Software IP Protection Platform
Your Code, Locked.
Your Revenue, Protected.
App Copy Guardian is the definitive four-layer protection and publishing platform for HTML+JavaScript applications. From basic obfuscation to Cloudflare-powered server-side license gating, through to one-click deployment on Google Play, Apple App Store, and Microsoft Store — it turns your vulnerable web app into an impenetrable commercial product, without writing a single line of infrastructure code.
The Problem
Every HTML App You Ship
Is Readable Source Code.
Anyone who opens your page can press Ctrl+U and read your entire application — your business logic, your algorithms, your proprietary methods. They can copy it, modify it, host it on their own server, and monetise it without paying you a penny. App Copy Guardian closes that gap permanently.
Exposed Source Code
Plain HTML+JavaScript is inherently readable. Every visitor can open DevTools, view page source, or use the Network tab to extract your complete application code in seconds. Your competitive advantage is a single keystroke away from any rival.
No Access Control
Without server-side license validation, you cannot restrict who uses your app. Sharing a single purchased link allows unlimited users. Subscription cancellations don't terminate access. Your licensing model leaks revenue at every seam.
Distribution Ceiling
Web-only distribution means no app store visibility, no platform discoverability, no push notifications, no offline capability. Competitors with store-listed apps command higher trust signals, better conversion rates, and recurring billing relationships you can't access.
Protection Architecture
Four Layers.
Each Stronger Than the Last.
Stack the layers for compounding defence. Use the Cloudflare Way alone for professional-grade protection at zero server cost. Combine all four for impenetrable commercial-grade security that rivals signed native binaries.
| # | Method | Strength | What It Stops |
|---|---|---|---|
| 1 | Traditional Obfuscation | Basic | Casual copy-paste. Minifies, renames variables, encrypts strings. Deters non-technical copying. |
| 2 | Server Split | Moderate | Page-source inspection. Actual app code lives on a separate server, fetched via obfuscated URL on demand. |
| 3 | Cloudflare Way | Strong | Unauthorised access. A Cloudflare Worker validates license keys server-side before delivering a single byte of your application. |
| 4 | Store Distribution | Strongest | Casual redistribution entirely. Signed app-store binaries require criminal-level reverse engineering. Maximum deterrence. |
Recommended combination: Methods 3 + 4 together. The Cloudflare Way generates everything you need for both the website deployment and the app store submissions in a single click — one license-key system across every distribution channel.
Runtime Security
Browser-Level Defences
Beyond code protection, App Copy Guardian deploys runtime shields directly inside the user's browser session.
Domain Lock
Your app refuses to execute unless it is served from your whitelisted domain. Even if someone extracts the obfuscated bundle, it will not run anywhere else — not on localhost, not on a rival's server, not in an iframe on a competitor's site.
Anti-DevTools Detection
Monitors for open browser developer tools and responds with configurable behaviour: blank page, automatic reload, or custom response. Makes live reverse-engineering sessions orders of magnitude harder for attackers.
Console Silencing
Overrides console.log, console.warn, console.error and all debug output so your application's runtime behaviour stays completely invisible to anyone monitoring the console during inspection attempts.
Expiration Control
Set a hard expiry date on any deployed app. After that date, the application silently stops working — no error, no warning to reverse-engineer around. Ideal for trial versions, time-limited demos, and seasonal deployments.
Anti-Copy & Anti-Frame
Disables right-click context menus, text selection copying, and iframe embedding. Prevents the simplest content-extraction attacks and ensures your app cannot be silently framed inside another site to harvest its output.
CSP Header Generation
Auto-generates a production-ready Content Security Policy header definition on every build — ready to paste into your web server or Cloudflare Worker configuration. Prevents XSS attacks and unauthorised resource injection.
Flagship Feature
The Cloudflare Way
Server-side license validation at the edge. Your app is wrapped inside a Cloudflare Worker that validates license keys before delivering a single byte of code — at zero infrastructure cost for most deployments.
Edge Performance
Cloudflare operates data centres in every major city on earth. Your app loads from the nearest node — typically within 50 km of each visitor. Blazing performance, automatic DDoS protection, and zero server management. The free tier covers up to 100,000 requests per day, sufficient for most commercial deployments.
