The WhiteHat Aviator Web Browser

Security | Privacy | Speed

With every website you visit, you’re vulnerable to malicious hackers out to steal your surfing history, passwords, email access, bank account numbers, medical info, and more. And the “big browsers” don’t do enough to stop it.

But now you can protect yourself before you go on the Web – with WhiteHat Aviator, the Web’s most secure and private browser. With WhiteHat Aviator, you get the industry’s best and tightest security and privacy safeguards – all built-in, all activated, all ready-to-go.

Protect yourself before you go on the Web:

WhiteHat Aviator is the best and easiest way to bank, shop, browse, and use social networks while stopping viruses, advertisers, hackers, and cyber-crooks.


The WhiteHat Aviator Advantage

  • Go with a more complete solution. Make the most of a fully featured, modern, standards-compliant Web browser with complete private browsing. It also supports tens of thousands of extensions.
  • Use proven, open-source Chromium code. This is the same stable code base that Google uses—so you can add in any Chrome extension to WhiteHat Aviator.
  • Take off with pre-set security. Just open WhiteHat Aviator for the best privacy and security safeguards—already preconfigured and active. Security is enabled by default.
  • Eliminate hidden tracking. Block privacy-destroying tracking from advertisers and social media companies using the Disconnect extension. No advertiser cookies, no caches, no problem.
  • Say goodbye to advertising . Unlike the big corporate browsers, we’re not partnering with advertisers or selling your click data.
  • Prevent unwanted access. Block internal address space to prevent malicious Web pages from hitting your websites, routers, and firewalls.

WhiteHat Security Labs

The Makers of WhiteHat Aviator

Our business is identifying website threats and vulnerabilities. Yet our security engineers were stuck using the same commercial browsers available to consumers—developed by browser vendors whose business interests are misaligned with the people they serve. That’s why we created a browser that meets our own security and privacy needs. After identifying the features that were absolutely critical to ensure privacy and facilitate our extensive security testing, we built WhiteHat Aviator—the most secure and private Web browser available. Now, you can take advantage of WhiteHat Aviator—absolutely free. Because everyone needs a Web browser that’s fast, reliable, and, above all, secure.

WhiteHat Aviator is the first consumer application from WhiteHat Security Labs (WHSL), the research arm of WhiteHat Security, Inc. WHSL is home to dozens of top security experts and leading authorities on network privacy, intrusions, hacking, and cybercrime. They’ve worked to identify security and privacy problems since the dawn of the Web

Leading luminaries such as Jeremiah Grossman, Robert Hansen, Jim Manico, Jerry Hoff, and Matt Johansen have travelled the world to raise awareness about the serious risks of modern browsers. Unfortunately, year after year, more dangerous and systemic issues are uncovered and many of the existing ones remain unaddressed. Those developers call the flaws "unfixable" or "by design.” We disagree. Try WhiteHat Aviator and see the difference for yourself.


WhiteHat Aviator currently supports Windows (Versions 8.1, 8, 7, Vista, 2000, NT, XP and 98) and the Apple (Mactel versions - OSX) operating systems.

To ask questions, leave comments, or initiate a support request, complete the following form or contact us: 


System requirements:


What is WhiteHat Aviator?

WhiteHat Aviator; is the most secure , most private Web browser available anywhere. By default, it provides an easy way to bank, shop, and use social networks while stopping viruses from infecting computers, preventing accounts from being hacked, and blocking advertisers from invisibly spying on every click.

Why do I need a secure Web browser?

According to CA Technologies, 84 percent of hacker attacks in 2009 took advantage of vulnerabilities in Web browsers. Similarly, Symantec found that four of the top five vulnerabilities being exploited were client-side vulnerabilities that were frequently targeted by Web-based attacks.

The fact is, that when you visit any website you run the risk of having your surfing history, passwords, real name, workplace, home address, phone number, email, gender, political affiliation, sexual preferences, income bracket, education level, and medical history stolen – and your computer infected with viruses. Sadly, this happens on millions of websites every day. Before you have any chance at protecting yourself, other browsers force you to follow complicated how-to guides, modify settings that only serve advertising empires and install obscure third-party software.

