Custom Websites

Custom Websites

Connect any website to your drone using a persistent browser session. Unlike built-in integrations (Gmail, LinkedIn, Reddit, etc.), custom websites let you add any site your drone needs access to — your company CRM, internal tools, niche platforms, or any web app that uses cookie-based authentication.

How It Works

  1. Go to Settings on your drone’s dashboard
  2. Click ”+ Add Website” in the Custom Websites section
  3. Enter a name (e.g., “Company CRM”) and the login URL (e.g., https://app.example.com/login)
  4. A browser window opens — log in to the site manually by clicking, typing, and scrolling just as you would on your own computer
  5. Click “I’m Done Logging In” when you’ve completed the login process
  6. Your drone extracts and stores all session cookies for that domain, encrypted at rest with AWS KMS

After connecting, your drone can browse the site using the persistent browser session — cookies are shared with the Playwright browser that executes tasks.

Limitations

  • Health checks are best-effort. The drone periodically checks if your session is still valid by making an HTTP request with stored cookies. However, many modern web apps (SPAs) return HTTP 200 even when logged out. If your session expires, the drone will report it, and you can reconnect.
  • No site-specific playbooks. Built-in integrations (LinkedIn, Reddit) have tailored playbooks with rate limits and navigation patterns. Custom websites use the generic browser playbook — the drone navigates the site using general browser tools without site-specific guidance.
  • Shared browser profile. All integrations and custom websites share a single Chrome browser profile. Cookies from different sites coexist — this is the same behavior as a normal Chrome browser with multiple tabs.
  • HTTPS only. For security, only https:// URLs are accepted. Private/internal network addresses are blocked to prevent SSRF.

Security

  • Encrypted at rest: All session cookies are encrypted using AWS KMS envelope encryption before storage in DynamoDB.
  • Per-drone isolation: Each drone has its own browser profile and cookie storage. Cookies from one drone are never shared with another.
  • SSRF protection: The API blocks login URLs pointing to private IP ranges (10.x.x.x, 192.168.x.x, 169.254.169.254, localhost) to prevent access to internal infrastructure.

Managing Custom Websites

Removing a Site

Click Remove on any custom website in the settings page. This deletes the stored cookies and DynamoDB record. The browser profile may still have cached cookies until the next Chrome restart.

Reconnecting

If a session expires, remove the site and add it again to go through the login flow.

ZerobounceSchedules