Steel Browser Deep Dive: Enterprise-Grade Cloud Browser API for AI Agents
Docker-based cloud browser sandbox with Puppeteer/Playwright/Selenium support, session persistence, anti-detection, and proxy rotation built in.
Introduction: From Desktop to Server
The first two articles in this series covered Nanobrowser and Browy — tools that run in the user's desktop browser, leveraging existing login sessions, cookies, and home IP addresses. These naturally bypass CAPTCHA and WAF detection.
But these tools have a ceiling: they cannot scale.
When you need 50 concurrent scraping tasks, manage 1,000 independent sessions, or run automated tests in CI/CD pipelines, browser extensions won't cut it. You need infrastructure-level browser management.
Steel Browser is built for this — an open-source, self-hostable cloud browser API that abstracts Chrome instance management into REST API calls.
Architecture Overview
Steel is a Fastify-based Node.js service wrapping Puppeteer's Chrome control capabilities behind a REST API.
┌─────────────────────────────────────────┐
│ Steel Browser Server │
│ │
│ ┌─────────┐ ┌──────────┐ ┌────────┐ │
│ │ Sessions │ │ CDP │ │ Quick │ │
│ │ Manager │ │ Proxy │ │ Actions│ │
│ └────┬────┘ └────┬─────┘ └───┬────┘ │
│ │ │ │ │
│ ┌────▼────────────▼────────────▼────┐ │
│ │ Chrome Instance Pool │ │
│ │ (Puppeteer + CDP + Stealth) │ │
│ └────────────────┬──────────────────┘ │
│ │ │
│ ┌────────────────▼──────────────────┐ │
│ │ Built-in: Proxy chain / Extensions│ │
│ └───────────────────────────────────┘ │
└──────────────────┬──────────────────────┘
│
REST API / WebSocket
│
┌──────────────┴──────────────┐
│ Puppeteer Playwright │
│ Selenium Custom Client│
└─────────────────────────────┘Core Capabilities
| Capability | Implementation | Business Value |
|---|---|---|
| Session Management | Isolated browser profiles, persist Cookie/localStorage/IndexedDB | Agent logs in once, resumes days later |
| Dual Protocol | CDP endpoints + Selenium WebDriver interface | Existing Puppeteer/Playwright/Selenium code works directly |
| Quick Actions | /scrape /screenshot /pdf high-level endpoints | Skip browser launch overhead |
| Anti-Detection | Stealth plugin + proxy rotation + CAPTCHA solving | Higher survival rate under WAF |
| Extension Support | Load custom Chrome extensions | Inject recorders, analyzers |
Deployment
Docker Quick Start (Recommended)
docker run -p 3000:3000 -p 9223:9223 ghcr.io/steel-dev/steel-browserAccess API at http://localhost:3000, UI at http://localhost:3000/ui, port 9223 for remote debugging.
One-Click Cloud Deploy
| Platform | Method |
|---|---|
| Railway | One-click deploy button |
| Render | One-click deploy button |
| Self-hosted | Docker Compose |
Custom Chrome Path
export CHROME_EXECUTABLE_PATH=/path/to/your/chrome
docker compose upAPI Usage
Steel offers two interaction modes: Session mode and Quick Actions mode.
Session Mode
For stateful, long-running agents. Create a session, then perform multiple operations within it.
Create a session:
curl -X POST http://localhost:3000/sessions \
-H "Content-Type: application/json" \
-d '{
"stealth": true,
"proxy": {
"server": "http://proxy.16yun.cn:8888",
"username": "user",
"password": "pass"
}
}'Navigate in a session:
curl -X POST http://localhost:3000/sessions/<session-id>/cdp \
-H "Content-Type: application/json" \
-d '{
"method": "Page.navigate",
"params": { "url": "https://example.16yun.cn" }
}'Get page content:
curl http://localhost:3000/sessions/<session-id>/scrapeClose session:
curl -X DELETE http://localhost:3000/sessions/<session-id>Quick Actions Mode
For stateless, one-shot data extraction without managing session lifecycle.
Scrape page content:
curl http://localhost:3000/scrape \
-H "Content-Type: application/json" \
-d '{
"url": "https://example.16yun.cn",
"stealth": true
}'Full-page screenshot:
curl http://localhost:3000/screenshot \
-H "Content-Type: application/json" \
-d '{
"url": "https://example.16yun.cn",
"fullPage": true
}' --output page.pngGenerate PDF:
curl http://localhost:3000/pdf \
-H "Content-Type: application/json" \
-d '{
"url": "https://example.16yun.cn"
}' --output page.pdfSDK Support
Steel provides official Node.js and Python SDKs:
# Node.js
npm install steel-sdk
# Python
pip install steel-sdkfrom steel_sdk import Steel
client = Steel(base_url="http://localhost:3000")
session = client.sessions.create(stealth=True, proxy="http://user:pass@proxy.16yun.cn:8888")
page = session.navigate("https://example.16yun.cn")
content = page.scrape()
session.close()Anti-Detection & Proxy Integration
One of Steel's most valuable engineering features is its built-in anti-detection.
