Secure Web Proxy provides centralized, policy-based control for your organization's outbound web traffic. Service Extensions extensions for Secure Web Proxy help you insert your custom services directly into the Secure Web Proxy traffic processing path by using callouts. This page provides an overview about Secure Web Proxy extensions.
Secure Web Proxy supports authorization extensions by using callouts.
How Secure Web Proxy extensions work
Service Extensions callout extensions can send gRPC callouts from the traffic processing path to custom services.
By making a real-time gRPC call to an external service that you manage, you can inspect, modify, or even block traffic before it continues to its destination. This feature transforms Secure Web Proxy into a programmable platform that helps you integrate your outbound data transfer flows and AI agent flows with specialized security providers, implement custom authentication or authorization solutions, and enforce bespoke business logic.
Service Extensions for Secure Web Proxy supports the use of authorization extensions to intercept and evaluate requests and content that pass through a Secure Web Proxy instance.
When a client sends an outbound data transfer request through a Secure Web Proxy instance, the extension inspects the data based on the the configured authorization policy.
In the data path, authorization policies are evaluated after performing TLS interception on the inner payload. Authorization extensions based on request authorization policies run before those based on content authorization policies.