Network

PAC Request Policy for Consistent Browser Routing

Keep approved browser traffic on predictable proxy routes with profile-aligned PAC policy, clear source controls, and defensive deployment guidance.

Documentation

Prefer the maintained product doc?

This article has a matching page in the docs center. Use the docs for the canonical setup flow, current flags, and long-term reference.

Proxy Auto-Config, usually called PAC, gives the browser a policy for selecting a network route. The decision stays in the browser network path, so the same policy can cover navigation, redirects, subresources, and browser-managed requests without depending on a page framework.

That placement is useful when a deployment uses more than one approved proxy route. Regional browsing, internal application testing, media validation, and multi-context workloads may each need different route families. A PAC policy keeps those choices close to the browser profile and launch configuration.

BotBrowser 150.0.7871.46 adds controlled response support to its enterprise PAC Request Policy workflow. Standard PAC routing remains available. The additional policy layer helps authorized teams keep request handling consistent while maintaining explicit source and profile requirements.

Profile-aligned PAC request policy A browser context applies an approved PAC policy before traffic follows an approved proxy route, a controlled response path, or standard PAC routing. Browser context Profile and network policy stay aligned Approved PAC policy Select route Apply safeguards Continue predictably Approved proxy route Controlled response Standard PAC route

Why routing belongs with the browser

A static proxy is often enough for a simple session. It becomes less suitable when one browser workflow needs several approved paths. Moving route choices into framework handlers can also create different behavior between Playwright, Puppeteer, raw CDP, and browser-managed traffic.

PAC gives the browser one routing policy. Automation code drives the page, while the browser owns network selection. This division makes a deployment easier to review because the profile, proxy inventory, and routing policy have clear responsibilities.

The approach also supports privacy consistency. A browser profile can define a region, language, timezone, and device family, but those settings lose value when traffic follows an unrelated network path. Keeping the route policy next to the profile reduces configuration drift between the browser identity and its approved egress.

What changed in BotBrowser 150.0.7871.46

BotBrowser 150.0.7871.46 extends the approved enterprise PAC workflow with two operational capabilities:

  • Authenticated proxy routing can remain inside the managed browser network path.
  • Controlled responses can support owned fixtures and repeatable quality assurance paths under a narrower source policy.

Standard PAC selection still handles ordinary traffic. Existing deployments do not need to move every request into the additional policy layer. The new behavior is intended for selected request classes where an approved workflow needs more control than route selection alone.

The release keeps these capabilities tied to approved enterprise profiles. A PAC source should be treated as production configuration because it can affect where browser traffic goes and whether a selected owned fixture is served locally.

A clear operating model

A maintainable deployment separates four concerns:

  1. The browser profile defines the intended browser identity.
  2. The proxy inventory defines the approved network paths.
  3. The PAC policy selects a path for each relevant request class.
  4. The automation workflow performs the authorized browser task.

This arrangement prevents routing rules from being copied into every script. It also gives support and privacy teams a stable place to review a route change without reading page automation code.

Use descriptive policy names and keep each policy focused on one deployment purpose. A regional validation job, an internal application test, and a media workflow should not share a large policy merely because they run on the same worker. Smaller policies are easier to review, version, and roll back.

Controlled responses and policy boundaries

Controlled responses are suitable for endpoints and fixtures owned by the deployment. Examples include a readiness result, a stable test asset, or a deterministic response used in an authorized quality assurance workflow.

This capability uses a narrower trust policy than ordinary PAC routing. Administrators should select a supported source through the current product documentation, keep the policy under the same access controls as the profile package, and reject unreviewed policy delivery paths. The operational distinction is whether the source is approved for the selected capability, not the transport label visible to an application.

Keep owned fixtures separate from live destination traffic. Controlled responses should support repeatable testing and operational checks, not replace ordinary navigation to third-party services.

Good uses for PAC Request Policy

Regional route consistency

A profile-backed session may need a route that matches its selected region. PAC can keep navigation and supporting requests on the approved route family without duplicating selection logic across automation frameworks.

Internal and external application paths

An enterprise test may combine an internal service with public web dependencies. A small PAC policy can keep internal traffic on the intended private path while external traffic uses the approved proxy route.

Multi-context workers

Workers that create and close browser contexts need predictable ownership. Pairing each context configuration with its profile and policy makes later review easier and reduces reliance on process-wide assumptions.

