What Is DOM Reconstruction Browser Isolation?
DOM reconstruction browser isolation is a remote browser isolation (RBI) technique that renders web pages on a remote server, analyzes and sanitizes the resulting DOM (Document Object Model), strips out potentially dangerous elements, and then reconstructs a safe version of the page for the user’s local browser to render natively. It’s the middle ground between the extreme security of pixel pushing and the minimal intervention of network-layer filtering — offering strong protection while preserving a near-native browsing experience.
In 2026, DOM reconstruction has emerged as one of the most widely deployed browser isolation architectures in enterprise environments. Organizations favor it because it delivers meaningful threat protection without the bandwidth overhead, latency penalties, and user frustration that pure pixel-streaming approaches impose. But DOM reconstruction introduces its own complexities — particularly around JavaScript handling, sanitization completeness, and the ongoing cat-and-mouse game between attackers and isolation vendors.
This guide provides a comprehensive technical deep-dive into DOM reconstruction browser isolation — from the architecture and sanitization pipeline to its strengths, weaknesses, vendor landscape, and how modern cloud browser platforms like Send.win are evolving beyond traditional isolation approaches.
How DOM Reconstruction Architecture Works
The Rendering and Sanitization Pipeline
DOM reconstruction isolation follows a multi-stage pipeline that balances security with usability. Understanding each stage is essential for security architects evaluating this approach:
- Request Interception: The user’s browser request is intercepted by the isolation platform — typically via a proxy, browser extension, or DNS redirect — and forwarded to a remote rendering server.
- Remote Page Loading: A headless or full browser instance on the remote server fetches and fully renders the requested page, executing all HTML, CSS, JavaScript, and any other embedded content.
- DOM Capture: Once the page is fully rendered (including dynamic JavaScript-generated content), the complete DOM tree is captured as a structured representation of the page.
- Sanitization Engine: The captured DOM passes through a sanitization engine that analyzes every element, attribute, and script. Potentially dangerous components are identified and removed or neutralized.
- DOM Reconstruction: A clean, sanitized version of the DOM is reconstructed — preserving the visual layout, text content, images, and interactive elements while stripping anything that could carry a threat.
- Safe Delivery: The sanitized DOM is delivered to the user’s local browser, which renders it natively. The user sees and interacts with a page that looks and feels like the original but contains no malicious code.
- Interaction Proxying: User interactions that require server-side processing (form submissions, dynamic content updates) are proxied back through the remote server for sanitization before results are delivered.
What Gets Sanitized
The sanitization engine is the heart of DOM reconstruction. Its job is to identify and neutralize every possible attack vector within the DOM while preserving the page’s visual appearance and core functionality. Here’s what a typical sanitization engine processes:
| DOM Element | Risk Level | Sanitization Action |
|---|---|---|
| Inline JavaScript (<script>) | Critical | Removed entirely or replaced with safe proxy |
| Event handlers (onclick, onload) | High | Stripped or redirected through sanitization proxy |
| External script references | Critical | Blocked or executed only on remote server |
| Iframes | High | Recursively isolated and sanitized |
| CSS (including expressions) | Medium | CSS expressions removed; standard CSS preserved |
| Images | Low-Medium | Re-encoded to strip metadata and potential exploits |
| Forms and inputs | Medium | Action URLs rewritten to proxy through isolation layer |
| Links (<a> tags) | Low | URLs rewritten to route through isolation proxy |
| Embedded objects (Flash, Java) | Critical | Completely blocked |
| WebAssembly modules | High | Blocked or executed only on remote server |
| SVG with embedded scripts | High | Script content stripped; visual SVG preserved |
| Meta refresh/redirects | Medium | Intercepted and re-routed through isolation |
JavaScript Handling: The Core Challenge
JavaScript handling is arguably the most complex aspect of DOM reconstruction. Modern websites are overwhelmingly JavaScript-driven — from React and Angular single-page applications to simple interactive elements. The sanitization engine must make nuanced decisions about how to handle JavaScript:
- Full execution on remote server: All JavaScript runs on the remote server, and only the resulting DOM changes are captured and sent to the user. This is the most secure approach but requires the remote server to maintain state and process all dynamic interactions.
- Selective script allowlisting: Known-safe scripts (from trusted CDNs, major libraries) may be allowed to run locally while unknown scripts are blocked or proxied. This improves performance but increases attack surface.
