Product documentation
Citrix Virtual Apps and Desktops
Service Current Release 2407 2402 LTSR 2311 2308 2305 2303 2212 2209 2206 2203 LTSR 1912 LTSR
View PDF

Browser content redirection policy settings

February 10, 2025
Contributed by: 
C

Browser Content Redirection (BCR) enhances the user experience of web browsing within Citrix Virtual Apps and Desktops environments. By offloading the rendering of web pages to the user’s local machine, BCR reduces server load and improves performance, especially for complex or resource-intensive websites. This documentation details each of the policy setting option available for Browser Content Redirection

Browser content redirection

This setting acts as the main on/off switch for Browser Content Redirection.

  • What it does: Determines whether web pages are rendered on the server or your local device. When enabled, Citrix Workspace app tries to fetch and display web content on your device for a smoother experience. If that fails, it falls back to rendering on the server.
  • Options:
    • Allowed: (Default) Enables Browser Content Redirection.
    • Prohibited: Disables Browser Content Redirection.
  • Things to note: If allowed, Citrix Workspace app attempts client fetch and client render. If client fetch and client render fails, Browser content redirection will fall back to server side rendering. To enable server fetch and client render, enable the “Browser Content Redirection Proxy Configuration” setting.

Browser content redirection ACL configuration

This setting lets you create a list of websites (URLs) that are allowed or not allowed from using Browser Content Redirection.

  • What it does: Gives you fine-grained control over which websites are optimized with Browser Content Redirection. You can specify entire websites or specific pages.
  • How it works:
    • Allowed URLs: Websites on this list will have their content displayed on your device. You can use wildcards () to include multiple pages or subdomains (e.g., https://www.example.com/ or http://*.example.com/). Wild cards are not permitted within the protocol of the URL.
  • Default: https://www.youtube.com/*
  • Example:

Browser content redirection block list configuration

This setting works in conjunction with the “Browser Content Redirection ACL Configuration” setting.

  • What it does: Provides an extra layer of control by letting you block specific websites or pages, even if they are allowed in the ACL configuration. The block list takes priority.
  • How it works: You specify websites or pages that you don’t want to be redirected to your device, even if they are generally allowed by the ACL configuration.
  • Default: No URL is configured
  • Wildcards: Similar to the ACL configuration, you can use wildcards (*) to block multiple pages or subdomains.
  • Example: To block only the index.html page on a website, you would enter: https://www.example.com/sports/index.html

Browser content redirection authentication sites

This setting lets you manage how Browser Content Redirection works with websites that use external identity providers (IdPs) for logins.

  • What it does: Ensures that Browser Content Redirection stays active even when you’re redirected to a different website for authentication (like when a website uses Okta or another service for login).
  • How it works: You add the URLs of the authentication websites to this list so that the redirection process isn’t interrupted during login.
  • Default: No URL is configured
  • Example: If www.example.com uses www.example.okta.com for authentication, you would add www.example.com/ to the Browser content redirection ACL configuration and the authentication websites www.example.okta.com to the Browser content redirection authentication sites
  • More info: See Citrix Knowledge Center article CTX238236 and Multimedia section in Browser Content Redirection for detailed information.

Browser content redirection proxy configuration

This setting gives you more control over how Browser Content Redirection uses your network’s proxy server as well as facilitate server fetch client render in case your environment doesn’t allow for client fetch client render.

  • What it does: Forces Citrix Workspace app to use a server fetch method for fetching web content. When enabled, it always tries to fetch content from the server and display it on your device.
  • Options:
    • Explicit Proxy: Use a specific proxy server. You’ll need to provide the proxy server’s address and port number (e.g., http://proxy.example.com:80)
      • Allowed patterns:
      • http://<hostname/ip address>: Example: http://proxy.example.citrix.com:80 http://10.10.10.10:8080
    • PAC/WPAD: Use a PAC file or WPAD to automatically determine proxy settings. You’ll need to provide the URL of the PAC file (e.g., http://wpad.myproxy.com:30/configuration/pac/Proxy.pac).
      • Allowed patterns for PAC/WPAD files:
      • http://<hostname/ip address>://.pac Example: http://wpad.myproxy.com:30/configuration/pac/Proxy.pac
      • https://<hostname/ip address>:// Example: http://10.10.10.10/configuration/pac/wpad.dat
    • Direct/Transparent: Do not use a proxy server, or use a transparent proxy.
      • Configure the key word “DIRECT”
      • The keyword is case sensitive
  • Default: Prohibited (disabled)

Browser content redirection Integrated Windows authentication support

This setting simplifies logins to websites that use Integrated Windows Authentication (IWA).

  • What it does: Allows Browser Content Redirection to use your existing Windows credentials to log in to websites automatically. This means you won’t have to enter your username and password repeatedly.
  • Options:
    • Allowed: Enables single sign-on (SSO) for websites using IWA.
    • Prohibited: (Default) Disables SSO, requiring you to enter your credentials each time.

Browser content redirection server fetch proxy auth

This setting controls how Browser Content Redirection interacts with your web proxy when fetching content from the server.

  • What it does: Allows Browser Content Redirection to use your Windows credentials to authenticate with the proxy server, ensuring secure access to web content.
  • How it works: When enabled, Browser Content Redirection will automatically obtain and use a Kerberos service ticket to authenticate with the proxy.
  • Requirements: You need to configure your PAC file to route traffic through a downstream web proxy and set up the proxy to use Kerberos authentication.
  • Options:
    • Allowed: Enables Kerberos authentication with the proxy server.
    • Prohibited: (Default) Browser Content Redirection will use basic authentication or other available credentials to authenticate with the proxy.
Browser content redirection policy settings
February 10, 2025
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999-2025 Cloud Software Group, Inc. All rights reserved.