Domain and Category Policy
BusinessProxy enforces domain, category and allow/deny policy before browser traffic leaves through an approved egress region. The browser-proxy path does not decrypt HTTPS content or read page bodies. The category list is a local, versioned baseline today.
On the browser-proxy path the gateway decides using domain/host metadata, a local versioned category list and your workspace allow/deny rules — applied before traffic leaves through the approved egress region.
On the browser-proxy path BusinessProxy does not decrypt HTTPS page content, inspect the page DOM, parse private form fields, read files inside encrypted sessions, or provide DLP classification. If a page is allowed by domain/category policy, its encrypted content stays encrypted through the proxy path.
The MVP category source is a local, versioned feed — a deliberate operating model that keeps policy decisions reproducible and reviewable. External threat-intelligence feed integration is planned, not part of the default baseline until it is explicitly loaded and verified.
FAQ
Not on the browser-proxy path. BusinessProxy enforces browser policy using domains, network metadata, category decisions and allow/deny rules. It does not decrypt HTTPS page content, read the page DOM, or inspect form fields on that path.
Filtering is domain/category based. The gateway applies a versioned category list and your allow/deny rules before traffic leaves through the approved egress region. This is not content/DLP inspection and should not be described as reading the page.
The MVP uses a local, versioned category feed plus operational allow/deny rules. External threat-intelligence feed integration is planned, not part of the default baseline until it is explicitly loaded and verified.