License Key Engine
Generate up to 10,000 license keys per batch in BRAND-XXXX-0000-XXXX-0000 format. Keys are baked into the Worker on Cloudflare's infrastructure — never exposed in any file on disk. Each valid key sets a browser session cookie for your configured duration. Invalid keys receive rate-limited rejection after 10 failed attempts.
One-Click Package Generation
A single click on "Generate Cloudflare Package" produces the complete deployment bundle: Worker source code (index.js), wrangler.toml configuration, package.json, INSTRUCTIONS.TXT, licenses.txt, and all PWA assets. You run three npm commands and your app is live on a workers.dev subdomain or your own custom domain.
10-Second Updates
When you update your HTML application, re-run the Protector and redeploy with a single command: npx wrangler deploy. Your update is propagated to every Cloudflare edge node within approximately 10 seconds. All existing customer license keys continue working seamlessly — no redistribution required.
Deployment in 3 Commands
From Protected File to Live App
in Under 5 Minutes
Configure Tab 9 — Cloudflare Way
Set your Worker name, generate your license key batch, choose security features (rate limiting, HSTS, CSP, Base64 payload encoding), and optionally enable PWA, TWA, and Capacitor store project emission. Click "Generate Cloudflare Package".
npm install && npx wrangler login
Open a terminal in the generated cloudflare-way folder. Run npm install to pull the Wrangler CLI, then npx wrangler login to authenticate with your Cloudflare account. A browser window opens — click Allow. This is a one-time setup that takes under two minutes.
npx wrangler deploy — Your App Is Live
Wrangler uploads your Worker and activates it. After 5–15 seconds you receive your live URL: https://your-app-name.your-account.workers.dev. Paste it into any browser. Your license login screen appears. Enter a key from licenses.txt. Your application loads — fully protected, fully licensed, running at edge speed worldwide.
Store Distribution — v3.4.0
One App. Four Storefronts.
Version 3.4.0 introduced complete one-click app store project generation. Your Cloudflare Worker URL becomes the backend for native-feeling store listings across every major platform — all from a single source HTML file.
Google Play (TWA)
Generates a complete Trusted Web Activity project with Bubblewrap configuration, keystore instructions, digital asset links for seamless full-screen launch (no Chrome address bar), and a Play Console submission guide with reviewer credentials file. Your Cloudflare URL becomes a legitimate native Android app binary (.aab).
Apple App Store (Capacitor)
Produces a native Swift shell project designed to satisfy Apple Review Rule 4.2 (Minimum Functionality) — the most common rejection reason for web-wrapped iOS apps. Includes Face ID support, push notification hooks, offline detection, and the exact App Store Connect reviewer credentials configuration to pass review.
Microsoft Store (PWABuilder)
Generates a complete PWABuilder configuration for Microsoft Store submission. Includes all required manifest fields, icon assets, and Partner Center configuration. Your app appears in Windows Search, can be pinned to the taskbar, and is distributed through Microsoft's trusted store ecosystem to hundreds of millions of Windows users.
ChatGPT / OpenAI GPT Store
Generates the OpenAI plugin manifest and GPT Store configuration in a single click. Your protected HTML application becomes a custom GPT tool accessible to millions of ChatGPT users. Plugin name, description, API endpoint, and authentication type are configured automatically from your Tab 9 settings.
Progressive Web App (PWA)
Every Cloudflare package automatically includes manifest.json, service worker (sw.js), 192×192 and 512×512 icons, offline fallback page, and install prompt HTML. Users can install your app directly from the browser to their home screen on Android, iOS (via Safari), and any desktop browser — before you need the app stores at all.
Reviewer Demo Keys
App and Play Store submissions require working credentials for human reviewers. Enable "Generate reviewer demo key" in Tab 9 to create a REVIEW-DEMO-* license key written separately to reviewer-credentials.txt. Paste it into App Store Connect and Google Play Console submission forms. After approval, regenerate without the reviewer key to invalidate it.
Platform Architecture
Nine Specialised Tabs.
One Unified Workflow.
App Copy Guardian's interface is organised into nine purpose-built tabs — each governing a distinct stage of the protection and publishing pipeline. From raw input to live store submission, every step is in one place.
