Proxy Types
Kernel supports four types of proxies:- Datacenter - Traffic routed through commercial data centers
- ISP - Traffic routed through data centers, using residential IP addresses leased from from internet service providers
- Residential - Traffic routed through real residential IP addresses
- Custom - Your own proxy servers
Datacenter and ISP proxies provide a stable exit IP within a single browser session — the IP does not rotate mid-session. Across separate sessions, however, Kernel does not guarantee the same exit IP. If you need a truly static IP that persists across every session (for example, an IP allowlist or a managed auth connection whose health checks must egress from a single IP), use a custom (BYO) proxy pointed at infrastructure you control.Residential proxies use rotating exit IPs that may change per connection — see Residential Proxies for details.
Create a proxy
Create a proxy configuration from the types above that can be reused across browser sessions:List your proxies
View all proxy configurations in your organization:Use with browsers
Once created, you can attach a proxy to any browser session using theproxy_id parameter:
Bypass hosts
Configure specific hostnames to bypass the proxy and connect directly. This is useful for accessing internal services, metadata endpoints, or reducing latency for trusted domains.Bypass host rules
- Exact hostnames:
example.com,api.service.local - Wildcard subdomains:
*.example.commatchesapi.example.com,cdn.example.com, etc. - Maximum 100 entries per proxy
- Maximum 253 characters per hostname
- Hostnames are case-insensitive and automatically normalized
- Ports, paths, and URL schemes are not allowed
- IP addresses are not supported—use hostnames only
Bypass hosts is available on Start-Up and Enterprise plans.
Update a browser’s proxy
You can hot-swap the proxy on a running browser session without restarting it. This updates the proxy configuration immediately — all subsequent network requests from the browser will use the new proxy.If you swap the proxy on a browser acquired from a pool, the browser will be reset back to the pool’s default proxy configuration when it is released. Releasing the browser will be delayed by the swap duration (~2-3 seconds) while the proxy is restored to the pool default.
Bring your own proxy
Attach a customproxy_id to any browser — stealth or non-stealth — and Kernel’s anti-detection config still applies. For full anti-detection without the managed proxy or CAPTCHA solver, launch a non-stealth browser with your own proxy_id:
Disable default proxy on stealth browsers
Stealth browsers are automatically assigned a proxy. To disable this on a running stealth browser and route traffic directly, setdisable_default_proxy to true:
disable_default_proxy can only be used with stealth browsers and cannot be combined with proxy_id.Delete a proxy
When no longer needed, delete the proxy configuration:Deleting a proxy immediately reconfigures associated browsers to route directly to the internet.