Isolation in an End User’s Browser

Isolation in an End User’s Browser

Whenever there is a match for a given web page with a policy with the action “isolate” the web page is sent to RBI for isolation and the user gets the isolated (pixel rendered) version of the requested web page. The end user will have a seamless experience, similar to browsing the original web page.

There will be some minor differences in the isolated browsing experience, such as:

  • Initially, while the page is being prepared for isolation, users will see a Netskope Logo and the Tab title “Remote Browser Isolation”.
  • Once rendered, they will see a star [ * ] prefix in their browser’s tab title.
  • User actions are disabled to limit the interaction between the user and the isolated web page for enhanced malware protection and data exfiltration.

    The list of disabled and limited actions:

      • Colored frame – isolation indicator
      • Pop-up Message – isolation indicator
      • File downloads – user action control (Controlled GA)
      • File uploads – user action control (Controlled GA)
      • Clipboard – user action control (limited to copy and paste in isolated web pages)


You can find a list of all available options with descriptions when creating RBI Templates. To learn more: RBI Templates

Warning Messages

Whenever a user tries to perform any of the limited functions they will see a warning messages similar to the following:

For downloads:


For the clipboard:


Read-Only User Action Control

Read-Only prevents the phishing threats by blocking any text input into the isolated page (i.e. typing or pasting from the clipboard) while browsing in isolation. Admins enable Read-Only leveraging RBI templates, and apply them to isolation policies.

End users are notified they are browsing a Read-Only page in isolation and they will see the read-only indicators. In addition, end users will see a warning message if they try to enter any text.


Users can drag-and-drop to move elements inside the same isolated web page (isolated tab).


Read-Only Isolation Indicator Control

Netskope enables all isolation indicators by default in an RBI template when the Read-Only user action control is enabled, reflecting the expected behavior for end users. These Isolation indicators are not editable (greyed out) if Read-Only is enabled: Asterisk prefix, Colored Frame, and Toast (Warning Message).

Therefore, if you select Read-Only as a User Action, all Isolation Indicators are enabled and grayed out (not editable).


Admins can uncheck the Read-Only control and the Isolation Indicators remain enabled and admins can disable or enable without restrictions.

Share this Doc
In this topic ...