Proxy Configuration
Steel supports multi-level proxy chain configuration:
curl -X POST http://localhost:3000/sessions \
-H "Content-Type: application/json" \
-d '{
"stealth": true,
"proxy": {
"server": "http://proxy.16yun.cn:8888",
"username": "user",
"password": "pass"
}
}'| Proxy Type | Recommended Product | Use Case |
|---|---|---|
| Tunnel (auto-rotate) | Crawler Proxy | Large-scale anonymous scraping, auto IP management |
| API Proxy (fine-grained) | API Proxy | Per-request IP switching, precise extraction strategy |
| Dedicated (fixed exit) | Dedicated Proxy | Long-term logged-in tasks, stable identity |
Stealth Configuration
Steel includes multiple anti-detection layers:
- Stealth Plugin: Overrides WebDriver flags, navigator properties, Chrome automation traces
- Fingerprint Management: Modifies browser fingerprint parameters to reduce detection probability
- Extension Injection: Loads custom stealth extensions
Error Code Troubleshooting
| Code | Meaning | Suggested Action |
|---|---|---|
| 407 | Proxy auth failed | Verify credentials, check auth configuration |
| 429 | Rate limit exceeded | Reduce concurrency, increase interval |
| 403 | IP whitelist error | Check whitelist (API Proxy scenario) |
| 504 | Target timeout | Retry 2-3 times, skip persistent failures |
The Value of Session Persistence
Session persistence is one of Steel's most valuable features.
In AI browser automation, login is the hardest step — CAPTCHA, multi-factor auth, complex form submissions. If every task requires re-login, success rates drop significantly.
Steel's session persistence means:
Day 1: Agent logs into target site (manual or auto), passes CAPTCHA
↓ Cookie + localStorage + IndexedDB persisted to isolated profile
Day 3: Agent resumes the same session
↓ No re-login needed, auth state is still valid
Day 7: Same profile continues...This is especially valuable for high-frequency data extraction from the same site, or managing multiple logged-in accounts.
Scaling Challenges
Steel's production-ready architecture still faces engineering challenges (as of mid-2026):
| Issue | Description | Status |
|---|---|---|
| Fingerprint consistency | Self-hosted API occasionally fails to generate consistent fingerprints | Community discussion |
| Chrome version parity | Some fingerprint generators lack desktop samples for specific Chrome versions | Tracking upstream |
| iOS Safari iframe compat | Keyboard input in embedded iframes on iOS Safari has issues | Documented |
| Akamai 3.0 bypass | Community interest in reliably bypassing Akamai 3.0 anti-bot | Under discussion |
These issues reflect the extreme complexity of building enterprise-grade browser infrastructure — especially against deep browser fingerprinting systems like Akamai and Datadome.
Steel vs Alternatives
| Dimension | Steel | Nanobrowser | Browy | agent-browser |
|---|---|---|---|---|
| Deployment | Docker / Cloud | Chrome extension | Extension + native host | CLI + daemon |
| Runtime | Cloud headless | Desktop headed | Desktop headed | Terminal headless/headed |
| Concurrency | High (multi-session) | Low (single browser) | Low (single tab) | Medium (single instance) |
| State persistence | Isolated profiles | Browser cookies | Sandbox filesystem | Daemon cross-command |
| Anti-detection | Built-in + proxy rotation | Inherits user browser | Inherits user browser | Depends on engine |
| Protocol | Puppeteer/Playwright/Selenium | Extension API only | CDP + custom | CDP + CLI |
| Best for | Data teams / QA teams | Individual | Individual | Individual / small team |
Summary
Steel Browser represents a fundamentally different approach from Nanobrowser and Browy: instead of running inside the user's desktop, it abstracts browser management into programmable REST APIs. This infrastructure-oriented design makes it the ideal backend for large-scale concurrent AI agents.
However, it must deal with the inherent challenges of cloud automation — suspicious datacenter IPs, CAPTCHA processing costs, and deep anti-detection countermeasures. For long-term, high-volume extraction scenarios, Steel + Crawler Proxy + session persistence is one of the most production-ready combinations available.
The next article covers agent-browser — Vercel Labs' Rust-based browser automation CLI, which achieves remarkable token optimization through its accessibility tree approach.
Need an enterprise proxy plan?
We can tailor architecture to your target domains, concurrency, and reliability goals.