Kernel proxies enable you to route browser traffic through different types of proxy servers, providing enhanced privacy, flexibility, and bot detection avoidance. Proxies can be created once and reused across multiple browser sessions.
Datacenter has the fastest speed, while residential and mobile are least detectable. ISP is a balance between the options, with less-flexible geotargeting. Kernel recommends using the first option in the list that works for your use case.
ISP proxies provide a static exit IP that persists across sessions — every browser session attached to the proxy exits through the same IP, and it only changes in rare ISP-initiated replacement events. This makes them suitable for IP allowlists or managed auth health checks that must egress from a single IP.Datacenter proxies use rotating exit IPs — a new exit IP is assigned per request, so different requests within the same browser session can exit through different IPs. For a stable IP across requests and sessions, use an ISP proxy or a custom (BYO) proxy pointed at infrastructure you control.Residential and mobile proxies use rotating exit IPs that may change per connection — see Residential Proxies and Mobile Proxies for details.
Before attaching a proxy to a browser session, run a health check to verify credentials and connectivity. Pass an optional url to test reachability against a specific target instead of Kernel’s default test URLs.
For ISP and datacenter proxies the exit IP is stable, so a successful check against a url reliably indicates that subsequent sessions will reach the same target from the same IP. For residential and mobile proxies the exit node changes between requests, so the check validates credentials and connectivity but not site-specific reachability. When url is provided, the result does not update the proxy’s stored health status.
Configure specific hostnames to bypass the proxy and connect directly. This is useful for accessing internal services, metadata endpoints, or reducing latency for trusted domains.
You can hot-swap the proxy on a running browser session without restarting it. This updates the proxy configuration immediately — all subsequent network requests from the browser will use the new proxy.
The browser’s network is momentarily disconnected during a proxy hot swap. Any in-flight requests may fail.
import Kernel from '@onkernel/sdk';const kernel = new Kernel();// Create two proxy configurationsconst proxyA = await kernel.proxies.create({ type: 'isp', name: 'proxy-a', config: { country: 'US' },});const proxyB = await kernel.proxies.create({ type: 'residential', name: 'proxy-b', config: { country: 'DE' },});// Launch a browser with the first proxyconst browser = await kernel.browsers.create({ proxy_id: proxyA.id,});// Hot-swap to a different proxyawait kernel.browsers.update(browser.session_id, { proxy_id: proxyB.id,});// Remove the proxy entirely (route directly to the internet)await kernel.browsers.update(browser.session_id, { proxy_id: '',});
from kernel import Kernelkernel = Kernel()# Create two proxy configurationsproxy_a = kernel.proxies.create( type="isp", name="proxy-a", config={"country": "US"},)proxy_b = kernel.proxies.create( type="residential", name="proxy-b", config={"country": "DE"},)# Launch a browser with the first proxybrowser = kernel.browsers.create( proxy_id=proxy_a.id,)# Hot-swap to a different proxykernel.browsers.update( browser.session_id, proxy_id=proxy_b.id,)# Remove the proxy entirely (route directly to the internet)kernel.browsers.update( browser.session_id, proxy_id="",)
package mainimport ( "context" "github.com/kernel/kernel-go-sdk")func main() { ctx := context.Background() client := kernel.NewClient() // Create two proxy configurations proxyA, err := client.Proxies.New(ctx, kernel.ProxyNewParams{ Type: kernel.ProxyNewParamsTypeIsp, Name: kernel.String("proxy-a"), Config: kernel.ProxyNewParamsConfigUnion{ OfProxyNewsConfigIspProxyConfig: &kernel.ProxyNewParamsConfigIspProxyConfig{ Country: kernel.String("US"), }, }, }) if err != nil { panic(err) } proxyB, err := client.Proxies.New(ctx, kernel.ProxyNewParams{ Type: kernel.ProxyNewParamsTypeResidential, Name: kernel.String("proxy-b"), Config: kernel.ProxyNewParamsConfigUnion{ OfProxyNewsConfigResidentialProxyConfig: &kernel.ProxyNewParamsConfigResidentialProxyConfig{ Country: kernel.String("DE"), }, }, }) if err != nil { panic(err) } // Launch a browser with the first proxy browser, err := client.Browsers.New(ctx, kernel.BrowserNewParams{ ProxyID: kernel.String(proxyA.ID), }) if err != nil { panic(err) } // Hot-swap to a different proxy if _, err := client.Browsers.Update(ctx, browser.SessionID, kernel.BrowserUpdateParams{ ProxyID: kernel.String(proxyB.ID), }); err != nil { panic(err) } // Remove the proxy entirely (route directly to the internet) if _, err := client.Browsers.Update(ctx, browser.SessionID, kernel.BrowserUpdateParams{ ProxyID: kernel.String(""), }); err != nil { panic(err) }}
The update is synchronous — when the call returns, the proxy swap is fully applied and all new browser traffic routes through the updated proxy. The swap typically completes in 2–3 seconds.
If you swap the proxy on a browser acquired from a pool, the browser will be reset back to the pool’s default proxy configuration when it is released. Releasing the browser will be delayed by the swap duration (~2-3 seconds) while the proxy is restored to the pool default.
Attach a custom proxy_id to any browser — stealth or non-stealth — and Kernel’s anti-detection config still applies. For full anti-detection without the managed proxy or CAPTCHA solver, launch a non-stealth browser with your own proxy_id:
Stealth browsers are automatically assigned a proxy. To disable this on a running stealth browser and route traffic directly, set disable_default_proxy to true: