Cloudflare Docs
Learning Paths
Edit this page on GitHub
Set theme to dark (⇧+D)

Clientless Web Isolation

  1 min read

Clientless Web Isolation allows you to on-ramp user traffic to your private network without needing to install the WARP client. Users access private applications by going to a prefixed URL:


After the user authenticates to your IdP, Cloudflare will load the application in a secure remote browser and apply your Gateway firewall policies to user traffic.

​​ Setup

To configure Clientless Web Isolation for Zero Trust Web Access, refer to this tutorial.

​​ Best practices

  • For guidance on building Gateway policies for private network applications, refer to Secure your first application.
  • If you already deployed the WARP client to some devices as part of a mixed-access methodology, ensure that your Gateway firewall policies do not rely on device posture checks. Because Clientless Web Isolation is not a machine in your fleet, it will not return any values for device posture checks.
  • You can standardize the user experience by making specific applications available in your App Launcher as bookmarks. In this case, you would create a new bookmark for https://<team-name>, which would take users directly to an isolated session with your application.