Repeatable quality assurance

Owned fixtures can remove unnecessary network variability from a selected test path. With an approved policy source, controlled responses can support that narrow use while the rest of the page follows standard browser networking.

When a static proxy is better

PAC is not required for every deployment. Prefer a static proxy when all traffic should use one route and there is no request-class policy to maintain. A smaller configuration is easier to operate and leaves fewer moving parts.

Use PAC when route selection is a real browser-level requirement. Do not add it only to mirror framework logic that already has a single, stable route. The policy should reduce operational complexity, not move the same complexity into another file.

Deployment safeguards

Treat the PAC source, browser profile, and proxy inventory as one reviewed release unit.

  • Restrict who can change the policy source.
  • Keep the approved policy reference explicit in deployment configuration.
  • Use version control for stable policy files.
  • Review route ownership before changing proxy credentials or regions.
  • Start a fresh browser session when the job configuration changes.
  • Keep controlled fixtures under the same access controls as the test workflow.
  • Prefer a small allowlist of request classes over a broad catch-all policy.

Remote policy delivery requires the same transport and access review as other production configuration. Standard PAC routing may support more source types, but broader source availability should not be confused with permission to use controlled responses.

Outcome-based validation

Validation should confirm the deployment result without collecting unnecessary page data.

Begin with the route plan. Record which request classes should use each approved route and which should remain on standard PAC behavior. Run the normal authorized workflow and compare its observable network outcome with that plan.

Check profile and route alignment together. Region, language, timezone, and proxy egress should describe a coherent environment. For multi-context jobs, review each context independently so one successful context does not mask a configuration problem in another.

For an owned controlled fixture, confirm the expected application behavior through normal application checks. Review the effective policy identifier, profile assignment, access record, and browser outcome together. These observations show whether the deployment follows its approved route plan. Attach the result to the same release record used for rollout and rollback decisions.

Keep validation evidence concise. Policy version, profile family, expected route family, observed egress, and workflow outcome are usually enough for a release record.

Change ownership and review

A routing policy affects browser traffic before page automation evaluates the result. Give every policy a named owner who understands the application paths it governs. The owner should be able to explain why each route class exists, which profile families use it, and which team approves changes. Proxy operations can remain a separate responsibility, but the boundary between route selection and route availability must be written down.

Review the policy as a production configuration item. A useful review record contains the policy name, its revision, the affected deployment groups, the profile families assigned to it, and the expected outcome for each approved route class. It should also identify the rollback revision and the person responsible for making that decision. This is enough context for an operator to act without copying the policy into a ticket or exposing details that do not belong in an operational record.

Avoid informal policy sharing between jobs. A policy that works for one application may include assumptions about regions, private services, or proxy ownership that do not apply elsewhere. Create a separate reviewed policy when the purpose changes. The additional record is cheaper than investigating an unexplained route after two deployments have evolved independently.

Credentials should not be embedded in policy text or copied into browser automation. Use the deployment's normal secret-management path and limit access to the service accounts that run the approved job. Rotate credentials independently from routing logic where the platform permits it. After rotation, run the same authorized application checks used for a normal release.

Staged rollout

Start with a small deployment group that represents the production environment. Use the intended browser release, profile family, operating system, proxy inventory, and automation version. A test on a developer laptop can confirm syntax, but it does not establish that production route ownership, credentials, and access controls are correct.

Compare the staged group with an unchanged group over the same period. Useful observations include successful application completion, browser start and exit status, proxy availability, route-family outcome, and the number of jobs returned to the queue. Keep the page set and job mix comparable. If several inputs change at once, the comparison will not show whether the policy helped or merely coincided with a different workload.

Expand by deployment group rather than changing every worker at once. Pause the rollout when the application outcome, browser stability, or route ownership record no longer matches the release plan. Restore the previous reviewed policy before trying a second change. This keeps rollback predictable and preserves a clear baseline for the next comparison.

Long-running workers should receive policy changes through the same lifecycle used for profile and browser updates. Finish or stop assigned work according to the application's normal shutdown rules, then begin a fresh browser session with the new release unit. Mixing an old browser session with a new policy assignment makes support records difficult to interpret.

