Safety Policies
Safety policies control how restricted the browser session is. All policies use temporary isolated profiles so no data persists between runs.
Policy comparison
| Setting | Strict | Balanced | Diagnostic |
|---|---|---|---|
| Profile | Temporary | Temporary | Temporary |
| Permissions | All blocked | Sensitive blocked | Minimal blocking |
| Downloads | Disabled | Quarantined | Allowed |
| Popups | Blocked | Captured | Allowed |
| JavaScript | Enabled | Enabled | Enabled |
| Third-party cookies | Blocked | Default | Default |
| Use case | Suspicious links | General inspection | QA testing |
Strict
Maximum isolation for investigating untrusted or suspicious URLs. All sensitive permissions are blocked, downloads are disabled entirely, and third-party cookies are restricted. Use this when you want to observe what a page does without giving it any capabilities.
Balanced
Sensible defaults for routine URL inspection. Sensitive permissions (camera, microphone, geolocation) are blocked, but downloads are quarantined rather than disabled -- they are saved to the run artifact folder for later inspection. Suitable for most use cases.
Diagnostic
Fewer restrictions for compatibility testing and QA work. Downloads are allowed, popups are permitted, and most permissions use browser defaults. Still uses a temporary profile for isolation. Use this when testing page functionality across browsers.
Implementation
Policies are applied through Playwright browser context options:
permissions: []-- no permissions granted; the browser will prompt or denyacceptDownloads-- controlled by policy- URL validation -- localhost, private IPs, and HTTP trigger warnings regardless of policy