What is Site Isolation?
A browser security feature that runs each website in its own process, preventing malicious sites from accessing data from other open sites.
Site isolation protects against Spectre-class attacks and cross-site data leaks by giving each site its own process.
How It Works
- Each site (defined by scheme + eTLD+1) gets its own renderer process
- Cross-site iframes are also isolated in separate processes
- Process boundaries prevent Spectre-style memory reads between sites
- CORB (Cross-Origin Read Blocking) prevents sensitive data leaks
Browser Support
- Chrome: Strict site isolation enabled by default since Chrome 67
- Firefox: Project Fission provides site isolation
- Brave: Inherits Chrome's site isolation
Privacy Connection
Site isolation complements first-party isolation. While first-party isolation separates storage (cookies, cache), site isolation separates memory and processing. Together they provide strong cross-site protection.
Related Terms
Browser Isolation
A security technique that runs web browsing in an isolated environment, preventing malicious websites from accessing your device or local network.
Content Security Policy (CSP)
An HTTP security header that tells the browser which sources of content are allowed to load on a page, preventing cross-site scripting and data injection attacks.
First-Party Isolation
A browser feature that separates website data (cookies, cache, storage) so that one website cannot access data set by another.
Have more questions?
Use our guided flow to get the right next privacy step for Site Isolation.
Open Guided Flow