- Script rewriting: Some implementations rewrite JavaScript to execute in a sandboxed context on the local browser, intercepting dangerous API calls (document.cookie, XMLHttpRequest, eval) while allowing benign UI interactions. This is technically complex and introduces potential bypass vectors.
- Deferred execution: JavaScript is executed on the remote server during initial page load, but subsequent interactions trigger selective re-execution and DOM updates, reducing the amount of script processing needed.
To understand how this compares to the alternative of streaming raw visual output instead, check out our deep-dive on pixel pushing browser isolation.
Advantages of DOM Reconstruction Browser Isolation
Lower Bandwidth Than Pixel Pushing
One of DOM reconstruction’s biggest advantages over pixel pushing is dramatically lower bandwidth consumption. Instead of streaming a continuous video feed of the browser session, DOM reconstruction transmits structured data — HTML elements, CSS styles, and sanitized content — that is far more compact. A page that requires 10-20 Mbps as a pixel stream might only need 1-3 Mbps as a reconstructed DOM.
This bandwidth efficiency makes DOM reconstruction viable for organizations with distributed workforces, remote employees on variable-quality internet connections, and deployments in regions with limited bandwidth infrastructure.
Native Browser Feel
Because the sanitized DOM is rendered by the user’s local browser, the browsing experience feels natural. Text is rendered with native font smoothing. Scrolling is smooth and responsive. UI interactions (hovering, clicking, typing) respond immediately because many of them are handled locally. There are no video compression artifacts, no pixel blur, and no encoding latency on visual updates.
This native feel is critical for user adoption. Security controls that significantly degrade the user experience tend to get circumvented — users find workarounds, disable protections, or complain until IT makes exceptions. DOM reconstruction avoids this problem by being largely invisible to the end user.
Better Accessibility Support
Because the local browser receives actual DOM elements rather than a video stream, assistive technologies work normally. Screen readers can parse the DOM tree. Keyboard navigation follows standard tab orders. High-contrast modes and browser zoom work as expected. This is a significant advantage over pixel pushing, where accessibility is fundamentally broken.
Search and Text Selection
Users can select, copy, and search text within pages normally because the text exists as actual DOM text nodes rather than pixels in a video frame. Browser find (Ctrl+F) works natively. This seems like a small detail but is enormously important for knowledge workers who spend their days reading, researching, and extracting information from web pages.
Reduced Server-Side Cost
DOM reconstruction requires significantly less server-side compute than pixel pushing. There’s no GPU-intensive video encoding, no high-bandwidth stream delivery, and the sanitized DOM data is much smaller to transmit. This translates to lower infrastructure costs per user per session, making DOM reconstruction more economically viable for large-scale enterprise deployments.
Disadvantages and Risks of DOM Reconstruction
Potential Sanitization Bypasses
The fundamental risk of DOM reconstruction is that the sanitization engine might miss something. Web standards are vast and constantly evolving. New HTML elements, CSS features, JavaScript APIs, and browser-specific quirks create an ever-expanding attack surface that the sanitization engine must cover. A single missed vector could allow malicious code to reach the user’s browser.
Historical examples of sanitization bypasses include:
- SVG-based script injection: SVG files can contain embedded JavaScript that some sanitizers failed to detect
- CSS expression attacks: Older versions of Internet Explorer supported JavaScript within CSS expressions
- HTML smuggling: Techniques that construct malicious payloads from seemingly innocuous HTML fragments
- Mutation XSS (mXSS): Exploiting differences between how the sanitizer and the browser parse HTML to inject scripts that appear safe during sanitization but become active after browser parsing
- DOM clobbering: Using HTML elements to overwrite built-in browser DOM properties, potentially enabling script execution
- Polyglot attacks: Files that are valid in multiple formats, potentially bypassing format-specific sanitization checks
How Send.win Helps You Master Dom Reconstruction Browser Isolation
Send.win makes Dom Reconstruction Browser Isolation simple and secure with powerful browser isolation technology:
- Browser Isolation – Every tab runs in a sandboxed environment
- Cloud Sync – Access your sessions from any device
- Multi-Account Management – Manage unlimited accounts safely
- No Installation Required – Works instantly in your browser
- Affordable Pricing – Enterprise features without enterprise costs
Try Send.win Free – No Credit Card Required
Experience the power of browser isolation with our free demo:
- Instant Access – Start testing in seconds
- Full Features – Try all capabilities
- Secure – Bank-level encryption
- Cross-Platform – Works on desktop, mobile, tablet
- 14-Day Money-Back Guarantee
Ready to upgrade? View pricing plans starting at just $9/month.
