- Secure Browser Standard Service
In this article:
The Citrix Secure Browser Standard Service (called Secure Browser Service throughout this article) is delivered within Citrix Cloud. This service protects the corporate network from browser based attacks by isolating web browsing. It delivers consistent, secure remote access to internet hosted web applications, with no need for user device configuration. Administrators can rapidly roll out secure browsers, providing instant time-to-value. By isolating internet browsing, IT administrators can offer end users safe internet access without compromising enterprise security.
Users log on with Citrix Receiver and can open web apps in the configured web browser. The website does not directly transfer any browsing data to or from the user device, so the experience is secure.
The Secure Browser Service can publish secure browsers for use with:
The service also offers:
1. Sign in to Citrix Cloud. (If you don't have an account, see Sign up for Citrix Cloud.)
2. In the Secure Browser Service tile, click Request Trial.
3. In a few moments, you'll receive an email (the email associated with your Citrix Cloud account). Click the Sign in link in the email.
4. After you're in Citrix Cloud again, click Manage on the Secure Browser Service tile.
5. On the Welcome to Secure Browser page, click Let's Get Started. You'll be guided to publish your first secure browser.
For information about purchasing the Secure Browser Service, click How to Buy on the Citrix Cloud home page.
1. If you're not already in Citrix Cloud, sign in. In the Secure Browser Service tile, click Manage.
2. On the Manage tab, click + Publish a Secure Browser.
3. Select the type of secure browser to publish: external unauthenticated (default) or external authenticated. Then click Continue.
4. Enter the name and start URL. Select the region and then click Publish.
When the publishing completes, the Manage tab lists the browser you published.
5. Use the Citrix Cloud Library to add subscribers (users) to the secure browser you created. Click the right arrow at the end of the row to expand a details pane containing a link to the Library.
6. When you click that link, you are guided to the Library display containing your secure browser. Click the ellipsis on the tile containing the secure browser and click Manage Subscribers. For information about adding subscribers, see Assigning users and groups to service offerings using Library.
For details, see CTX230272 and the StoreFront configuration documentation.
If you select a menu entry, and then decide not to change anything, cancel the selection by clicking the X outside the dialog box.
When you're done, click OK.
Enter whitelist entries in the form hostname:port number. Specify each entry on a new line. Asterisks are supported as wildcards. Browser requests must match at least one entry in the whitelist.
For example, to set http://example.com as a whitelisted URL:
example.com:* allows connection to this URL from any port.
example.com:80 allows connection to this URL only from port 80.
*:* allows access to this URL from any port and from any links to other URLs and ports. The *.* format allows access to all external web apps from the published app. This format is the default setting for the external web apps URL whitelist field.
When you're done, click OK.
To create a spreadsheet containing usage details, click Export to CSV and select a timeframe.
The Citrix Secure Browser Service consists of web browsers running on Virtual Delivery Agents (VDAs) along with the management console used to manage and connect users to these VDAs. Citrix Cloud manages the operation of these components, including the security and patching of operating systems, web browsers, and Citrix components.
While using Secure Browser Service, hosted web browsers may track user’s browsing history and perform caching of HTTP requests. Citrix uses mandatory profiles and ensures that this data is deleted when the browsing session ends.
Secure Browser Service is accessed with an HTML5-compatible web browser. The service does not provide any downloadable clients. All traffic between the browser being used and cloud service is encrypted using industry-standard TLS encryption. Secure Browser supports TLS 1.0, 1.1, and 1.2.
Secure Browser is used to deliver web applications owned by the customer or a third party. The owner of the web application is responsible for its security, including patching the web server and application against vulnerabilities.
Security of the traffic between Secure Browser and the web application depends on the encryption settings of the web server. To protect this traffic as it flows over the Internet, administrators should publish HTTPS URLs.
See the following resources for additional security information: