Lockdown browsers have been an industry standard for almost two decades now. Safe Exam Browser, Respondus LockDown Browser, and many others all followed roughly the same philosophy: if you want to secure an online exam, you temporarily turn the test taker's computer into a highly restricted environment.
And though I personally hate any restrictions, I totally understand why this approach became so widespread (and still is).
When you're responsible for assessment integrity, changing established requirements is painful. Revising procurement documents, accreditation procedures, compliance wording, institutional policies, and internal guidelines can take months or even years. Once a lockdown browser becomes part of the assessment process, it tends to stay there.
The funny thing is that I rarely hear assessment teams talking about lockdown browsers with enthusiasm. I hear them talking about trust. Trust in results. Trust in credentials. Trust in admissions decisions. Trust in certification outcomes.
Lockdown browsers simply became one of the tools used to achieve that trust. And for a long time, they worked remarkably well.
The challenge is that while lockdown browsers solved a real problem, they also introduced a new one. Over the years, they became one of the biggest sources of test-taker frustration in online assessments. Installations. Permissions. Compatibility issues. Accessibility concerns. Support tickets. Anxiety about what exactly is happening on a personal device.
None of this means lockdown browsers are bad technology. It simply means they were designed for a world where secure online assessments had fewer options than they do today. And that raises an interesting question.
If the goal is trustworthy assessment outcomes, does achieving that goal still require the same approach it did twenty years ago?
Let’s do some definitions. A lockdown browser is a specialized application designed to create a controlled testing environment during an online assessment.
Unlike a standard browser, it restricts access to resources that could potentially be used during an exam. Depending on the product and configuration, this may include blocking additional browser tabs, restricting websites, preventing copy-paste actions, limiting screenshots, or preventing access to specific applications.
Among the best-known examples are Respondus LockDown Browser and Safe Exam Browser (SEB), both widely used in higher education, certification, and workforce assessment programs.
Importantly, lockdown browsers and proctoring are not the same thing. A lockdown browser restricts the testing environment. Proctoring focuses on monitoring, reviewing, or validating assessment behavior.
Many organizations combine both approaches, while others use one or the other depending on the stakes of the assessment and the level of security required.
One reason lockdown browsers generate so much discussion is that many people are unsure about what they can and cannot actually do.
The reality is that lockdown browsers are powerful tools, but they are not magical. Their capabilities depend on the specific product being used, how it has been configured, and whether it is combined with additional proctoring technologies.
In most cases, lockdown browsers are designed to control the testing environment rather than investigate everything happening around it.
Typical capabilities include:
What they generally cannot do on their own is provide complete visibility into the candidate's surroundings, additional devices, or intentions.
This distinction is important because assessment integrity has never been about a single technology. Lockdown browsers are one layer of protection within a broader assessment ecosystem that may also include identity verification, proctoring, assessment design, audit trails, and human review.
In other words, lockdown browsers can help create a controlled environment, but they are only one part of building confidence in assessment outcomes.
There is a trend in a lot of industries, in educational technology in particular, to judge older approaches by today's standards. I’m not into doing it. When they were introduced, lockdown browsers solved a real problem. Twenty years ago, online assessment looked very different from what it does today. Browser technologies offered fewer controls, assessment platforms were less sophisticated, and institutions needed practical ways to protect exam integrity in an increasingly digital world.
So the industry did what industries usually do when faced with a difficult problem: it found an approach that worked and standardized around it.
Over time, lockdown browsers became more than a technology choice. They became part of institutional policy, accreditation guidance, procurement checklists, and RFP templates.
Eventually, "secure online exam" and "lockdown browser" became almost synonymous. And again, I don't think anyone should be criticized for that. The approach made sense. The more interesting question is whether the assumptions behind it still hold today.
I sometimes feel that the online assessment industry spent years asking the wrong question. The wrong questions, to be precise.
The questions were:
Those questions aren't unreasonable even now, but they are technology questions.
The question assessment providers actually care about is different: Can we trust the assessment result?
Because trust is ultimately what matters. Not the numbers of restrictions/alerts/monitoring signals.
And trust comes from a combination of factors: assessment design, identity verification, monitoring, review processes, auditability, transparency, and candidate experience.
That's one reason I've become increasingly cautious whenever conversations about assessment security turn into conversations about surveillance.
More surveillance is not automatically more security. More friction is not automatically more integrity. And more data is not automatically better evidence. Assessment integrity matters. Privacy matters. Accessibility matters. The challenge is finding a balance between them.
Assessment professionals usually evaluate lockdown browsers through the lens of security. Test takers evaluate them through the lens of experience. Support teams evaluate them through the lens of troubleshooting. Accessibility teams evaluate them through the lens of inclusion. And IT teams evaluate them through the lens of deployment and maintenance.
None of those perspectives are wrong. But they often lead to very different conclusions.
If you're responsible for maintaining assessment integrity across thousands of candidates, a lockdown browser may look like a sensible safeguard.
If you're a candidate trying to launch an exam fifteen minutes before a certification deadline, it may look like an obstacle.
If you're supporting hundreds of candidates during an exam window, it may look like a growing queue of installation-related support requests.
The interesting thing is that all of these people are interacting with the same technology, they're simply experiencing different parts of its impact. And that's where the conversation becomes more complicated than a checklist of security features.
One thing I often notice when discussing assessment security is that we talk about technologies as if they exist in isolation, and they absolutely don't.
They exist within a broader ecosystem of people, devices, expectations, and constraints.