Complex Implementation
Building and maintaining a DOM reconstruction engine is extraordinarily complex. The engine must:
- Fully understand and correctly parse all HTML5 elements and attributes
- Handle CSS3+ including custom properties, animations, and layout modes
- Process JavaScript execution results without losing dynamic content
- Maintain visual fidelity across different page layouts and responsive designs
- Handle edge cases in browser-specific rendering differences
- Keep up with new web standards and browser features as they’re introduced
- Process iframes recursively, including cross-origin iframes
- Preserve form state, scroll positions, and interactive widget state
This complexity means that DOM reconstruction solutions require continuous engineering investment to stay current with evolving web standards. A sanitization engine that was comprehensive six months ago may have gaps today due to new browser features or attack techniques.
JavaScript-Heavy Site Challenges
Modern single-page applications (SPAs) built with frameworks like React, Angular, Vue, or Svelte present particular challenges for DOM reconstruction. These applications often:
- Generate their entire DOM dynamically through JavaScript
- Use virtual DOMs that differ from the actual rendered DOM
- Rely on continuous JavaScript execution for state management
- Implement custom routing that doesn’t generate traditional page loads
- Use WebSocket connections for real-time data updates
For a sanitization engine to handle these applications, it must essentially maintain a running JavaScript environment on the remote server that mirrors the application’s state, capturing and sanitizing DOM updates in real time. This significantly increases server-side complexity and resource requirements, partially negating the cost advantage over pixel pushing.
Incomplete Visual Fidelity
While DOM reconstruction preserves most visual aspects of web pages, the sanitization process can sometimes alter page appearance or break functionality:
- Custom fonts: Font loading through JavaScript or complex CSS may be disrupted by sanitization
- CSS-in-JS: Styled components and CSS-in-JS libraries generate styles dynamically through JavaScript, which may not survive sanitization intact
- Canvas elements: HTML5 Canvas content is drawn programmatically through JavaScript and may need to be rendered on the remote server and delivered as an image
- WebGL content: 3D graphics rendered through WebGL cannot easily be reconstructed and typically require pixel-pushing fallback
- Web animations API: Complex animations may not replicate correctly through DOM reconstruction
For a broader perspective on how isolation compares to endpoint-level containment approaches, our guide on browser isolation vs sandboxing provides useful context.
DOM Reconstruction vs Pixel Pushing vs Network-Layer: Full Comparison
Choosing the right isolation architecture depends on your organization’s specific security requirements, user experience expectations, infrastructure capabilities, and budget. Here’s a detailed comparison across every dimension that matters:
| Dimension | DOM Reconstruction | Pixel Pushing | Network-Layer |
|---|---|---|---|
| How it works | Sanitizes and rebuilds DOM | Streams rendered pixels as video | Filters network traffic |
| Local code execution | Sanitized HTML/CSS only | None (video stream only) | Full (all web code runs locally) |
| Security guarantee | High (depends on sanitizer quality) | Highest (physical air gap) | Moderate (filtering only) |
| Bandwidth usage | 1-5 Mbps | 5-20 Mbps | 1-3 Mbps |
| Interaction latency | Low (20-50ms added) | High (50-200ms added) | Negligible |
| User experience | Near-native | Degraded | Native |
| Text select/search | Full support | Not supported | Full support |
| Accessibility | Good | Poor | Full |
| SPA compatibility | Challenging | Full (renders everything) | Full |
| Zero-day protection | Good (if sanitizer is complete) | Excellent (air gap) | Limited |
| Bypass risk | Moderate (sanitization gaps) | Very low | High (no code isolation) |
| Infrastructure cost | Moderate ($5-12/user/mo) | High ($8-15/user/mo) | Low ($2-8/user/mo) |
| Implementation complexity | Very high | High | Moderate |
Leading DOM Reconstruction Vendors in 2026
Menlo Security
Menlo Security is the most prominent vendor associated with DOM reconstruction, having pioneered the approach with their Isolation Core technology. Their platform processes every web session through a cloud-based isolation layer, sanitizing content before it reaches the endpoint. Menlo’s Adaptive Clientless Rendering (ACR) dynamically adjusts the isolation method — using DOM reconstruction for most content and falling back to pixel pushing for high-risk or complex content that can’t be safely reconstructed.
