Search
Clear search
Close search
Google apps
Main menu
true

Are your Chrome devices having WiFi connection problems? Fix now

Manage site isolation

Supported on Chrome 63 and later.

Google’s site isolation feature improves security for Chrome browser users. When you enable site isolation, content for each open website in the Chrome browser is always rendered in a dedicated process, isolated from other sites. This creates an additional security boundary between websites.

Before you begin

  • Configuring site isolation for all websites gives you the strongest security. However, it will increase memory usage by approximately 1020% on computers that use Chrome.
  • If you choose to deploy the site isolation feature, Google recommends you use Chrome policy and not the command line flag.
  • For Microsoft® Windows® deployments, you must first download and install the latest administrative templates on your domain controller.

Turn on site isolation for all websites

When you turn on site isolation for all websites, every site runs in a dedicated rendering process and all sites are isolated from each other.

To test site isolation for all websites locally before you deploy it to your organization, use the command line flag
--site-per-process.

To turn on site isolation for all websites for your entire organization, enable the SitePerProcess policy and deploy the updated policy settings to your Chrome devices.

Turn on site isolation for specific websites

You can create a specific list of websites that you want to isolate. Each entry on the list will run in a dedicated rendering process. You can include sites that users log in to, as well as other sites that contain sensitive information like productivity sites or intranet sites.

To test your configuration locally, before you deploy it to your organization, use the command line flag to specify a list of website that you want to isolate. For example:

--isolate-origins=https://example.com,https://subdomain.example.org

To turn on site isolation for a specific list of websites for your entire organization, configure the IsolateOrigins policy and deploy the updated policy settings to your Chrome devices.

Turn off site isolation

If you disable either site isolation policy, Chrome will use its pre-site isolation process model to render websites. Different sites may share processes with each other and cross-site iframes may be rendered in the same process as their parent page.

Known issues

  • When printing a page, cross-site iframes appear blank.
    To print the complete web page content, save the page locally, then open and print the saved file.
  • Chrome Developer Tools (DevTools) don’t show network requests and cookies within cross-site iframes. Website testing frameworks such as ChromeDriver don't support cross-site iframes.

Related topics

Was this article helpful?
How can we improve it?