What makes WhiteHat Aviator so secure?

WhiteHat Aviator; is built on Chromium, the same open-source foundation used by Google Chrome. Chromium has several unique, powerful security features. One is a "sandbox" that prevents websites from stealing files off your computer or infecting it with viruses.

As good as Chromium is, we went much further to create the safest online experience possible.

WhiteHat Aviator comes ready-to-go with hardened security and privacy settings, giving hackers less to work with. And our browser downloads to you – without any hidden user-tracking functionality. Our default search engine is DuckDuckGo – not Google, which logs your activity. For good measure, Aviator integrates Disconnect – a crucial extension that blocks advertisements and much of the privacy-destroying tracking used across the Internet.

WhiteHat Aviator is the only browser that is immediately ready and preconfigured with activated defenses against the most dangerous hacker attacks using technology that blocks unwanted ads, pop-ups, and spyware.

What about Chrome, Firefox, Internet Explorer, and Safari? Aren't they secure?

Not really. While the browser vendors behind these products have been making steady security and privacy improvements to their products, they haven't gone nearly far enough to address a number of serious gaps. This will continue to be the case because current mainstream Web browsers are first and foremost inherently designed for usability and advertising delivery. Personal security and privacy have been lesser considerations, and an effective alternative hasn't been available.

Google (Chrome) and Microsoft (Internet Explorer) derive significant revenue from online advertising. Unfortunately, that online advertising is highly invasive because it essentially tracks you across the Internet. Even Mozilla (Firefox) receives the vast majority of its revenue from advertising (via Google). Implementing truly effective security and privacy would negatively impact their businesses.

Don’t just take our word for it, though. In the past, The Wall Street Journal and the US Federal Trade Commission have chastised Microsoft’s Internet Explorer and Mozilla’s Firefox for these characteristics.

And that’s also why users must affirmatively opt into new browser security and privacy enhancements. You get no meaningful way to defend yourself without significant effort and expertise.

Why is WhiteHat Security different from the other guys?

WhiteHat Security has a different vision and mission.

We’re not in the business of advertising or spying on users in order to sell their data. We pledge to not sell your data or monetize your information.

Since our founding in 2001, WhiteHat Security's sole mission has been to help people and companies conduct business on the Web safely and securely. We've helped protect hundreds of the largest corporations in the world and received many awards for our groundbreaking work. We are widely recognized as a leader in Internet security. We believe everybody deserves a safe and secure online experience.

What is malvertising and why should I be concerned?

Malicious advertising (or “malvertising”) means online ads that infect your computer with viruses when you view the ads in a Web browser. Once your computer is infected, cybercriminals can silently watch everything you do from anywhere in the world. They'll patiently wait to steal money right out of your online bank accounts, steal your personal files for ransom, and use your computer to hack others. Before being acquired by Google, Dasient (a firm specializing in malvertisements) said, "The probability that an average Internet user will hit an infected page after three months of Web browsing is 95 percent."

Previously, only “sketchy” websites contained virus-laced ads. Today, millions of malvertisements are served up daily, even on top websites like Google, Facebook,,, the London Stock Exchange, TechCrunch, and thousands of others.

How does WhiteHat Aviator protect me from malvertising?

WhiteHat Aviator; is the only Web browser that blocks advertisements by default – including those that may be dangerous. Preventing malvertisements from automatically downloading dramatically improves your security.

WhiteHat Aviator also includes online scam and virus protection that warns you if a Web page you are about to visit is known to be fraudulent or harmful to your computer. Further, WhiteHat Aviator automatically updates to ensure your defenses are always cutting edge. And if WhiteHat Aviator comes across a malvertisement, our high-security "sandbox" keeps that code contained and unable to infect your computer.

I have anti-virus software, do I still need WhiteHat Aviator?

Absolutely. Casual surfing is the primary way computers become infected with viruses. Unfortunately, antivirus software only addresses a tiny part of the larger virus problem (and even then, not very well). Cyveillance, a leading malware intelligence company, tested the effectiveness of leading anti-virus products and found that anti-virus products are at best 30-40 percent effective.

