Proxy#
Use proxies for corporate networks, geo-testing, scraping infrastructure, and traffic routing through a controlled egress point.
CLI flags#
agent-browser --proxy "http://proxy.example.com:8080" open https://example.com
agent-browser --proxy "http://user:pass@proxy.example.com:8080" open https://example.com
agent-browser --proxy "http://proxy.example.com:8080" --proxy-bypass "localhost,*.internal.com" open https://example.com| Flag | Description |
|---|---|
--proxy <url> | Proxy server URL, with optional credentials |
--proxy-bypass <hosts> | Hosts that should bypass the proxy |
Environment variables#
| Variable | Description |
|---|---|
AGENT_BROWSER_PROXY | agent-browser proxy URL |
AGENT_BROWSER_PROXY_BYPASS | agent-browser proxy bypass list |
AGENT_BROWSER_PROXY_USERNAME | Proxy username when credentials are provided separately |
AGENT_BROWSER_PROXY_PASSWORD | Proxy password when credentials are provided separately |
HTTP_PROXY / HTTPS_PROXY | Standard proxy environment variables, used as fallbacks |
ALL_PROXY | SOCKS or all-traffic proxy fallback |
NO_PROXY | Standard proxy bypass fallback |
AGENT_BROWSER_PROXY takes precedence over standard proxy variables. The CLI also accepts credentials embedded in the proxy URL and separates them before passing launch options to the daemon.
SOCKS proxy#
export ALL_PROXY="socks5://proxy.example.com:1080"
agent-browser open https://example.com
export ALL_PROXY="socks5://user:pass@proxy.example.com:1080"
agent-browser open https://example.comBypass local traffic#
export AGENT_BROWSER_PROXY="http://proxy.example.com:8080"
export AGENT_BROWSER_PROXY_BYPASS="localhost,127.0.0.1,*.internal.com"
agent-browser open https://external.example.com
agent-browser open http://localhost:3000Verify routing#
agent-browser open https://httpbin.org/ip
agent-browser get text bodyThe response should show the proxy egress address, not the machine's direct network address.
Security notes#
- Prefer environment variables or secret stores for proxy credentials.
- Do not commit proxy usernames, passwords, or session URLs.
- HAR exports and network logs may include proxy-authenticated requests.