When lockdown browsers became popular, many assessments took place in relatively controlled environments. Students often sat exams in campus computer labs. Certification candidates traveled to testing centers. Corporate assessments were frequently completed on employer-managed devices.
Today's reality looks very different. Candidates sit exams from home offices, shared apartments, hotel rooms, co-working spaces, and locations scattered across different time zones and continents. Some use institutional devices. Others use personal laptops. Some rely on assistive technologies. Some have excellent connectivity. Others don't.
Every additional installation requirement, compatibility check, permission request, or system dependency introduces another point of friction. Because the environment has become more complex. And that complexity comes with a cost.
Usually it shows up as:
Assessment teams know this better than anyone. They're the ones dealing with the consequences on exam day and even after.
For many years, the conversation around online exam security followed a simple assumption:
If you want lockdown-browser-level protection, you need a lockdown browser.
That assumption made perfect sense at the time. The technology available simply offered few alternatives. Today, however, the situation looks very different.
Modern browsers have become dramatically more capable. Assessment platforms can now combine multiple layers of security directly within the browser experience, reducing the need for separate installations while still helping organizations protect assessment integrity.
Depending on the platform, these capabilities may include:
The objective is not necessarily to replicate every aspect of a traditional lockdown browser. The objective is to address the underlying risk while creating a smoother experience for candidates and administrators alike. This distinction matters.
Assessment leaders are not purchasing security features for their own sake. They're trying to ensure that assessment outcomes remain trustworthy and defensible.
How that goal is achieved can evolve over time.
The table below is intentionally simplified, and the point isn't that one approach is universally better than the other. Assessment providers now have more options than they did when lockdown browsers first became the standard.
This is probably the question assessment leaders should be asking in 2026. And the answer is “it depends” — on the nature of the assessment, the risks involved, regulatory requirements, candidate population, available technologies, and the level of evidence required by the organization. The good thing is, that the answer is becoming more nuanced than it was ten years ago.
There is a sentence I have seen in assessment RFPs more times than I can count: “Must support lockdown browser.” For years, that requirement made perfect sense, but let me ask the question again — is the requirement actually a lockdown browser? Should it be confidence that the assessment was completed under appropriate conditions?
While they seem to be describing the same thing, the first one describes a technology, and the second one speaks of an outcome. And outcomes can often be achieved in different ways.
That's the question that ultimately led us to build OctoLock, a lockdown browser alternative that works in the default browser. Because we kept on asking ourselves:
Over several releases, that question gradually evolved into a product.
Today, OctoLock provides the following capabilities directly within the browser experience:
And I have to admit, this is one of those functional arrivals of our platform that genuinely makes me happy. It feels like one of those rare win-win moments — assessment teams gain additional flexibility, test takers encounter fewer barriers.
And thus we shifted (or at least started shifting) the conversation from: “How do we lock down the device?” to “How do we create confidence in the result?”.
To me, that's progress.
Discover how OctoLock delivers many traditional lockdown browser protections directly in the default browser, helping reduce friction for test takers while maintaining assessment integrity.
Book a demoSafe Exam Browser (SEB) is one of the most widely used lockdown browsers in education and certification. It creates a controlled testing environment by restricting access to unauthorized websites, applications, and browser functions during an assessment. SEB is often integrated with learning management systems and testing platforms.
Respondus LockDown Browser is a dedicated lockdown browser used by many educational institutions. It prevents candidates from opening additional browser tabs, accessing external websites, printing, copying content, or launching unauthorized applications during an exam.
The lockdown browser itself is primarily designed to restrict access to resources on the testing device.
Recording capabilities generally come from additional services, such as webcam monitoring solutions enabled by the institution administering the assessment. Organizations should clearly communicate what information is collected, what is recorded, and how the data is used.
Safe Exam Browser itself focuses on creating a secure testing environment rather than recording candidates.
Whether recording occurs depends on the assessment platform and any additional proctoring services used alongside SEB.
Not by itself.
LockDown Browser is designed to control the testing environment on a device, not to perform eye tracking. Some institutions may combine lockdown browsers with webcam-based monitoring tools that analyze behavioral indicators such as gaze direction or head position, but these systems do not determine cheating based on a single signal.
Generally speaking, no.
A lockdown browser controls the device on which it is installed but cannot directly detect a separate phone sitting outside the testing device. Additional monitoring technologies, room scans, or live supervision may provide broader visibility depending on the assessment setup.
Not directly.
Respondus LockDown Browser focuses on controlling activity on the testing device itself. Visibility into other devices depends on supplementary monitoring tools, proctoring technologies, or assessment procedures used alongside the browser.
Lockdown browsers do not typically notify professors every time a candidate performs a specific action.
However, assessment platforms may generate logs, alerts, flags, or reports that instructors, proctors, or administrators can review as part of the assessment process.
It depends on the assessment.
For some high-stakes exams, certification programs, or regulated environments, traditional lockdown browsers may still be the preferred option. For others, browser-based security controls combined with identity verification, monitoring, and thoughtful assessment design may achieve the same goal with less friction for candidates.
The important thing is to focus on the outcome: creating confidence in assessment results.
Modern assessment and proctoring software like OctoProctor increasingly offer browser-based security features that can reduce or eliminate the need for dedicated lockdown applications.
Depending on the platform, these may include identity verification, URL restrictions, extension blocking, virtual machine detection, remote-control detection, external display detection, content protection, and browser-based monitoring workflows.
The goal is not necessarily to replace every lockdown browser feature, but to achieve the same assessment integrity objectives while reducing complexity and improving the candidate experience.