Skip to main content
The built-in web browser is enabled by default on every tier. Enterprise organizations can edit this policy. Contact sales to learn more.
Use the web browser policy to control whether members and Ona agents can use the managed browser session inside environment pages. The policy is separate from editor access and port sharing. Free, Core, and Enterprise organizations have the built-in browser enabled by default. Enterprise admins can disable it when the organization needs stricter controls for in-dashboard browser access.

Configure the policy

Go to Settings > Organization > Policies and use Allow Web Browser in Environments.
Organization tierDefaultCan change this policy
FreeEnabledNo
CoreEnabledNo
EnterpriseEnabledYes
When the policy is on:
  • Members can open the Browser tab from environment pages.
  • Members can preview local app ports in the Browser tab.
  • Ona agents can use the browse-web built-in skill when you ask them to inspect or interact with a page.
  • Browser screenshots and annotations can be sent to Ona from the Browser tab when Ona AI is enabled.
When an Enterprise admin turns the policy off:
  • Browser actions are hidden on environment pages.
  • The Browser tab is not offered in the dashboard.
  • Ona does not expose the browse-web built-in skill to agents in that organization.
  • Members cannot send browser screenshots or annotations from the Browser tab.
FeatureEffect
Built-in browser panelDisabled when the policy is off
browse-web built-in skillDisabled when the policy is off
VS Code BrowserUnaffected
Port sharingUnaffected and controlled by its own policy
Editor availabilityUnaffected and controlled by Editor restrictions
Use the port sharing policy to control user-initiated shared ports. Use the web browser policy to control the in-dashboard browser session used by members and Ona.

Security and port implications

The built-in browser runs in the environment and can reach services available from that environment, including local addresses such as http://localhost:3000. Keeping this policy enabled lets members and Ona agents use that browser session for inspection and interaction. Opening an app in the built-in browser does not publish that app’s port to other users. Port sharing remains controlled by the port sharing policy and by each port’s access level. The browser uses a managed browser port so the dashboard can connect to the browser session. That managed port is separate from application ports that members open or share.

Troubleshooting

Only Enterprise organizations can edit the web browser policy. Free and Core organizations can see the policy when it appears, but cannot change it.
This policy does not affect VS Code Browser. Use Editor restrictions to control which editors members can use.