Memory and Storage Signals in Browser Profiles
Protect browser privacy by keeping storage quota, JavaScript heap limits, and device memory aligned with the active profile across supported hosts.
Prefer the maintained product doc?
This article has a matching page in the docs center. Use the docs for the canonical setup flow, current flags, and long-term reference.
Web applications need resource information to manage large documents, media, and long-running tasks. Some of that information also describes the host machine. Storage capacity and memory class can therefore contribute to cross-session correlation when they do not match the rest of a browser profile.
BotBrowser keeps three resource families under profile control: storage quota, JavaScript heap limits, and device memory. Together they maintain a coherent browser identity across supported hosts instead of presenting unrelated fixed values.
This matters on server fleets. A profile may run on a workstation, a virtual machine, or a container while representing the same intended device family. Profile-backed resource policy prevents the host allocation from becoming the default browser identity.
Why resource signals affect privacy
Browser identity is a group of related properties. Platform, browser family, screen class, processor class, memory, and storage should describe a plausible device together. When one property reflects the host server while the others reflect the selected profile, the mismatch can make sessions easier to correlate.
Resource values can also change when a workload moves between machines. A job that runs on a small container one day and a large workstation the next should not expose those infrastructure changes when the same browser profile remains active.
Consistency is more useful than a universal value. A mobile profile and a desktop workstation profile should not report the same resource class merely because they run on the same server. The values need to follow the profile family and remain stable for the intended session lifecycle.
The three controlled resource families
Storage quota
Storage quota describes the browser-managed storage budget available to web content. The value can reflect host disk characteristics when it is left entirely to the machine running the browser.
In profile mode, BotBrowser reports a quota aligned with the active profile rather than the host disk. This helps a session retain the same resource identity when it moves between supported host systems.
JavaScript heap limit
The JavaScript heap limit describes the memory budget available to the browser runtime. It should agree with the device class represented by the profile. A lightweight mobile profile and a high-memory desktop profile naturally belong to different resource classes.
BotBrowser can apply the profile-backed heap policy to newly started sessions and contexts. Lifecycle timing matters because a runtime resource limit needs to be established when that runtime is created.
Device memory
Device memory is a coarse browser signal that represents the device's memory class. BotBrowser keeps it aligned with the active profile so the high-level device class and the runtime resource policy do not contradict one another.
These three values form one resource set. Reviewing them together avoids a profile that presents a low-memory device while exposing a much larger runtime budget or an unrelated storage class.
Profile, host, and explicit policies
Profile-backed behavior is the normal choice for repeatable privacy validation. The profile remains the source of the intended resource identity, even when the underlying worker changes.
Some authorized workloads need the browser to follow the real host resources. That mode is appropriate when the host itself is the test subject or when application capacity testing must reflect the worker. It should be chosen deliberately because moving the same profile between different hosts can then produce different resource behavior.
An explicit policy can support controlled compatibility testing where a known resource class is part of the test plan. Use it as a documented test configuration, not as an isolated value detached from the rest of the profile.
The storage quota documentation contains the supported configuration details and lifecycle notes.
Scope of the resource policy
BotBrowser's documented resource controls cover storage quota, JavaScript heap limits, and device memory. These are the values that should be reviewed as one profile-backed group.
Origin data systems continue to follow their normal browser semantics. Application databases, cache contents, and persistence behavior are not interchangeable with the three profile resource controls. Teams should test those application features as ordinary product behavior rather than assuming one resource setting changes every storage subsystem.
This boundary helps with troubleshooting. A quota mismatch belongs in the profile resource review. Missing application data or an application cache issue belongs in the site's storage lifecycle review. Keeping those questions separate avoids inaccurate conclusions about what the profile controls.
Cross-host consistency
A shared worker fleet often contains machines with different disk and memory allocations. Profile mode gives those workers a common browser resource identity for the same profile family.
This supports several operating patterns:
- A profile can move between Windows, macOS, and Linux hosts without adopting each host's resource class.
- A headless worker can use the same intended resource identity as a headed review session.
- A newly created context can receive the intended heap policy at runtime creation.
- A multi-context worker can keep each context aligned with its assigned profile.
Cross-host consistency does not mean every profile should report the same values. It means the selected profile remains the source of truth instead of the current worker.
Practical deployment choices
Long-running profiles
Persistent profiles should keep a stable resource policy across their lifecycle. Review the policy before moving the profile to a different worker class, especially when the previous deployment intentionally used host-backed behavior.