WhiteHat Aviator; assumes you will eventually encounter viruses and is specifically designed to defend against them. If and when your antivirus software eventually misses something, your Web browser and personal information will still be protected.

I have a firewall, do I still need WhiteHat Aviator?

Definitely. Firewalls do not protect Web browsers.

A firewall is a lot like a lock on the front door of your home. It helps prevent intruders from breaking in. But the moment you unlock the door and someone enters (or when you surf the Internet and view a Web page), all of that protection is gone. To guard against online dangers – including viruses – a Web browser must be able to effectively defend itself – and that’s what WhiteHat Aviator does.

How does online tracking work?

Online tracking is incredibly common. A study by The Wall Street Journal found that 131 companies installed tracking tools in browsers visiting the top 50 U.S. websites. While mainstream browser vendors also track their users, the usual way companies track you online is via website advertisements.

When you view an advertisement, a unique identifier, usually referred to as a cookie, is silently placed on your computer in any of a dozen different ways. Since these tracking ads are spread far and wide across the Internet, advertisers can learn where you go, what you looked at, and what you searched for to build a highly detailed profile of you.

For example, they might learn you live in California, make more than $50,000 annually, are between the ages of 35-50, enjoy “Dancing with the Stars,” and recently applied for a credit card. Given a choice, you may not want to disclose all of that information. And it's not just advertisements that can perform this profiling. Traffic counters, maps, "Like" buttons, and other tools and features track your behavior - in many cases without you ever knowing or assenting.

Why should I be concerned about my online privacy?

Online tracking lets advertisers show you highly targeted ads. Some people find this useful. Others find the practice a little creepy, which is understandable when the details of your family, health status, personal relationships, and occupation are part of a hidden personal record. A poll by Gallup and USA Today found that 67 percent of those surveyed don't think advertisers should be allowed to match ads to specific interests based on websites they have visited.

The alarming possibility is that your name, address, email, and other personal details could be used to discriminate against you or be subject to a subpoena without any guarantee that the data is correct. You could be unfairly denied credit, health insurance, a job offer, and so on.

WhiteHat believes no website should know who you are or what you do, or sell your personal information unless you approve.

How does WhiteHat Aviator protect my online privacy?

If you carefully avoid providing any personal data to any website, it is technically possible to stop anyone from profiling you. But what sounds easy in theory is difficult in practice.

Without WhiteHat Aviator, you’d need to install special add-on software, update a dozen or more hidden browser preferences, periodically clear out your cookies (including stubborn Adobe Flash cookies), opt out of online tracking at dozens of different locations, remember to activate "private browsing mode," and so on. Keeping this regimen going is nearly impossible and prone to errors unless you are very tech-savvy.

WhiteHat Aviator makes it easy. We protect your privacy by launching directly into private browsing mode, blocking ads and other tracking mechanisms, disallowing third-party cookies, and cleaning your system when you exit. There is no need to constantly make it your mission to keep from being invisibly tracked and spied on. Of course, sometimes it’s legitimately helpful for you to provide a site with personal information in exchange for accessing a website, receiving a discount, or getting some information. We believe you deserve the freedom of privacy and choice, rather than having the decision made for you in secret. With WhiteHat Aviator, you have the choice.

Can't I just "Opt-Out" of tracking?

It’s possible – but extremely difficult and time-consuming. Various advertisers and industry associations have websites for people to opt-out of tracking. It’s your job, of course, to find them – and there can be hundreds – register, and, ironically, accept cookies that signal to advertisers that you don't want to be tracked. Practically speaking, this is impossible and a flawed model.

The good news: The National Advertising Initiative and other associations have made it easier to opt-out. The bad news: More than half of their members define “opt out of tracking” as merely “opt out of targeted ads,” so they still track you. Adding insult to injury, if you ever delete your Web browser cookies to protect your privacy, the special opt-out cookies are also deleted, so you must start the process all over.

As The Wall Street Journal reported, "Eleven of the nation's largest website operators defended their privacy practices to lawmakers, saying it is impossible for them to monitor all the tracking technologies their sites install on visitors' computers."

