To address the challenge of real-time detection of spoofed login pages in phishing attacks, this paper proposes the Page Transparency (PT) mechanism. Inspired by Certificate Transparency, PT extends verifiable logging to the web content layer by introducing a Public Login-page System (PLS), which cryptographically signs and publicly logs legitimate login pages. Clients retrieve page metadata via a new HTTP PT header and perform lightweight visual similarity matching alongside cryptographic verification—requiring no browser extensions or modifications. This approach enables proactive, plugin-free defense against zero-day phishing pages. Evaluation demonstrates significant improvements in phishing detection accuracy and response latency. PT establishes a novel infrastructure-level defense paradigm for securing web-based identity authentication.

Phishing is a prevalent cyberattack that uses look-alike websites to deceive users into revealing sensitive information. Numerous efforts have been made by the Internet community and security organizations to detect, prevent, or train users to avoid falling victim to phishing attacks. Most of this research over the years has been highly diverse and application-oriented, often serving as standalone solutions for HTTP clients, servers, or third parties. However, limited work has been done to develop a comprehensive or proactive protocol-oriented solution to effectively counter phishing attacks. Inspired by the concept of certificate transparency, which allows certificates issued by Certificate Authorities (CAs) to be publicly verified by clients, thereby enhancing transparency, we propose a concept called Page Transparency (PT) for the web. The proposed PT requires login pages that capture users' sensitive information to be publicly logged via PLS and made available to web clients for verification. The pages are verified to be logged using cryptographic proofs. Since all pages are logged on a PLS and visually compared with existing pages through a comprehensive visual page-matching algorithm, it becomes impossible for an attacker to register a deceptive look-alike page on the PLS and receive the cryptographic proof required for client verification. All implementations occur on the client side, facilitated by the introduction of a new HTTP PT header, eliminating the need for platform-specific changes or the installation of third-party solutions for phishing prevention.