Lockdown browsers explained: how they work and why the industry is rethinking them

Marina Detinko
Board member

20+ years in the software industry, focused on making learning, evaluation, and decision‑making fair, clear, and actually usable.

About the author
→
PUBLISHED
·
SHARE
TAGS

TL;DR

  • Lockdown browsers such as Respondus LockDown Browser and Safe Exam Browser became industry standards because they solved a real assessment integrity problem.
  • They help create a controlled testing environment but are only one component of a broader assessment security strategy.
  • As online assessments moved from computer labs to personal devices and global remote delivery, the friction associated with dedicated lockdown applications became more noticeable.
  • Modern browser technologies now make it possible to achieve many lockdown-browser-level protections without requiring separate software installations.
  • The goal was never the lockdown browser itself. The goal has always been trustworthy assessment outcomes.

Lockdown browsers have been an industry standard for almost two decades now. Safe Exam Browser, Respondus LockDown Browser, and many others all followed roughly the same philosophy: if you want to secure an online exam, you temporarily turn the test taker's computer into a highly restricted environment.

And though I personally hate any restrictions, I totally understand why this approach became so widespread (and still is).

When you're responsible for assessment integrity, changing established requirements is painful. Revising procurement documents, accreditation procedures, compliance wording, institutional policies, and internal guidelines can take months or even years. Once a lockdown browser becomes part of the assessment process, it tends to stay there.

The funny thing is that I rarely hear assessment teams talking about lockdown browsers with enthusiasm. I hear them talking about trust. Trust in results. Trust in credentials. Trust in admissions decisions. Trust in certification outcomes.

Lockdown browsers simply became one of the tools used to achieve that trust. And for a long time, they worked remarkably well.

The challenge is that while lockdown browsers solved a real problem, they also introduced a new one. Over the years, they became one of the biggest sources of test-taker frustration in online assessments. Installations. Permissions. Compatibility issues. Accessibility concerns. Support tickets. Anxiety about what exactly is happening on a personal device.

None of this means lockdown browsers are bad technology. It simply means they were designed for a world where secure online assessments had fewer options than they do today. And that raises an interesting question.

If the goal is trustworthy assessment outcomes, does achieving that goal still require the same approach it did twenty years ago?

What is a lockdown browser?

Let’s do some definitions. A lockdown browser is a specialized application designed to create a controlled testing environment during an online assessment.

Unlike a standard browser, it restricts access to resources that could potentially be used during an exam. Depending on the product and configuration, this may include blocking additional browser tabs, restricting websites, preventing copy-paste actions, limiting screenshots, or preventing access to specific applications.

Among the best-known examples are Respondus LockDown Browser and Safe Exam Browser (SEB), both widely used in higher education, certification, and workforce assessment programs.

Importantly, lockdown browsers and proctoring are not the same thing. A lockdown browser restricts the testing environment. Proctoring focuses on monitoring, reviewing, or validating assessment behavior.

Many organizations combine both approaches, while others use one or the other depending on the stakes of the assessment and the level of security required.

What can lockdown browsers actually detect?

One reason lockdown browsers generate so much discussion is that many people are unsure about what they can and cannot actually do.

The reality is that lockdown browsers are powerful tools, but they are not magical. Their capabilities depend on the specific product being used, how it has been configured, and whether it is combined with additional proctoring technologies.

In most cases, lockdown browsers are designed to control the testing environment rather than investigate everything happening around it.

Typical capabilities include:

  • Restricting access to unauthorized websites
  • Blocking additional browser tabs and windows
  • Preventing copy-paste actions
  • Limiting screenshots and screen capture tools
  • Restricting access to certain applications
  • Detecting virtual machines or remote desktop tools
  • Enforcing assessment-specific browser settings

What they generally cannot do on their own is provide complete visibility into the candidate's surroundings, additional devices, or intentions.

This distinction is important because assessment integrity has never been about a single technology. Lockdown browsers are one layer of protection within a broader assessment ecosystem that may also include identity verification, proctoring, assessment design, audit trails, and human review.

In other words, lockdown browsers can help create a controlled environment, but they are only one part of building confidence in assessment outcomes.

Why lockdown browsers became the standard

There is a trend in a lot of industries, in educational technology in particular, to judge older approaches by today's standards. I’m not into doing it. When they were introduced, lockdown browsers solved a real problem. Twenty years ago, online assessment looked very different from what it does today. Browser technologies offered fewer controls, assessment platforms were less sophisticated, and institutions needed practical ways to protect exam integrity in an increasingly digital world.

So the industry did what industries usually do when faced with a difficult problem: it found an approach that worked and standardized around it.

Over time, lockdown browsers became more than a technology choice. They became part of institutional policy, accreditation guidance, procurement checklists, and RFP templates.