The answer to protecting personal privacy is to make it technically infeasible for online identity and behavior information to be revealed unless the individual allows it. WhiteHat Aviator makes this a reality.

What about the US Federal Trade Commission's Do-Not-Track proposal?

The theory behind Do-Not-Track is very similar to how opt-out cookies work, only you don't have to register with the tracking companies first. With every website visit, your browser signals to advertisers that you do not want to be tracked. But there’s no guarantee those advertisers will agree. Do-Not-Track is not enforced under any law or technology. Nothing compels advertisers to support the Do-Not-Track proposal. Also, for obvious reasons, many advertisers have voiced their displeasure. Technology to prevent unwanted tracking is really the only way to protect people online.

Does Google Support Do-Not-Track?

While many browsers support Do-Not-Track, they rarely turn it on by default, and the option is often hidden deep in the advanced settings. Google Chrome, for instance, buries the Do-Not-Track option and states clearly on its website that it doesn’t support the initiative. Why does Google's website refuse to support a privacy option its own browser has built into it? The answer is clear: Your privacy is at odds with Google's business model.

Won't ad blocking hurt free websites?

This is a common concern about ad-blocking technology, but profits and online privacy needn’t be mutually exclusive. Some people want to see ads, others do not. In either case, the goal should be to provide choice. We’re all sick of banners with pictures of scantily clad women and trumpeting "sexy singles in your area" tied to your IP location. At best, these ads are annoying and offensive -- especially for children. At worst, with malvertising, they can be dangerous.

Advertising is synonymous with personal tracking. According to the Interactive Advertising Bureau (IAB), more than 80 percent of advertising campaigns involve some form of tracking. No matter how useful the ad, stalking a potential buyer online - without their knowledge or consent - is unsettling. If a website wants visitors to view ads in exchange for free content, they should be upfront and ask.

What if I want to see ads on some website?

Sometimes, you need to see ads. Maybe you work in a Web design firm or maybe you’re interested in the ads a favorite site shows. In just two mouse clicks you can show those ads from any website in your browser. Or you can entirely disable the feature – the choice is yours.

Other than tracking and malvertising, what other reasons might I want to block ads?

Blocking advertisements speeds up your Internet experience and saves bandwidth (which is expensive and, in some regions, metered/capped).

Is WhiteHat Aviator just a modified version of Chromium bundled with security & privacy add-ons?

No, but if that's all WhiteHat Aviator would ever be, that alone would be a huge win considering the alternatives. WhiteHat Aviator is much more. For the first time, you can use a Web browser that is ready-to-go with the latest online security and privacy features. Forget the painful manual configurations and constant rechecking of security settings that you must endure to effectively defend yourself (which is why so few do so). WhiteHat Aviator makes things easy.

What’s the Difference between Aviator and Chromium / Google Chrome?

WhiteHat Aviator is built on Chromium open-source code—the same code used for the Google Chrome browser. Can’t I just use Chrome? What are the differences between Aviator and Google Chrome?

To create WhiteHat Aviator we took advantage of the open source Chromium code foundation, the same browser core used by Google Chrome. Then, we made many very specific changes to the code and configuration to enhance security and privacy. The following sections detail the important differences:

