Product Documentation

Browser content redirection policy settings

Jan 04, 2018

The Browser content redirection section contains policy settings to configure this feature.

Browser content redirection controls and optimizes the way XenApp and XenDesktop deliver any web browser content (for example, HTML5) to users. Only the visible area of the browser where content is displayed is redirected. 

HTML5 video redirection and browser content redirection are independent features. The HTML5 video redirection policies are not needed for this feature to work, but the Citrix HDX HTML5 Video Redirection Service is used for browser content redirection.

For more information, see Browser content redirection.

TLS and browser content redirection

You can use browser content redirection to redirect HTTPS websites. The JavaScript injected into those websites must establish a TLS connection to the Citrix HDX HTML5 Video Redirection Service (WebSocketService.exe) running on the VDA. To achieve this redirection and maintain the TLS integrity of the webpage, two custom certificates are generated by the Citrix HDX HTML5 Video Redirection Service in the certificate store on the VDA.

HdxVideo.js uses Secure Websockets to communicate with WebSocketService.exe running on the VDA. This process runs on the Local System, and performs SSL termination and user session mapping.

WebSocketService.exe is listening on port 9001.


Editing the registry incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Browser content redirection

By default, Citrix Receiver tries client fetch and client render. If client fetch client and render fails, server-side rendering is tried. If you also enable the browser content redirection proxy configuration policy, Citrix Receiver tries only server fetch and client render.

By default, this setting is Allowed.

Registry override options for policy settings (registry path varies depending on VDA architecture):


Name: WebBrowserRedirection
1 = Browser content redirection is Allowed.
0 = Browser content redirection is Prohibited.

Browser content redirection Access Control List (ACL) policy settings

Use this setting to configure an Access Control List (ACL) of URLs that can use browser content redirection.

Authorized URLs are the whitelisted URLs whose content is redirected to the client. The wildcard * is permitted, but is not permitted within the protocol or the domain address part of the URL. For example,,*,*videos* are allowed, but http://* is not allowed.

You can achieve better granularity by specifying paths in the URL. For example, In this case, only the index.html page is redirected.

By default, this setting is set to*

Registry override options for policy settings (registry path varies depending on VDA architecture):


Name: WebBrowserRedirectionACL

Browser content redirection proxy setting

This setting provides configuration options for proxy settings on the VDA for browser content redirection.
If enabled with a valid proxy address and port number, Citrix Receiver tries only server fetch and client rendering.
If disabled or not configured and using a default value, Citrix Receiver tries client fetch and client rendering.

By default, this setting is Prohibited.

Registry override options for policy settings (registry path varies depending on VDA architecture):


Name: WebBrowserRedirectionProxyAddress
Type: REG_SZ

Allowed pattern: http://<hostname/ip address>:<port>

HDXVideo.js insertion for browser content redirection

localized image

HdxVideo.js is injected on the webpage by using the Internet Explorer Browser Helper Object (BHO). The BHO is a plug-in model for Internet Explorer. It provides hooks for browser APIs and allows the plug-in to access the Document Object Model (DOM) of the page to control navigation.

The BHO decides whether to inject HdxVideo.js on a given page. The decision is based on the administrative policies as shown in the flow chart above.

After it's decided to inject the JavaScript and redirect browser content to the client, the webpage on the Internet Explorer browser on the VDA is blanked out. This is done by setting the document.body.innerHTML to empty, which removes the entire body of the webpage on the VDA. The page is ready to be sent to the client to be displayed on the overlay browser (Hdxbrowser.exe) on the client.