Browser DLP
Browser data loss prevention (DLP) stops sensitive data from leaving your organization through the four browser channels attackers and careless users rely on: paste, file upload, file download, and print. Enforcement happens inside the managed browser extension, so the data never has to leave the endpoint to be inspected — the platform receives only the event metadata (what kind of content, on which site, what action was taken).
Two layers make up browser DLP. Settings > Data Loss Prevention sets the global download and print posture for every managed endpoint. Security policies add targeted paste, upload, download, and print rules with conditions (which sites, which file types, which content) and per-rule actions. GenAI sites get an additional dedicated layer described in GenAI Governance.
[SCREENSHOT PLACEHOLDER: The Data Loss Prevention settings page showing the Download Policy options (Allow, Log Only, Block Risky, Block All) and the Print Policy options (Allow, Log Only, Block)]
How it works
The extension watches the four channels on managed endpoints:
- Paste — when a user pastes into a text input on a monitored site, the pasted text is analyzed locally by the sensitive-data detectors (below). If a rule matches, the paste can be blocked before it lands in the field, or allowed with a warning.
- File upload — file-picker selections and drag-and-drop files are checked against rule conditions such as file extension and file size. A blocked file is removed from the upload before the site can submit it.
- File download — downloads are checked both at the click (download links on restricted sites) and at the browser level, where the global Download Policy can cancel risky or all downloads.
- Print — the print shortcut (Ctrl+P / Cmd+P) and the page's own print function are intercepted. Under a Block print policy, printing is prevented; under Log Only, the event is recorded.
When an action is warned or blocked, the user sees a brief on-page notification explaining what happened — for example Paste Blocked, Sensitive Data Detected, Upload Blocked, Download Blocked, or Print Blocked — with either the default explanation or a custom message you set on the rule.
Sensitive-data detectors
Paste and content inspection uses a built-in detector library, evaluated locally in the browser:
| Detector | Examples |
|---|---|
| Email addresses | user@company.com |
| Social Security numbers | separator or labeled forms |
| Credit card numbers | 16-digit grouped forms |
| Phone numbers | formatted numbers with separators or parentheses |
| API keys | common provider key formats (OpenAI, AWS access keys, GitHub, GitLab, Slack) |
| JWT tokens | three-part signed tokens |
| Private keys and certificates | PEM headers |
| Secret assignments | password=..., api_key: ..., Bearer ... tokens |
| AWS secret-like tokens | 40-character secret-shaped strings (deliberately broad) |
| Connection strings | database and message-broker URLs, JDBC strings |
| Source code | heuristic scoring with adjustable sensitivity |
| Large text | configurable character threshold |
| Custom patterns | your own plain-text or regular-expression patterns |
Detectors are tuned to minimize false positives (for example, a bare 10-digit number is not treated as a phone number, and 40-character lowercase hashes are not treated as AWS secrets).
Which control lives where
| Channel | Global setting (Settings > Data Loss Prevention) | Targeted policy rule | GenAI-specific layer |
|---|---|---|---|
| Paste | — | Paste Sensitive Data, Paste Large Text, Paste Code | Content Restrictions detectors and custom patterns |
| File upload | — | Upload file with extension/size conditions | Upload size, blocked extensions, sensitive-content scanning |
| File download | Download Policy (all sites) | Download File on matched sites | Block all file downloads from GenAI sites |
| Print Policy (all sites) | Print Page on matched sites | — |
Where layers overlap, the stricter outcome wins — an explicit block from any layer is enforced.
Using the page: Settings > Data Loss Prevention
Open Settings and choose Data Loss Prevention. These settings apply globally to all managed browser extensions.
Download Policy
| Option | Behavior |
|---|---|
| Allow | No restrictions on file downloads |
| Log Only | Monitor and log all downloads without blocking |
| Block Risky | Block potentially dangerous file types (.exe, .bat, .ps1, .js, etc.) |
| Block All | Block all file downloads |
Block Risky targets executable and scriptable formats — Windows executables and installers, script files, shared libraries, and package/installer formats across Windows, macOS, and Linux. Ordinary documents and media are unaffected.
Print Policy
| Option | Behavior |
|---|---|
| Allow | No restrictions on printing |
| Log Only | Monitor and log all print events without blocking |
| Block | Block all printing (Ctrl+P and window.print) |
Click Save Changes to apply. Saving requires you to re-enter your password. Settings sync to extensions via policy updates.
