Cloudflare Docs
Cloudflare Zero Trust
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Isolation policies

With Browser Isolation, you can define policies to dynamically isolate websites based on identity, security threats, or content.

​​ Isolate

When an HTTP policy applies the Isolate action, the user’s web browser is transparently served an HTML compatible remote browser client. Isolation policies can be applied to requests that include Accept: text/html*. This allows Browser Isolation policies to co-exist with API traffic.

The following example enables isolation for all web traffic:

SelectorOperatorValueAction
Hostmatches regex.*Isolate

If instead you need to isolate specific pages, you can list the domains for which you would like to isolate traffic:

SelectorOperatorValueAction
DomainInexample.com, example.netIsolate

​​ Do Not Isolate

You can choose to disable isolation for certain destinations or categories. The following configuration disables isolation for traffic directed to example.com:

SelectorOperatorValueAction
HostInexample.comDo Not Isolate

​​ Policy settings

The following optional settings appear in the Gateway HTTP policy builder when you select the Isolate action. Enable these settings to prevent data loss when users interact with untrusted websites in the remote browser.

​​ Disable copy / paste

Prohibits users from copying and pasting content between a remote web page and their local machine.

​​ Disable printing

Prohibits users from printing remote web pages to their local machine.

​​ Disable keyboard

Prohibits users from performing keyboard input into the remote web page.

​​ Disable upload

Prohibits users from uploading files from their local machine into a remote web page.

​​ Disable download

Prohibits users from exporting files from the remote browser to their local machine.

​​ Common policies

​​ Isolate all security threats

Isolate security threats such as malware and phishing.

SelectorOperatorValueAction
Security RisksInAll security risksIsolate

​​ Isolate high risk content

Isolate high risk content categories such as newly registered domains.

SelectorOperatorValueAction
Content categoriesinSecurity RisksIsolate

​​ Isolate news and media

Isolate news and media sites, which are targets for malvertising attacks:

SelectorOperatorValueAction
Content categoriesinNews and MediaIsolate

​​ Isolate uncategorized content

Isolate content that has not been categorized by Cloudflare Radar:

SelectorOperatorValueAction
Content categoriesnot inAll content categoriesIsolate