Eventually, "secure online exam" and "lockdown browser" became almost synonymous. And again, I don't think anyone should be criticized for that. The approach made sense. The more interesting question is whether the assumptions behind it still hold today.

The real challenge isn't detection

I sometimes feel that the online assessment industry spent years asking the wrong question. The wrong questions, to be precise.

The questions were:

  • How do we monitor more?
  • Can we detect another device?
  • Can we detect another person?
  • Can we detect suspicious behavior?
  • Can we detect eye movement?
  • Can we lock down more functions?
  • Can we collect more signals?

Those questions aren't unreasonable even now, but they are technology questions.

The question assessment providers actually care about is different: Can we trust the assessment result?

Because trust is ultimately what matters. Not the numbers of restrictions/alerts/monitoring signals.

And trust comes from a combination of factors: assessment design, identity verification, monitoring, review processes, auditability, transparency, and candidate experience.

That's one reason I've become increasingly cautious whenever conversations about assessment security turn into conversations about surveillance.

More surveillance is not automatically more security. More friction is not automatically more integrity. And more data is not automatically better evidence. Assessment integrity matters. Privacy matters. Accessibility matters. The challenge is finding a balance between them.

The hidden cost nobody talks about

Assessment professionals usually evaluate lockdown browsers through the lens of security. Test takers evaluate them through the lens of experience. Support teams evaluate them through the lens of troubleshooting. Accessibility teams evaluate them through the lens of inclusion. And IT teams evaluate them through the lens of deployment and maintenance.

None of those perspectives are wrong. But they often lead to very different conclusions.

If you're responsible for maintaining assessment integrity across thousands of candidates, a lockdown browser may look like a sensible safeguard.

If you're a candidate trying to launch an exam fifteen minutes before a certification deadline, it may look like an obstacle.

If you're supporting hundreds of candidates during an exam window, it may look like a growing queue of installation-related support requests.

The interesting thing is that all of these people are interacting with the same technology, they're simply experiencing different parts of its impact. And that's where the conversation becomes more complicated than a checklist of security features.

The world around lockdown browsers has changed

One thing I often notice when discussing assessment security is that we talk about technologies as if they exist in isolation, and they absolutely don't.

They exist within a broader ecosystem of people, devices, expectations, and constraints.

When lockdown browsers became popular, many assessments took place in relatively controlled environments. Students often sat exams in campus computer labs. Certification candidates traveled to testing centers. Corporate assessments were frequently completed on employer-managed devices.

Today's reality looks very different. Candidates sit exams from home offices, shared apartments, hotel rooms, co-working spaces, and locations scattered across different time zones and continents. Some use institutional devices. Others use personal laptops. Some rely on assistive technologies. Some have excellent connectivity. Others don't.

Every additional installation requirement, compatibility check, permission request, or system dependency introduces another point of friction. Because the environment has become more complex. And that complexity comes with a cost.

Usually it shows up as:

  • Support tickets
  • Delayed exam starts
  • Accessibility challenges
  • Candidate frustration
  • Additional workload for assessment teams

Assessment teams know this better than anyone. They're the ones dealing with the consequences on exam day and even after.

Lockdown browser alternatives: what has changed?

For many years, the conversation around online exam security followed a simple assumption:

If you want lockdown-browser-level protection, you need a lockdown browser.

That assumption made perfect sense at the time. The technology available simply offered few alternatives. Today, however, the situation looks very different.

Modern browsers have become dramatically more capable. Assessment platforms can now combine multiple layers of security directly within the browser experience, reducing the need for separate installations while still helping organizations protect assessment integrity.

Depending on the platform, these capabilities may include:

  • URL restrictions
  • Extension blocking
  • Content protection
  • Virtual machine detection
  • Remote-control detection
  • Overlay detection
  • External display detection
  • Identity verification
  • Browser-based monitoring workflows

The objective is not necessarily to replicate every aspect of a traditional lockdown browser. The objective is to address the underlying risk while creating a smoother experience for candidates and administrators alike. This distinction matters.

Assessment leaders are not purchasing security features for their own sake. They're trying to ensure that assessment outcomes remain trustworthy and defensible.

How that goal is achieved can evolve over time.

Traditional lockdown browsers vs browser-based security

The table below is intentionally simplified, and the point isn't that one approach is universally better than the other. Assessment providers now have more options than they did when lockdown browsers first became the standard.

Comparison of traditional lockdown browser and modern browser-based security approaches
Traditional lockdown browser approach Modern browser-based approach
Additional software installation Required Not required
Device restrictions Dedicated application Browser-native controls
Accessibility considerations Depends on implementation Depends on implementation
Support workload Can increase during exam windows Often reduced
Assessment integrity High High

Are lockdown browsers still necessary?

