Disclosed systems and methods include receiving, by a browser application, a web application data including a trusted source rule having a web application user identifier (ID) unique to a user of the web application, and upon determining by the browser application of a violation of the trusted source rule, transmitting a rule violation report, with the web application user ID, to a data processing system for analysis to determine a malicious manipulation of the browser application, and receiving at the user device, from the data processing system, an alert of malicious manipulation of the browser application, corresponding to the rule violation report.