Access records and retention

Routing records can reveal sensitive operational information even when they do not contain page content. Limit collection to what a support or privacy review needs: policy revision, profile family, approved route family, deployment group, time window, and application outcome. Avoid retaining full destination histories merely to prove that a policy was active.

Apply the organization's ordinary retention schedule to these records. A short-lived staging record may need only the release window, while a regulated production workflow may require a longer audit trail. The deployment owner should decide the period before rollout and document who can read or export the record. Do not let browser logs become an unmanaged copy of network history.

Access reviews should cover both policy editing and policy assignment. Someone who cannot change policy text may still be able to attach an existing policy to the wrong deployment group. Review those permissions together. Remove assignments that no longer have an active owner, and retire policy revisions that are no longer available for rollback.

Handling an unexpected result

When an authorized workflow produces an unexpected route outcome, stop issuing new work to the affected deployment group. Keep the last successful policy revision and release record available. Confirm that the assigned profile family, browser release, proxy inventory, and policy revision match the approved change. This first comparison often identifies configuration drift without requiring page-level investigation.

Check the health of approved proxy routes independently through the organization's normal infrastructure monitoring. A route can be unavailable even when the policy is unchanged. Likewise, a healthy proxy does not prove that the intended policy was assigned. Treat policy selection and route availability as separate facts, then compare both with the application outcome.

Change one release component at a time during recovery. Restoring the previous policy while also changing the profile package, browser version, and proxy region destroys the baseline. Return to the last reviewed unit first. Once the normal application checks pass, introduce the next change through the staged rollout process.

The incident record should state the user-visible outcome, affected deployment groups, last known good revision, corrective action, and release validation result. Summarize observed behavior instead of retaining request-by-request page data. That narrower record supports accountability while respecting the privacy boundary of the browsing session.

Periodic maintenance

Review active policies on a regular schedule and after major application, browser, profile, or network changes. Confirm that every route class still has a current purpose and owner. Remove unused classes rather than leaving them available for possible future work. A shorter policy is easier to reason about during a release and less likely to carry obsolete assumptions.

Verify that documentation links point to the current product release and that deployment templates reference an active policy revision. Test rollback material while it is still valid. A revision that exists only in an old ticket is not a reliable recovery option if its proxy inventory or profile assignment has already been retired.

Include privacy and support owners in the maintenance review. Operations can confirm route health, while privacy reviewers confirm that collection and retention remain proportionate. Support can identify recurring configuration questions that should be resolved in deployment templates. This shared review keeps the policy useful without expanding its scope.

Common configuration mistakes

Treating every policy source as equivalent

Source requirements differ by capability and release. Select a documented, approved source for the intended workflow, and review that choice whenever the browser or policy package changes.

Splitting route ownership across layers

When PAC, framework handlers, and an external forwarding service all select routes, the final path becomes difficult to explain. Choose one owner for each decision and document the boundary.

Reusing a policy for unrelated profiles

A policy created for one region or browser family may not suit another. Review the policy whenever the profile family, proxy region, or worker role changes.

Using controlled responses for live web traffic

Controlled responses are intended for owned fixtures and authorized test paths. Ordinary destination traffic should continue through standard browser networking.

Frequently asked questions

Does PAC Request Policy replace standard PAC?

No. Standard PAC routing remains the default model for normal proxy selection. The enterprise policy workflow adds selected request handling for approved deployments.

How should a controlled-response source be selected?

Use a source supported by the current product documentation and approved by the deployment owner. Keep its access controls, revision history, and profile assignment in the same change record.

Does every BrowserContext need PAC?

No. Use PAC only where the context needs browser-level route selection. A static proxy is the clearer choice for a single-route context.

Can the same policy be used with different automation frameworks?

Yes. Because the policy is owned by the browser network path, the surrounding automation framework does not need to reproduce the routing rules.

Where is the maintained setup guide?

Use the PAC Request Policy documentation for supported sources, configuration, and operational requirements. The proxy configuration guide covers the underlying proxy choices.

PAC Request Policy is most valuable when it makes browser routing easier to understand. Keep the policy small, keep it aligned with the profile, and reserve controlled responses for approved sources in owned workflows.

#Pac#Request-Policy#Network#Proxy#Privacy#Enterprise

Take BotBrowser from research to production

The guides cover the model first, then move into cross-platform validation, isolated contexts, and scale-ready browser deployment.