Clientless Web Isolation
Clientless Web Isolation allows you to on-ramp user traffic to your private network without needing to install the WARP client. Users access private applications by going to a prefixed URL:
https://<your-team-name>.cloudflareaccess.com/browser/<URL>
After the user authenticates to your IdP, Cloudflare will load the application in a secure remote browser and apply your Gateway firewall policies to user traffic.
To configure Clientless Web Isolation to augment clientless access, refer to this tutorial.
Best practices
Section titled “Best practices”- For guidance on building Gateway policies for private network applications, refer to Secure your first application.
- If you already deployed the WARP client to some devices as part of a mixed-access methodology, ensure that your Gateway firewall policies do not rely on device posture checks. Because Clientless Web Isolation is not a machine in your fleet, it will not return any values for device posture checks.
- You can standardize the user experience by making specific applications available in your App Launcher as bookmarks. In this case, you would create a new bookmark for
https://<team-name>.cloudflareaccess.com/browser/https://internalresource.com, which would take users directly to an isolated session with your application.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark