Skip to content
ai-agentsclaude-computer-useanthropic

Proxies for Claude Computer Use: session patterns and exit-class choice

Claude Computer Use operates browsers at screen-pixel level. The proxy layer below it needs specific configuration to keep agent sessions coherent and avoid anti-bot challenges. A working guide for production Computer Use deployments.

· Nathan Brecher · 4 min read

Claude Computer Use, released in late 2024 and matured through 2025-2026, operates browsers at the screen-pixel level: the model sees a screenshot, decides what to click, generates a coordinate, and then the execution layer translates that into an actual browser action. Unlike pure text agents, Computer Use generates traffic that looks closer to human-driven browsing — but not so close that anti-bot systems ignore it.

This post is the proxy configuration we see Computer Use customers settle on after their first few weeks operating in production.

Why Computer Use is different from other agents

Three characteristics that matter for proxy routing:

  1. Long sessions. A Computer Use task typically spans 5-30 minutes. Some enterprise workflows (reconciliation tasks, multi-step form operations, research tasks) run 1-2 hours. Sessions this long need IP stability that survives the session.

  2. Varied action types per session. A single Computer Use session mixes navigation (GET), form submission (POST), file downloads, occasional JSON API calls to the site's own endpoints. Each action type stresses the target's anti-bot system differently.

  3. Visual-observation-driven timing. Computer Use doesn't rush — the model actually waits for content to render before deciding. This produces a timing profile closer to a slow human than to a fast scraper, which is favourable for anti-bot posture but does need the session to stay alive through the thinking pauses.

Recommended proxy configuration for Computer Use

Exit class: ISP

Computer Use sessions are long enough that rotating residential doesn't work — the rotation breaks state. ISP (static residential-ASN) is the default. The ISP proxy page has the full class description.

Datacenter works for targets that tolerate cloud ASN but most Computer Use deployments target consumer web properties that classify datacenter aggressively. ISP gives datacenter-like reliability with residential classification.

Session: stick to the task lifetime

One X-Squad-Session value per Computer Use task, valid for the task lifetime (which on ISP is effectively unlimited). The Anthropic SDK exposes a session identifier you can propagate:

from anthropic import Anthropic
from anthropic.lib.tools import computer

client = Anthropic()

def make_proxy_config(task_id: str, country: str = "us"):
    return {
        "proxy_url": f"http://USER:PASS@gateway.squadproxy.com:7777",
        "headers": {
            "X-Squad-Class": "isp",
            "X-Squad-Country": country,
            "X-Squad-Session": f"computer-use-{task_id}",
        },
    }

async def run_computer_use_task(task_id: str, prompt: str):
    proxy = make_proxy_config(task_id)

    # Anthropic's Computer Use API + your browser runtime
    # Your browser runtime (Playwright, Puppeteer, etc.) takes
    # the proxy config; Claude just reasons about screenshots.
    return await your_browser_runtime.run(
        agent_model="claude-opus-4-7",
        tools=[computer, ...],
        prompt=prompt,
        proxy=proxy,
    )

Country routing

Match the country to the user's location or to the task's expected jurisdiction. If the task is "book a restaurant in Paris," the browser session should originate from France; the target restaurant's website will return the content a Paris- resident user would see.

See the France country page for the FR pool specifics.

Anti-bot considerations

Computer Use's visual-driven timing is favourable for anti-bot posture out of the box. The problems we see come from:

  • Cloud-ASN classification when the configuration accidentally falls back to datacenter. ISP avoids this.
  • Fingerprint inconsistency — the browser runtime should maintain consistent fingerprint (user-agent, TLS JA3, canvas) through the session. Browser-use and similar Anthropic partner SDKs handle this.
  • Geographic mismatch — an IP in the US doing Computer Use on a German-language site with Accept-Language: de looks weird. Match country to task content.

Cost shape at typical Computer Use scale

A Computer Use task in production averages ~20-50 MB of proxy bandwidth (screenshots, form fills, file downloads where applicable). At 1000 tasks/day, that's 20-50 GB/day of residential- ASN bandwidth. Our Team plan's ISP allocation and residential envelope cover this comfortably.

The bigger cost at scale is Claude's inference itself — Computer Use uses extended thinking and tool use, so token consumption is meaningful. The proxy layer is a small fraction of the all-in cost.

What this doesn't solve

  • Captcha encounters — Computer Use may solve some visual captchas by reasoning about them, but the proxy layer does not. For captcha-heavy targets, add a captcha-solver service to your pipeline.
  • Login flows against MFA — each task needs its own pre- configured authentication path; the proxy layer doesn't store state across tasks.
  • Target-specific rate limits — if a target rate-limits a Computer Use session because the action rate was too fast, the proxy layer doesn't fix it. Slow the agent down.

Related

Keep reading

Ship on a proxy network you can actually call your ops team about

Real ASNs, real edge capacity, and an engineer who answers your Slack the first time.

See pricingContact sales