For AI agents

Disposable browser infrastructure for AI agents.

A real headful Chromium on a fresh residential IP. Spawned per task, destroyed on close. Your agent logs in, clicks, and reads the rendered page, then the browser is gone.

Get started Read the docs

WHAT YOUR AGENT GETS

One engine. Three jobs.

One browser per task. Real exit. Real paint.

BURN ON CLOSE

Every run gets its own browser.

Spawn a session per task. Cookies, storage, and tokens live only inside it. When the run ends, the browser is destroyed. Nothing carries into the next agent.

1 session · 1 task · gone on close

FRESH RESIDENTIAL IP

A real residential IP per session.

Each session leaves from a fresh residential exit. The target sees a home connection, not a datacenter range. Pick a geography when you spawn.

real IP · per-region · per-session

HEADFUL RENDER

A real headful page to look at.

A real Chromium renders the page with pixels, layout, and fonts. Vision models read what a person would see. Headless signals never reach the site.

real chromium · real paint · real fingerprint

How it holds up

What a disposable browser changes.

Five questions agent builders ask before they wire it in.

How does burn on close work?

Each task gets its own browser. The session holds the cookies, storage, and tokens for that run.

When the run ends, the container is destroyed. The disk is wiped. Nothing carries into the next session.

There is no shared profile to leak between agents. One task, one browser, gone on close.

What do fresh residential IPs change about detection?

Datacenter ranges are easy to block. Most anti-bot vendors flag them on sight.

Every Legba session leaves from a fresh residential exit. The target sees a home connection, not a server.

You pick the geography when you spawn. The IP is real, and it changes per session.

Why headful rendering for vision models?

A real Chromium paints the page. Pixels, layout, fonts, and images all render.

Vision models read what a person would see. The screenshot is the real page, not a headless approximation.

Headless browsers expose signals that sites detect. Legba runs headful, so those signals are never sent.

How does credential isolation work?

Credentials live inside the session, off your stack. The browser runs in the cloud, not on your machine.

An agent logs in, does the work, and the session is destroyed. The credentials go with it.

Nothing is written back to your environment. The blast radius is one session.

What persists after a run?

By default, nothing. Cookies, storage, tokens, and fingerprint are destroyed with the session.

If you need state across runs, you scope it explicitly. Persistence is opt-in, not the default.

No trail is left on the target, and no profile is left on your side.

[ session lifecycle ]

Spawn it. Use it. Destroy it.

Reach the engine over MCP, the API, or the SDK. The lifecycle is the same every time. Spawn a scoped session, do the work, destroy it. Nothing persists unless you say so.

[ session lifecycle ]

Spawn a scoped session.
Your agent calls spawn. Pick a geography, scope the reach, set the TTL. A real Chromium boots on a fresh residential IP. Nothing from the last run is carried in.
Do the work.
The agent drives over MCP, the API, or the SDK. It navigates, clicks, types, and reads the rendered page. The session sees only what you scoped.
Destroy it.
The TTL hits or the agent closes the session. Cookies, storage, tokens, and fingerprint go with it. Nothing escapes because nothing is left.

Spawn a scoped session.
Your agent calls spawn. Pick a geography, scope the reach, set the TTL. A real Chromium boots on a fresh residential IP. Nothing from the last run is carried in.
Do the work.
The agent drives over MCP, the API, or the SDK. It navigates, clicks, types, and reads the rendered page. The session sees only what you scoped.
Destroy it.
The TTL hits or the agent closes the session. Cookies, storage, tokens, and fingerprint go with it. Nothing escapes because nothing is left.

Reach the engine

Where to go next.

The same engine, reached the way your stack needs it.

The MCP serverConnect your agent to the disposable browser over MCP. Spawn, drive, and destroy from your client.The docsRead the lifecycle, the spawn parameters, and what each call returns.Cloud API pricingFree to prototype, then Pro, Production, and custom Enterprise. Same engine at every tier.OpenClawRun an autonomous coding agent inside the same disposable sandbox.Disposable browserWhat a disposable real browser is, and why it spawns fresh and burns on close.

cookie preferences

we value your privacy. accept all cookies?

acceptaccept1,438 partners

verify you are humanattempt 7 of 7humancheck

expires in 00:58privacy · terms

data exposedper session

typical · 2.4 mblegba · 0 b

trackers · live view2 active

you?

tracker_1

tracker_2

selection: emptymatch 0.0%

legba · sessionLIVE

> spawn session

fprotated · fresh

ipresidential · fra

tracenone · 0 bytes

> burn on close

uptime 00:12trace none

gated.example.com

403

access denied

automated traffic detected · ref 8841

200

access granted

via legba session · ref 8841

Access anything.
Expose nothing.

Legba is a disposable real browser: it spawns a clean session, does the work, and destroys itself on close.

Get started

Read the docs

chromium / real fingerprint · residential ip · burn on close

Chrome Plugin

OpenClaw

Adversary