First, a website owner enables the SecureBrowse protocol by hashing their client-side resources. Those hash digests are then stored into DNSSEC-signed TXT records on that website domain.
When a resource (HTML, script, stylesheet) is requested from the browser, the SecureBrowse extension hashes it and checks if the output digest matches the digest on the TXT records.
If a match is found, then the resource is allowed to load. If there is no match, the resource is blocked.