GlossaryPrivacy & SecurityIntermediate

Browser Isolation

Browser isolation is a security technique that runs web browsing in a separate, sandboxed environment so that any malicious code never touches the user's real device. It keeps threats away from the local machine and network.

Last updated June 8, 2026

Definition

Browser isolation is a security model that executes web page code in an isolated container, virtual machine, or remote cloud server instead of directly on the user's endpoint. Whatever the page does, malware, exploits, or drive-by downloads, stays trapped inside the sandbox and is destroyed when the session ends.

How browser isolation works

There are two common approaches. Remote browser isolation (RBI) runs the browser on a remote server and streams a safe visual rendering (pixels or a clean DOM) back to the user. Local isolation uses on-device sandboxes or disposable virtual machines. Either way, untrusted JavaScript and active content execute away from the protected environment.

Why it matters for automation and privacy

  • Threat containment: phishing pages and zero-day exploits cannot reach the host.
  • Privacy: a remote browser can mask the local IP and fingerprint, often paired with proxies for clean exit traffic.
  • Scraping safety: running scrapers in isolated, disposable browsers reduces cross-contamination and makes detection harder to correlate.

Combined with residential or datacenter proxies, isolation lets teams browse and automate untrusted sites without exposing infrastructure.

Examples

1

Cloudflare Browser Isolation streaming a remote tab to an employee's screen

2

A disposable Docker container running a headless browser for each scraping job

3

Menlo Security isolating links clicked from corporate email

Common Use Cases

Protecting employees from phishing and malicious websites
Safely opening untrusted links in email or chat
Running web scrapers in disposable sandboxes to avoid cross-session tracking
Browsing sensitive research targets without revealing local IP or fingerprint

Frequently Asked Questions

No. A VPN encrypts and reroutes your traffic to hide your IP, while browser isolation runs the actual browser in a sandbox so malicious code never executes on your device. They solve different problems and are often used together.
Yes. Running each scraping session in an isolated, disposable browser prevents cookie and fingerprint contamination between jobs and limits the blast radius if a target site serves malware, especially when paired with rotating proxies.

Keep Learning

All terms

Residential Proxy

A residential proxy routes your traffic through a real device with an IP assigned by an Internet Service Provider, so requests appear to come from a genuine home user rather than a server.

Read definition

Browser Fingerprinting

Browser fingerprinting identifies and tracks a device by combining dozens of browser and system attributes — like fonts, canvas rendering and user agent — into a near-unique signature.

Read definition

Anti-Detect Browser

An anti-detect browser lets you run many isolated browser profiles, each with its own fingerprint, cookies and proxy, so sites see them as separate, genuine users.

Read definition

Headless Browser

A headless browser is a real browser that runs without a visible interface, controlled by code — the workhorse for scraping JavaScript-heavy sites and automation.

Read definition
Back to Glossary