Disposable test contexts
Short quality assurance jobs benefit from profile mode because a fresh worker does not silently change the expected resource identity. Create a new context after changing the heap policy so the runtime starts with the intended configuration.
Capacity and compatibility testing
When a test intentionally measures host capacity, document that choice separately from privacy validation. The same result should not be interpreted as evidence for both goals because one follows the worker and the other follows the profile.
Mixed device families
A fleet that runs mobile and desktop profiles should review each profile family independently. Reusing one resource setting across all families can create unnecessary inconsistencies even if the value appears reasonable by itself.
Defensive validation
Validation should begin with configuration and application outcomes, not a page-level collection script.
- Confirm which resource policy the job is expected to use.
- Confirm that the intended profile is active before the session or context begins.
- Review storage quota, heap policy, and device memory as one group.
- Run the authorized application workflow and watch for legitimate resource-limit behavior.
- Repeat the workflow on another supported host when cross-host consistency is part of the release requirement.
- Record the profile family, policy mode, host class, and application outcome.
For multi-context operation, validate each context after creation. A correct process-wide configuration does not prove that every later context was created with the intended lifecycle settings.
Avoid using the real host value as the desired result in profile mode. The expected outcome comes from the selected profile. Host-backed mode has a different purpose and should be labeled clearly in test records.
Common configuration mistakes
Reviewing each value in isolation
A storage quota may look plausible while the heap limit and device memory describe another device class. Approve the resource set as a whole.
Changing heap policy after runtime creation
Heap policy belongs to the creation lifecycle. Start a new session or context after a change so the runtime begins with the intended limit.
Confusing application storage with profile resource controls
Application data, caches, and persistence retain their ordinary browser behavior. Test them through the application's own functional requirements.
Allowing worker changes to redefine a persistent profile
When consistency is required, keep profile mode active as a workload moves between workers. Choose host-backed behavior only when the test specifically needs it.
Using one policy for unrelated device families
Resource settings should agree with the selected device class. Review mobile, desktop, and other profile families separately.
Establish a release baseline
A release baseline turns resource consistency into an ordinary quality decision. Select a small set of authorized application tasks that use storage and memory in realistic ways. Good candidates include opening a large document, saving an offline draft, loading a media workspace, exporting a report, and completing a long-running form. The task should have a clear user outcome rather than a page that exists only to inspect the environment.
Record the profile family, BotBrowser version, application revision, worker class, policy mode, and result for each task. When profile mode is used, the expected resource identity comes from the approved profile. When host-backed behavior is used for capacity testing, label the result separately so it is not reused as a privacy baseline.
Run the baseline on every supported host class that will receive the release. The application should complete the same user flow without exposing accidental changes from the worker allocation. A task can still consume different amounts of real memory on different hosts. The approval question is whether the browser-facing policy and the application outcome remain appropriate for the selected profile.
Include lifecycle coverage. Run one task in a fresh session, another after normal profile reuse, and a third after moving the workload to another approved worker class. For multi-context deployments, create the contexts through the same production path and verify that each task begins with its assigned profile policy.
Keep the baseline stable between releases. Change the application fixture only when the product workflow changes. If the fixture, profile, browser, and server image all change together, a failed result will be difficult to attribute and the comparison will provide little operational value.
Move profiles between worker classes
Worker migration is common during maintenance, capacity rebalancing, or regional expansion. Before moving persistent profiles, confirm that the destination class is supported by the same release and that the selected policy mode remains appropriate. A profile-backed deployment should not silently switch to host-backed behavior because a new worker has more disk or memory.
Start with a canary group. Move a small set of non-sensitive test profiles, run the release baseline, and compare application outcomes with the source class. Review offline data, document handling, media tasks, and long forms when those features matter to the product. Promote the rest of the pool only after the destination class passes.
Preserve profile ownership during the move. Avoid launching the same persistent profile on the source and destination at the same time. Concurrent ownership can create application data conflicts that have nothing to do with resource policy. Stop the source worker cleanly, transfer the authorized profile material through the normal deployment channel, and then start the destination.
If the migration also changes the BotBrowser version, validate the browser update before the worker move when possible. Separating those changes gives the team a clear rollback point. Keep the source class available until the destination has completed the normal observation period.