Tab 1 — Input
Single-file or multi-file project mode. Pick one HTML file or an entire project folder. The Protector inlines external CSS and JS automatically, processes every HTML and JS file in multi-file mode, and copies static assets unchanged. Output is auto-named with a timestamp.
Tab 2 — Protection Level
Four presets: Minimal (whitespace minification only), Light (variable renaming — recommended default), Standard (string encryption + control-flow flattening, 30–50% size increase), and Heavy (debugger traps + self-defending code, near-impossible to read, file size doubles).
Tab 3 — Server Split
Splits your app into a tiny public frontend loader and a backend JS bundle hosted on a separate server. The loader fetches the backend through an obfuscated URL. Simpler than Cloudflare Way, free, and effective for hiding code without license gating. Can be combined with Tabs 2 and 9 for triple-layer defence.
Tab 4 — Runtime Security
Configure all browser-level defences: domain lock (whitelisted domains), anti-DevTools detection (with response mode selector), console override, anti-copy, anti-right-click, anti-iframe, expiration date. Each is independently toggleable.
Tab 5 — Build Options
Configure output artefacts: ZIP archive (single file for easy upload), README protection report (human-readable summary of applied protections), CSP header definition (ready to paste into your web server config or Cloudflare Worker). All are independently toggleable.
Tab 6 — PWA & Store Targets
Sub-tab A: PWA metadata (app name, short name, description, theme colour, icons, display mode, orientation, categories, keywords). Sub-tab B: per-store configuration for Android, iOS, Microsoft, and monetisation model with live policy warnings. Sub-tab C: ChatGPT plugin configuration.
Tab 7 — Electron Desktop
Builds a standalone desktop application (Windows .exe, macOS .app, Linux .AppImage) wrapping your HTML app. Ideal for selling offline desktop software directly from your website outside any app store — no Google Play commission, no Apple 30%, no Microsoft cut.
Tab 8 — Documentation
The complete user guide embedded in the application for offline reference. Section-level navigation, step-by-step instructions for every workflow, troubleshooting common problems, and a glossary of technical terms — accessible without internet connection at any point in your workflow.
Tab 9 — Cloudflare Way
The flagship tab. Worker name, custom domain, session duration, license key batch generation (up to 10,000 keys), expiration dates, reviewer demo key, security features (rate limiting, HTTP-only cookies, HSTS, CSP), Base64 payload encoding, and store integration emission — all in one place. One click generates the complete deployment package.
Who It Serves
Built for Builders
Who Sell What They Build
Independent Developers
You built a powerful HTML tool — a calculator, a business workflow, a game, a niche data processor — and you want to sell it. App Copy Guardian turns your HTML file into a licensed commercial product with a login screen, key management, and app store distribution in an afternoon, not a month.
Software Businesses
Existing SaaS companies with web-based tools that need stronger IP protection and new distribution channels. Whether you're protecting a proprietary algorithm, a licensed training module, or a commercial analytics dashboard, App Copy Guardian adds Cloudflare-grade enforcement without touching your backend architecture.
Course & Content Creators
Interactive course materials, assessments, and learning tools built in HTML that need access control and distribution through app stores. The Cloudflare Way's license key system is perfectly suited to membership and course-access models — deliver one key per enrolled student, revoke on chargeback, expire at course end.
Clinical & Professional Tool Vendors
Healthcare, legal, and financial tools built in web technology that require controlled distribution and access management. The institution licensing tier supports batch key issuance for professional organisations, with domain-lock ensuring tools run only within approved practice environments.
HTML5 Game Developers
Browser games and interactive entertainment apps that need monetisation beyond ad-supported free play. License-gate premium content, bundle through the Play Store and App Store for platform credibility, and use domain-lock to prevent unauthorised embedding on aggregator sites that harvest your audience without revenue share.
Research & Analytics Platforms
Proprietary research tools and analytical interfaces that represent years of intellectual investment. The Heavy obfuscation tier plus Cloudflare Way creates a defence-in-depth stack that deters even technically sophisticated extraction attempts — protecting the algorithms and methodologies that differentiate your research offering.
Licensing & Access
Ready to Protect
Your Application?
App Copy Guardian is available on our standard subscription licensing model — Professional, Institution, and Enterprise tiers. Contact us to discuss your application type, volume requirements, and the right protection configuration for your deployment.