# Security And Boundaries

By default, `agent-browser` imposes no navigation, action, or output restrictions.

## Content Boundaries

Wrap page-sourced output so agents can distinguish untrusted page content:

```bash
export AGENT_BROWSER_CONTENT_BOUNDARIES=1
agent-browser snapshot
```

## Domain Allowlist

Restrict navigation and subresource connections:

```bash
export AGENT_BROWSER_ALLOWED_DOMAINS="example.com,*.example.com"
agent-browser open https://example.com
```

Include CDN domains the page needs.

## Action Policy

```bash
export AGENT_BROWSER_ACTION_POLICY=./policy.json
```

Example policy:

```json
{"default":"deny","allow":["navigate","snapshot","click","scroll","wait","get"]}
```

Auth vault operations bypass action policy, but domain allowlist still applies.

## Output Limits

```bash
export AGENT_BROWSER_MAX_OUTPUT=50000
```