Review resource-related incidents
When an application reports a storage or memory problem, first classify the user-visible symptom. A failed save, missing offline record, slow document, terminated tab, and rejected upload belong to different product paths. Do not assume they share one resource cause merely because they occurred on the same worker.
Reproduce the authorized task with the recorded browser, profile, image, policy mode, and application revision. Confirm that the intended profile was active before the session began. Then compare the last approved combination with the candidate by changing one component at a time. This process distinguishes a profile-policy change from an application storage issue or a host capacity problem.
Check application logs, worker health, disk pressure, memory pressure, and browser exit status. Keep these operational observations separate from the browser-facing profile decision. A worker can run out of real disk even when the profile-backed storage identity is correct. Likewise, an application can delete its own cached data while the resource policy remains unchanged.
Restore service through the lowest-risk path. Roll back the candidate image or profile when the previous combination is known to work. Do not raise limits broadly until the affected application task has been reproduced and the owner has approved the change. A broad increase can conceal a leak or move pressure to another part of the fleet.
After correction, rerun the complete baseline for the affected profile family and worker class. A change that fixes a large document may alter a long-running form or media task. Attach the final outcome to the incident and update the baseline only when the new behavior is intentional.
Keep evidence proportionate
Resource validation does not require collecting a user's browsing history. Use dedicated test accounts, synthetic documents, and approved fixtures. Store the result of the task, the deployment versions, and the reviewer decision. Remove account tokens, personal documents, and unrelated page content from long-lived evidence.
A concise release record can show one row per task with the profile family, worker class, policy mode, status, and evidence link. Note whether the task passed, required an approved baseline update, or remains blocked. This format allows privacy, application, and infrastructure owners to review the same release without mixing their responsibilities.
Apply the organization's normal retention policy. Keep enough history to explain the transition between approved releases and to support rollback. Evidence that no longer serves a release, audit, or incident purpose should expire through the same controlled process used for other quality records.
Ownership matters. Assign an application owner for the user flow, a profile owner for the intended device family, and an infrastructure owner for worker capacity. Their decisions answer different questions. Keeping those roles explicit prevents a host capacity result from being mistaken for a profile-consistency approval.
Review Long-Running Work
Include at least one task that remains active long enough to create ordinary application data, move between pages, and release temporary resources. Confirm that the task remains usable and that its final output matches the approved profile family. Record real worker pressure separately from the browser-facing policy decision.
Repeat the task after a service restart and after the normal application cleanup path. A result that succeeds only on a fresh image may indicate an operational issue with retained application data. Investigate that issue without changing the approved profile reference.
Handle Worker Replacement
When a worker is replaced, deploy the same approved browser, profile, service, and application combination before returning it to the pool. Run the short baseline first. The replacement should complete the same user flow even when its physical disk and memory allocation differ from the previous host.
Keep failed workers out of new assignments until their application data has been reviewed. A replacement event should not silently move unfinished data or reuse an unknown directory. Follow the application's established recovery and retention policy.
Define Release And Rollback Decisions
Write the acceptance rule before testing. A candidate must complete representative tasks, preserve the approved profile policy, remain within the host capacity budget, and recover cleanly after restart. Each result should identify the owner who approved it.
Rollback restores the last complete approved combination. After rollback, run the short baseline and confirm that task processing has recovered. Keep candidate evidence for review, but do not mix candidate components into the restored pool.
Frequently asked questions
Does profile mode expose the worker's disk size?
Profile mode uses the active profile for the documented storage quota value instead of using the worker as the browser identity.
Are storage quota and application data the same thing?
No. Storage quota is a profile-controlled resource value. Application databases, cache contents, and persistence behavior remain application and browser storage concerns.
When does a heap policy change take effect?
Apply the policy before creating the relevant session or context. Start a fresh runtime after changing it.
Should device memory be reviewed separately?
Review it together with storage quota and heap policy. The three values should support the same device class.
Can a deployment use real host resources?
Yes, when that is the explicit test goal. Record the mode because results may change when the workload moves to another host.
Where are the exact setup options?
Use the memory and storage documentation for configuration and lifecycle details. The profile management guide covers the broader profile workflow.
Memory and storage protection works best as a coherent profile policy. Keep storage quota, JavaScript heap limits, and device memory aligned, apply lifecycle changes before runtime creation, and test application storage as a separate functional concern.
Related Articles
Take BotBrowser from research to production
The guides cover the model first, then move into cross-platform validation, isolated contexts, and scale-ready browser deployment.