No. Events are lightweight (a few hundred bytes), batched, and sent in the background. There is no DOM scraping or content analysis.
What happens if I'm offline?
Events queue locally in the extension and flush when connectivity returns. Timestamps are preserved.
Can I see what data the extension sends?
Yes. Open the browser's developer tools → Network tab, filter by browser-events. Each request shows exactly which domain, title, and duration are being sent.
Does it support Chromium forks not listed above?
Most Chromium forks accept Chrome Web Store extensions. The 10 browsers above are officially tested; others typically work but are not part of QA.