Browser Extension · Step 1 of 7

Prerequisites

The Quilr browser extension covers the Chromium browsers (Chrome, Edge) and Safari that the Endpoint Agent excludes by design. Before deploying, understand its two-component architecture and gather the tenant-specific artifacts.

Browsers Chrome · Edge · Safari (macOS) Extension ID piajhjohgigijkddhdpgbjdcfhmammbk Gate Do not proceed until complete

1 · Understand the two-component model

The Quilr browser extension is not a stand-alone WebExtension. It has two parts that must both be present:

🧩

WebExtension

Runs inside Chrome / Edge / Safari. Intercepts AI prompts and uploads at the page level.

⚙️

Native messaging agent

Installed by MSI (Windows) or pkg (macOS). The extension talks to it via the browser Native Messaging API.

⛔

The installer is mandatory Without the native agent, the extension is non-functional. Every deployment must include the pkg/MSI — the native agent then handles WebExtension installation into the browsers automatically.

2 · What you need

Target device must be enrolled in MDM (Intune, Jamf, Kandji, ManageEngine…) or domain-joined to Active Directory. The Quilr extension is distributed off-store (not in the Chrome Web Store / Edge Add-ons), so Chrome and Edge block it from loading unless an ExtensionInstallForcelist / ExtensionSettings policy whitelists the Quilr extension ID (piajhjohgigijkddhdpgbjdcfhmammbk) — and that policy can only be pushed to a centrally managed device.
Tenant ID from support@quilr.ai — used as TENANT=<TENANT-ID> (MSI) and as a URL path segment (macOS pkg).
Access to the Quilr console at https://app.quilr.ai/ → Settings → Browser Extension → Deployment.
Admin rights on the target device and your MDM platform.
Network reachability to quilr-extensions.quilr.ai (validated in Step 2).

3 · Deployment artifacts

Platform	Artifacts	Source
macOS	Tenant pkg + tenant `.mobileconfig` + shared File-Access `.mobileconfig`	Tenant URL · Quilr console · public URL
Windows	`Quilr.msi`	`https://quilr-extensions.quilr.ai/Quilr.msi`

4 · Key configuration values

Extension ID	`piajhjohgigijkddhdpgbjdcfhmammbk`
Update manifest	`https://quilr-extensions.quilr.ai/<TENANT-ID>/manifest.xml`
macOS pkg URL	`https://quilr-extensions.quilr.ai/<TENANT-ID>/browser-util/quilr-installer-mac.pkg`
File-Access mobileconfig	`https://quilr-extensions.quilr.ai/browser-agent/prod/mac/quilr_browser_util_Files_Access.mobileconfig`
Windows MSI	`https://quilr-extensions.quilr.ai/Quilr.msi`

5 · Network allow-list

Endpoints must reach the Quilr backplane on TCP 443 (outbound HTTPS).
TLS-intercepting proxies (Zscaler, Netskope, Symantec, Forcepoint, iboss) must SSL-bypass every Quilr host below — otherwise the proxy re-signs the certificate and the extension’s update fetch / native-agent backplane calls fail.

Shared hosts — all environments (TCP/443)

Host	Purpose
`quilr-extensions.quilr.ai`	Extension CDN — MSI / pkg / `vanguard.crx` / update manifest / mobileconfig
`discover.quilrai.dev`	Tenant discovery (native messaging agent)
`log.quilrai.dev`	Diagnostic logs (native messaging agent)

Tenant-specific base & DLP hosts

The host pair below depends on which Quilr environment your tenant lives in — the row matching the Environment selector in the top bar is the one you need.

Environment	Base URL	DLP Host	Auth URL
Quartz	`https://quartz.quilr.ai`	`https://dlpone.quilr.ai`	`https://trust.quilr.ai`
Secure	`https://secure.quilr.ai`	`https://dlpone.quilr.ai`	`https://secure.quilr.ai`
US POC	`https://app.quilr.ai`	`https://dlpone.quilr.ai`	`https://auth-extension.quilr.ai`
IND POC	`https://platform.quilr.ai`	`https://dlp-platform.quilr.ai`	`https://auth-platform.quilr.ai`
US Prod	`https://app.quilrai.com`	`https://dlpone.quilrai.com`	`https://app.quilrai.com`
IND Prod	`https://platform.quilrai.com`	`https://dlp-platform.quilrai.com`	`https://platform.quilrai.com`
JP POC	`https://app-jp.quilr.ai`	`https://dlpone-jp-1.quilr.ai`	`https://app-jp.quilr.ai`
UAE POC	`https://trust.quilr.ai`	`https://dlp-platform.quilr.ai`	`https://trust.quilr.ai`

🌐

Environment-specific CDNs Some environments need an extra CDN host: quilr-extensions.quilrai.com (for IND Prod and US Prod) and quilr-hub.quilr.ai (for Secure).

URLs to allow for the selected environment

Allow every host below outbound on TCP 443, and SSL-bypass them on any TLS-intercepting proxy. The tenant base & DLP hosts update automatically with the Environment selector in the top bar.

TCP/443 allow-list

# Shared — all environments
quilr-extensions.quilr.ai
discover.quilrai.dev
log.quilrai.dev

# Tenant base + DLP + Auth — selected environment
app.quilr.ai
dlpone.quilr.ai
auth-extension.quilr.ai

6 · MDM browser policy — optional

MDM browser policies (ExtensionSettings / ExtensionInstallForcelist) are only needed if your organization already centrally manages browser extensions and wants to enforce Quilr through that channel (toolbar pinning, preventing removal). The MSI/pkg alone is sufficient without existing MDM extension management.

✅

Exit criteria for Step 1 Tenant ID in hand · artifacts located for your platform · you understand both components must be installed. Next, confirm the CDN and tenant manifest are reachable in Step 2.

←BackOverview Step 1 of 7 NextPrerequisites Validation→