Menlo’s key strengths include massive scale (processing billions of web sessions), tight integration with Secure Web Gateway (SWG) and CASB platforms, and a transparent user experience that requires no endpoint agent. Their HEAT (Highly Evasive Adaptive Threats) detection adds AI-based threat identification on top of the isolation layer.
Ericom (now part of Cradlepoint/Ericsson)
Ericom Shield was one of the early DOM reconstruction platforms, offering browser isolation as a standalone product and as an integrated component of their secure access solutions. After being acquired by Cradlepoint (itself owned by Ericsson), the technology has been integrated into Ericsson’s broader enterprise networking and security portfolio. Ericom’s approach emphasized clientless deployment and broad browser compatibility.
Cloudflare Browser Isolation
Cloudflare has emerged as a major player in browser isolation through its Zero Trust platform. Cloudflare’s approach uses a variant of DOM reconstruction that leverages their massive edge network to perform remote rendering and content sanitization close to the user, minimizing latency. Their draw command technology sends low-level rendering instructions rather than full DOM trees, claiming near-native performance with strong isolation.
Zscaler Browser Isolation
Zscaler offers browser isolation as part of their Zero Trust Exchange platform. Their approach integrates DOM reconstruction with their existing cloud security stack, allowing organizations to apply isolation policies based on user risk, destination risk, and content type. Zscaler’s scale (processing hundreds of billions of transactions daily) demonstrates that DOM reconstruction can operate at massive enterprise scale.
Best Practices for Deploying DOM Reconstruction
Policy-Based Isolation
Rather than isolating all web traffic (which increases cost and complexity), most organizations deploy DOM reconstruction selectively based on risk:
- Always isolate: Uncategorized sites, newly registered domains, URLs from emails, search engine ad clicks
- Selectively isolate: Social media, personal webmail, news sites, developer forums
- Bypass isolation: Trusted SaaS applications (Office 365, Google Workspace), internal web applications, verified business partner sites
Read-Only vs Full Isolation
Some DOM reconstruction platforms offer a “read-only” isolation mode where the sanitized DOM is delivered to the user but interactive elements (forms, input fields) are disabled unless the user explicitly opts to interact. This provides maximum protection for casual browsing while allowing full interaction when needed — a good compromise for balancing security and usability.
Integration with Broader Security Stack
DOM reconstruction is most effective when integrated with complementary security controls: Secure Web Gateways for URL filtering, CASB for cloud application control, DLP for data exfiltration prevention, and endpoint detection and response (EDR) as a backstop for anything that might slip through. No single control provides perfect protection — defense in depth remains essential.
For a complete picture of how DOM reconstruction fits within the broader browser isolation technology ecosystem, it’s important to understand how these architectures complement rather than replace each other.
The Evolution Beyond Traditional DOM Reconstruction
Adaptive Isolation
The most advanced isolation platforms in 2026 no longer commit to a single architecture. Instead, they dynamically select the isolation method based on content risk, user context, and page complexity. A simple news article might receive lightweight DOM reconstruction, while a suspicious link from an email might trigger full pixel-pushing isolation. This adaptive approach optimizes both security and user experience.
Cloud Browsers: Combining Isolation with Productivity
Modern cloud browser platforms like Send.win represent the next evolution of browser isolation thinking. Rather than treating isolation as a pure security control that operates transparently in the background, cloud browsers provide a complete browsing environment that runs in remote infrastructure. Users get the isolation benefits — web content never touches the local machine — combined with features that traditional isolation platforms never addressed: multi-account management, independent browser fingerprints for each session, persistent browser profiles, and team collaboration tools.
This evolution reflects a broader industry recognition that isolation needs to serve productivity as well as security. In a world where many professionals manage multiple online identities, need to access geo-restricted content, or require browser environments that don’t leak identifying information between sessions, cloud browsers provide capabilities that go far beyond what DOM reconstruction or pixel pushing were designed to offer.
Send.win’s approach is particularly relevant for teams managing multiple accounts, conducting research across different digital identities, or needing isolated browsing environments that persist between sessions. Each browser profile runs independently in the cloud with its own fingerprint configuration, providing isolation that serves business operations rather than just blocking threats.