This is probably the question assessment leaders should be asking in 2026. And the answer is “it depends” —  on the nature of the assessment, the risks involved, regulatory requirements, candidate population, available technologies, and the level of evidence required by the organization. The good thing is, that the answer is becoming more nuanced than it was ten years ago.

Why we built a lockdown browser alternative

There is a sentence I have seen in assessment RFPs more times than I can count: “Must support lockdown browser.”  For years, that requirement made perfect sense, but let me ask the question again — is the requirement actually a lockdown browser? Should it be confidence that the assessment was completed under appropriate conditions?

While they seem to be describing the same thing, the first one describes a technology, and the second one speaks of an outcome. And outcomes can often be achieved in different ways.

That's the question that ultimately led us to build OctoLock, a lockdown browser alternative that works in the default browser. Because we kept on asking ourselves:

  • What if we focused on the outcome instead of the mechanism?
  • What if assessment providers could receive the controls and evidence they need without requiring candidates to install a separate lockdown application?
  • What if browser-based security could deliver many of the protections traditionally associated with lockdown environments while reducing friction for test takers?

Over several releases, that question gradually evolved into a product.

Today, OctoLock provides the following capabilities directly within the browser experience:

  • Remote-control detection
  • Overlay detection
  • URL restrictions
  • Extension blocking
  • Virtual machine detection
  • External display detection
  • Content protection controls

And I have to admit, this is one of those functional arrivals of our platform that genuinely makes me happy. It feels like one of those rare win-win moments — assessment teams gain additional flexibility, test takers encounter fewer barriers.

And thus we shifted (or at least started shifting) the conversation from: “How do we lock down the device?” to “How do we create confidence in the result?”.

To me, that's progress.

Looking for a lockdown browser alternative?

Discover how OctoLock delivers many traditional lockdown browser protections directly in the default browser, helping reduce friction for test takers while maintaining assessment integrity.

Book a demo

FAQ

What is Safe Exam Browser?

Safe Exam Browser (SEB) is one of the most widely used lockdown browsers in education and certification. It creates a controlled testing environment by restricting access to unauthorized websites, applications, and browser functions during an assessment. SEB is often integrated with learning management systems and testing platforms.

What is Respondus LockDown Browser?

Respondus LockDown Browser is a dedicated lockdown browser used by many educational institutions. It prevents candidates from opening additional browser tabs, accessing external websites, printing, copying content, or launching unauthorized applications during an exam.

Does Respondus LockDown Browser record you without permission?

The lockdown browser itself is primarily designed to restrict access to resources on the testing device.

Recording capabilities generally come from additional services, such as webcam monitoring solutions enabled by the institution administering the assessment. Organizations should clearly communicate what information is collected, what is recorded, and how the data is used.

Does Safe Exam Browser record you?

Safe Exam Browser itself focuses on creating a secure testing environment rather than recording candidates.

Whether recording occurs depends on the assessment platform and any additional proctoring services used alongside SEB.

Does LockDown Browser track eye movement?

Not by itself.

LockDown Browser is designed to control the testing environment on a device, not to perform eye tracking. Some institutions may combine lockdown browsers with webcam-based monitoring tools that analyze behavioral indicators such as gaze direction or head position, but these systems do not determine cheating based on a single signal.

Can LockDown Browser detect your phone?

Generally speaking, no.

A lockdown browser controls the device on which it is installed but cannot directly detect a separate phone sitting outside the testing device. Additional monitoring technologies, room scans, or live supervision may provide broader visibility depending on the assessment setup.

Can Respondus LockDown Browser detect other devices?

Not directly.

Respondus LockDown Browser focuses on controlling activity on the testing device itself. Visibility into other devices depends on supplementary monitoring tools, proctoring technologies, or assessment procedures used alongside the browser.

Does LockDown Browser notify professors?

Lockdown browsers do not typically notify professors every time a candidate performs a specific action.
However, assessment platforms may generate logs, alerts, flags, or reports that instructors, proctors, or administrators can review as part of the assessment process.

Are lockdown browsers still necessary?

It depends on the assessment.

For some high-stakes exams, certification programs, or regulated environments, traditional lockdown browsers may still be the preferred option. For others, browser-based security controls combined with identity verification, monitoring, and thoughtful assessment design may achieve the same goal with less friction for candidates.

The important thing is to focus on the outcome: creating confidence in assessment results.

What are the alternatives to lockdown browsers?

Modern assessment and proctoring software like OctoProctor increasingly offer browser-based security features that can reduce or eliminate the need for dedicated lockdown applications.

Depending on the platform, these may include identity verification, URL restrictions, extension blocking, virtual machine detection, remote-control detection, external display detection, content protection, and browser-based monitoring workflows.

The goal is not necessarily to replace every lockdown browser feature, but to achieve the same assessment integrity objectives while reducing complexity and improving the candidate experience.