  1. Default to Protected Mode (Incognito Mode) vs Not Protected Mode:
    Delete all Web history, cache, cookies, auto-complete, and local storage data after restart.
    Most people are unaware that there are more than 12 browser locations where websites can store cookies and cookie-like data. Cookies typically track your surfing habits from one website to the next, but they can also expose your online activity to nosy people with access to your computer. Protected Mode purges these storage areas automatically with each browser restart. While other browsers have this feature (or something similar), the feature typically is not enabled by default, which makes it difficult to use. Aviator launches directly into Protected Mode by default and clearly indicates the mode in the current window. Protected Mode helps protect against browser autocomplete hacking, login detection, and deanonymization via clickjacking, by reducing the amount of session states you have open—due to an intentional lack of persistence in the browser over different sessions.
  2. Create custom browsing rules using Connection Control:
    Control the connections made by Aviator. By default, Aviator blocks Intranet IP-addresses (RFC1918).
    When you visit a website, it can instruct your browser to make potentially dangerous connections to internal IP addresses on your network—IP addresses that could not otherwise be connected to from the outside (NAT). That vulnerability might lead to simple reconnaissance on your Intranet internal networks, or it could result in permanent compromises by enabling a criminal to overwrite your router firmware. Without special third-party software, it’s impossible to block any bit of Web code from carrying out browser-based Intranet hacking. If WhiteHat Aviator blocks something you want to access, you can use Connection Control to you create custom rules.
  3. Disconnect Bundled (
    Block ads and third-party trackers.
    Virtually every advertisement on every website your browser encounters is tracking you, storing bits of information about where you go, and recording what you do. These ads, along with invisible third-party trackers, also often carry malware to exploit your browser when you load a page. Sometimes they try to trick you into installing something if you on them. Don’t forget, anyone can author ads—including attackers—so these ads might also harness your browser to initiate tracking, login detection and de-anonymization, auto cross-site scripting, drive-by-downloads, and malicious cross-site request forgeries, among other nefarious activities. And, of course, the visuals in these ads are often distasteful, offensive, and inappropriate, especially for children and workplaces. While we recognize that publishers depend on advertising to fund their content, ads today have become inherently dangerous and insecure. That’s why WhiteHat Aviator uses the Disconnect extension, specifically designed to block ads and trackers. Already more than 400,000 people use Disconnect to protect their privacy. Whether you use Aviator or another browser, we strongly recommend that you also use Disconnect (available for both Chrome and Firefox). And, of course, if you want to enable ads on the website to support the content, Disconnect makes it easy to do with a couple of mouse-clicks.
  4. Block Third-Party Cookies:
    Default configuration update.
    It’s a good practice for your browser to deletes cookies (including third-party cookies) when closing. But’s it’s even better when your browser prevents those third-party cookies from even loading in the first place. Blocking third-party cookies helps protect against tracking, login detection, and de-anonymization during the browser session.
  5. Replace Google Search with DuckDuckGo:
    Use a privacy-enhanced default search engine.
    Google earns its revenue from advertising and user tracking/profiling, which is why Chrome only supports this search engine. WhiteHat Aviator takes advantage of DuckDuckGo, which provides a more private, secure search experience than Google. If you prefer to use another search engine (including Google), you can easily change that setting.
  6. Limit referrer leaks:
    By default, referrers no longer leak cross-domain—they are only sent same-domain.
    When you click from one link to the next, most browsers notify the destination website where the click came from (using the Referer header). But that can leak sensitive information such as the search keywords used, internal IPs/hostnames, session tokens, etc. These leaks are often in the referring URL and offer little, if any, benefit to the user. WhiteHat Aviator only sends these headers within the same domain.
  7. Enable plug-ins as click-to-play:
    Default configuration update automatically enabled.
    Your browser might be secure—but what about the plug-ins you’re constantly updating? Plug-ins (like Flash and Java) are a source for tracking, malware exploitation, and general annoyance. They often store their own cookie-like data, which isn’t easy to delete (especially from within the browser). Plug-ins are also a major vulnerability for malware infection. And plug-ins can present annoying sounds and visuals that are difficult to identify and block. WhiteHat Aviator blocks all plug-ins by default. For instance, if you want to run a plug-in on YouTube, you simply click on the puzzle piece. If you want a website to always load the plug-ins, you can configure Aviator to do that.
  8. Limit data leakage to Google:
    Default configuration update
    By default, WhiteHat Aviator disables “Use a Web service to help resolve navigation errors” and “Use a prediction service to help complete searches and URLs typed in the address bar.” We also removed all options to synch/login to Google and send tracking traffic to Google on Chromium installation. Aviator limits what the browser sends to Google to protect your privacy. You’re always free to choose Google services.
  9. Do Not Track:
    Default configuration update.
    This mode is enabled by default. While we prefer “Can-Not-Track” to “Do-Not-Track,” WhiteHat Aviator enables the “Do Not Track” signal by default.

Want to see for yourself?

Download your free copy of WhiteHat Aviator for Mac OS X!

Download your free copy of WhiteHat Aviator for Windows!