#Openclaw browser tool says "browser endpoint blocked by policy"

1 messages · Page 1 of 1 (latest)

kindred gyro
#

Openclaw browser tool says ""browser endpoint blocked by policy" when going to some url. Do you know what that means? Do I need to allow something in the config? It used to work at least with 2026.4.23.

gritty pumiceBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

analog hamletBOT
#

First: can you paste openclaw --version? Version matters here.

That error specifically means the browser’s control endpoint/CDP endpoint was blocked by the browser SSRF policy — not necessarily the website URL itself. It usually hits when your browser profile uses cdpUrl pointing at localhost, 127.0.0.1, LAN/Tailscale/private IP, .local, etc.

Check with:

openclaw browser --browser-profile <profile> start
openclaw browser --browser-profile <profile> tabs
openclaw browser --browser-profile <profile> open https://example.com

If start/tabs fail with browser endpoint blocked by policy, allow the CDP host in ~/.openclaw/openclaw.json, e.g.:

{
# 
  browser: {
    ssrfPolicy: {
      allowedHostnames: ["localhost", "127.0.0.1"],
      hostnameAllowlist: ["localhost", "127.0.0.1"]
    }
  }
}

If you’re intentionally using a private-network browser/CDP target, the broader break-glass option is:

{
  browser: {
    ssrfPolicy: {