WebAssembly-Based Isolation
An emerging approach uses WebAssembly (Wasm) to run a sandboxed browser engine directly within the user’s local browser tab. This provides isolation through a different mechanism — the web content executes inside a Wasm sandbox that prevents it from accessing the local system — without requiring remote servers for rendering. While still experimental, this approach could combine the security of isolation with the performance of local rendering. For more context on how the remote browser isolation guide covers these emerging techniques, see our comprehensive overview.
🏆 Send.win Verdict
DOM reconstruction browser isolation strikes a smart balance between security and usability — sanitizing web content while preserving a native browsing feel. But traditional DOM reconstruction was designed for a single purpose: threat prevention. In 2026, professionals need browser environments that do more. Send.win’s cloud browser platform delivers the core isolation benefit — all browsing runs in remote cloud infrastructure away from your local machine — while adding multi-account management, persistent browser profiles with unique fingerprints, and seamless team collaboration. It’s browser isolation evolved for how people actually work online.
Try Send.win free today — cloud browser isolation that works the way you do.
Frequently Asked Questions
What is DOM reconstruction browser isolation?
DOM reconstruction browser isolation is a remote browser isolation technique where web pages are fully rendered on a remote server, the resulting DOM (Document Object Model) is analyzed and sanitized to remove dangerous elements like scripts and exploit code, and a clean version of the page is reconstructed and sent to the user’s local browser for native rendering. The user sees a page that looks and functions normally but contains no malicious code.
How does DOM reconstruction differ from pixel pushing isolation?
DOM reconstruction sends a sanitized version of the page’s HTML/CSS structure to the local browser, which renders it natively. Pixel pushing streams a video feed of the rendered page, with zero web code reaching the local device. DOM reconstruction offers better performance, lower bandwidth, and a more native feel, while pixel pushing provides stronger security guarantees through a complete air gap. The trade-off is between usability and absolute security.
Can DOM reconstruction be bypassed by attackers?
Theoretically, yes. DOM reconstruction relies on the sanitization engine correctly identifying and neutralizing all possible attack vectors within the DOM. Techniques like mutation XSS (mXSS), DOM clobbering, HTML smuggling, and polyglot attacks have historically been used to bypass sanitization engines. However, modern vendors invest heavily in continuously updating their sanitization rules and have dramatically reduced the bypass surface. The risk is small but non-zero, unlike pixel pushing which provides a physical air gap.
Which vendors use DOM reconstruction for browser isolation?
Major vendors using DOM reconstruction in 2026 include Menlo Security (with their Adaptive Clientless Rendering), Cloudflare (through their Zero Trust Browser Isolation), Zscaler (integrated into their Zero Trust Exchange), and the former Ericom Shield technology now part of Ericsson/Cradlepoint. Many of these vendors use adaptive approaches that combine DOM reconstruction with pixel pushing depending on content risk level.
Does DOM reconstruction work with modern JavaScript frameworks like React?
DOM reconstruction can work with JavaScript-heavy single-page applications, but it’s challenging. SPAs built with React, Angular, or Vue generate their DOM entirely through JavaScript, requiring the remote server to execute the full JavaScript application and capture the resulting DOM changes in real time. This increases server-side complexity and resource requirements. Most enterprise DOM reconstruction platforms handle major web applications adequately, but niche or complex SPAs may experience visual or functional issues.
How much bandwidth does DOM reconstruction use compared to pixel pushing?
DOM reconstruction typically uses 1-5 Mbps per session compared to 5-20 Mbps for pixel pushing — a 3-5x reduction. This is because DOM reconstruction transmits structured HTML/CSS data rather than encoded video streams. The bandwidth savings are significant at enterprise scale and make DOM reconstruction viable for organizations with distributed workforces on variable-quality internet connections.
Is DOM reconstruction browser isolation transparent to users?
In most implementations, DOM reconstruction is nearly transparent. Users browse normally through their regular browser, and the isolation happens automatically in the background. Pages load with native browser rendering, text selection works normally, and most web applications function as expected. Users may notice occasional visual differences on complex pages or slight delays on heavily JavaScript-driven sites, but the experience is generally indistinguishable from direct browsing.
How does Send.win relate to DOM reconstruction browser isolation?
Send.win is a cloud browser platform that shares the core principle of browser isolation — browsing activity runs in remote cloud infrastructure rather than on the user’s local device. However, Send.win goes beyond traditional isolation approaches like DOM reconstruction by offering a complete cloud browsing environment with multi-account management, independent browser fingerprints per session, persistent profiles, and team collaboration features. It represents the evolution of isolation from a pure security control to a productivity-enhancing platform.