[SCREENSHOT PLACEHOLDER: An endpoint browser showing the on-page "Download Blocked" notification after a user attempts to download an executable under the Block Risky policy]
Targeted rules via security policies
For anything more surgical than the global toggles, add DLP rules to your security policies (see Policies). A policy rule can trigger on these user actions:
- Paste Sensitive Data — any of the sensitive-data detectors matched the pasted text (you can restrict to specific data types).
- Paste Large Text — the paste exceeded a character-count condition.
- Paste Code — the code heuristic matched.
- Upload file — optionally conditioned on file extension and file size.
- Download File and Print Page — on sites matched by the rule.
Conditions can also scope rules by site domain, URL path, and custom content patterns (plain text or regular expressions), combined with and/or logic. Each rule carries its own action — record only, warn, or block — and an optional custom message shown to the user. Because rules are scoped, you can, for example, block pasting API keys everywhere except your own issue tracker, or block printing only on your HR system.
[SCREENSHOT PLACEHOLDER: The policy rule editor with a User Action condition of "Paste Sensitive Data" and a Block action configured for a specific site domain]
Actions and how violations surface
Every DLP rule resolves to one of three outcomes:
| Action | User experience | Recorded |
|---|---|---|
| Log (monitor) | Nothing — the action proceeds silently | Yes, as a logged event |
| Warn | On-page warning notification; the action proceeds | Yes, as a warned event |
| Block | The paste/upload/download/print is prevented, with a notification | Yes, as a blocked event |
All events feed your analytics and dashboards. Warned and blocked events additionally create a DLP violation alert in your alert queue, with a description of what happened (for example, "paste of api_key blocked on <site>" or "file upload warned on <site>") and a severity you can adjust per alert type. Alerts follow your normal triage workflow — acknowledge, investigate, resolve — and are forwarded to your SIEM like any other alert. See Alerts.
Logged (monitor-only) events do not raise alerts; they exist so you can measure a control before enforcing it.
The policy auto-tuner analyzes your DLP event history and can propose rule and threshold changes — for example, relaxing a detector that generates constant false positives on one internal site. Proposals always require human review and approval; the tuner never enforces a change on its own. See Policy Auto-Tuner.
Worked example: stopping secrets from leaving via paste
An engineering organization wants to stop credentials being pasted into external web tools without disrupting normal work.
- Baseline. Create a policy rule: user action Paste Sensitive Data, restricted to the API-key and secret-assignment data types, action set to log only. Run it for two weeks.
- Review. The AI Usage dashboard and alert analytics show most detections happen on a partner support portal (legitimate, keys are test-only) and a handful on paste-sharing sites (not legitimate).
- Enforce. Change the rule's action to Block, and add a site-domain condition that excludes the partner portal. Add a custom message: "Pasting credentials into external sites is blocked. Use the secrets vault to share keys."
- Operate. A developer pastes a live key into a public paste site; the paste is blocked, the on-page notification explains why, and a DLP violation alert appears in the triage queue with the site and data type — no key ever left the browser.
- Tune. A month later, the auto-tuner proposes narrowing one detector that flagged a false positive pattern on an internal wiki. You review and approve the proposal.
Troubleshooting
A blocked download still appeared in the user's download bar. Blocked downloads are canceled as they start; a canceled entry may briefly appear before it is removed. Verify the file itself did not complete.
Print blocking does not stop screenshots or photos of the screen. Correct — print controls govern the browser print pipeline (shortcut and page print calls). They are one layer of a defense-in-depth posture, not a screen-capture control.
Users report a paste was blocked that should not have been. Check which rule fired (the alert names the content type and rule). Narrow the rule's data types, add a site exclusion, or lower the code-detection sensitivity. Recurring false positives are exactly what the policy auto-tuner is designed to surface.
I set Block Risky but a user downloaded a macro-enabled document. Block Risky targets executable and scriptable file types. Documents — including macro-enabled ones — are not in that set; use Block All or a targeted Download File policy rule for stricter postures.
Where do the GenAI-specific paste and upload controls live? On the GenAI settings page, which layers AI-site-specific enforcement (approved sites, per-category PII scanning, upload size and extension rules) on top of the global DLP described here. See GenAI Governance.
How quickly do saved changes take effect? DLP settings sync to extensions with policy updates, so allow up to one policy sync interval (60 minutes by default) or an extension restart before expecting the new behavior on endpoints.