Skip to content

Clientless Web Isolation

Clientless Web Isolation allows you to on-ramp user traffic to your private network without needing to install the WARP client. Users access private applications by going to a prefixed URL:

https://<your-team-name>.cloudflareaccess.com/browser/<URL>

After the user authenticates to your IdP, Cloudflare will load the application in a secure remote browser and apply your Gateway firewall policies to user traffic.

Setup

To configure Clientless Web Isolation for Zero Trust Web Access, refer to this tutorial.

Best practices

  • For guidance on building Gateway policies for private network applications, refer to Secure your first application.
  • If you already deployed the WARP client to some devices as part of a mixed-access methodology, ensure that your Gateway firewall policies do not rely on device posture checks. Because Clientless Web Isolation is not a machine in your fleet, it will not return any values for device posture checks.
  • You can standardize the user experience by making specific applications available in your App Launcher as bookmarks. In this case, you would create a new bookmark for https://<team-name>.cloudflareaccess.com/browser/https://internalresource.com, which would take users directly to an isolated session with your application.