Accessing websites with rich media content over Citrix has historically resulted in a less than perfect user experience.  For example, trying to play video content results in what could be best described as choppy playback, often with broken audio.  You certainly wouldn’t have much luck trying to watch Netflix over Citrix or watching a training video.  The fundamental issue relates to streaming this content over the Citrix virtual channel.  In addition to the poor user experience all of the rendering is taking place on the VDA, which impacts on the system performance since all of the video processing is done by the CPU (unless you have GPU’s in your hosts).

Citrix’s first attempt at solving this issue was with HTML5 video redirection which redirected just the <video> section of the page to the client device.  This had a major downside in that it required JavaScript to be built into the page to allow the redirection to take place.  This meant that it was only really suitable for web pages that you have control over and are able to modify (i.e. internally developed sites).

Citrix’s second attempt was introduced in XenDesktop 7.16 when they added Browser Content Redirection (BCR).  The goal of BCR is that for selected websites you can choose to offload the entire viewport section of the browser to the client device so that processing would take place there instead of the VDA.  The offloading appears seamless to the user.  The result is that rich media content plays back just as it would directly on a user’s device.  BCR has been further improved in the later versions and even back ported to 7.15 LTSR (a rare move for Citrix since LTSRs are intended to only address bugs). 

The aim of this post is not to cover how BCR works since that has been well covered by Citrix, but instead to look at our experience implementing it.

The first step is to ensure that the client device is running Citrix Workspace 1809 or higher.  If you are on a lower version, then BCR will not work and you will need to update the Workspace app first.

If you are running on XenDesktop 7.16 or above you will already have BCR installed by default, but if you are running 7.15 LTSR and want to use it then you need to do a few steps:

  1. In your master image uninstall the VDA
  2. Install 7.15 LTSR CU3 or later VDA with the option to disable the HTML5 video redirection feature “XenDesktopVDASetup.exe /FEATURE_DISABLE_HTML5″
  3. Install the Browser Content Redirection MSI (BCR.msi available from Citrix Downloads)
  4. Check that the Citrix Browser Content Redirection service is installed and running in services (services.msc).

Next you need to ensure that the browser extension or addin is enabled within your chosen browser on the VDA.  The browser extension is not required on the client device.  There are slightly different steps to enable the extension or addin depending on your web browser, again these steps have been covered by Citrix.

Once BCR is installed then you need to configure the sites you want to redirect.  This is all done through group policy or Citrix Studio (for 7.15 LTSR use the ADMX file available from Citrix Downloads).  There are 3 key settings:

Setting name


Browser Content Redirection


Browser Content Redirection ACL Configuration

Whitelist of sites to redirect

Browser Content Redirection Authentication Sites

Whitelist of sites where a site which is already redirected may itself perform a URL redirection to, but you want browser content redirection to remain in place and not fall back to the VDA

The Browser Content Redirection Authentication Sites setting is useful if a web page you want to redirect utilises an authentication service to verify the user login.  The setting specifies the URLs for which BCR remains active (redirected) when navigating away from a URL in the allow list.  For example, if you do BCR on this URL will redirect to, so you should include as an authentication site, otherwise it will fall back to rendering on the VDA.

Our experience has been that after setting up BCR it often didn’t perform the redirection as expected due to browser settings preventing it.  If it’s not working for you then you should check the below settings within the browser or group policy:

‘Third Party Browser extensions’ should be enabled

‘Enable Enhanced Protected Mode’ should be disabled

If it’s still not working after changing these settings, then further debugging will be needed to work out why.  Debugging will require the use of developer tools within your chosen web browser and enabling debug mode for BCR.  Debug mode can be enabled by modifying the JavaScript file that gets injected into the web pages to perform the redirection.  This file is stored at %programfiles%\\Citrix\\system32\\HdxVideo.js.  Open this file with notepad and change:

var DEBUG_ONLY = false;


var DEBUG_ONLY = true;

After doing this, open your browser with developer tools enabled and browse the page you want to do BCR on the VDA.  Check the developer tools console for any output messages. 

Two common issues we have seen are below.

 ‘WebSocket’ is undefined

When BCR attempts to do the redirection an error stating “’WebSockets’ is undefined” is output to the developer tools console window.  This error means that the WebSockets JavaScript function is unable to run and there are a few possible reasons for this:

  1. WebSockets are disabled through local or group policy. Within policy check Windows Components/Internet Explorer/Security Features/AJAX, ensure that the option ‘Turn off the WebSocket Object’ is Disabled or Not Configured.
  2. The web page is being presented in compatibility view or enterprise mode where the browser is emulating an Internet Explorer version lower than version 10. JavaScript WebSockets was enabled within Internet Explorer version 10, so running pages in compatibility view or enterprise mode could also cause this issue.

Exception connecting to WebSocket: SecurityError

This error occurs because of Internet Explorer’s zone elevation restrictions preventing a site classified within the internet zone from connecting to a site in the intranet zone.  Since BCR creates a WebSocket connection to a port on localhost, Internet Explorer’s automatic detection of the intranet associates this call with being within the intranet and so if the website being redirected is within the internet zone then Internet Explorer blocks the request.  To resolve the issue, you need to disable automatic detection of the intranet and use the site to zone assignment list to specify what URLs are within the intranet zone.

The polices you should be looking to set are:

Windows Components/Internet Explorer/Internet Control Panel/Security Page

Include Sites that Bypass proxy server – Disabled

Turn on Automatic Detection of Intranet – Disabled

Site to Zone Assignment List

If everything is working, your developer tools console window should contain a similar output to that in the screenshot below:

We’ve found that BCR works well for most sites, but we have encountered a few that fallback to the VDA no matter what we configure.  After speaking with Citrix support and providing all the usual traces they found elements of these sites which hadn’t been considered within BCR.  The end result was an enhancement request which we hope will get implemented in the future.  So, if you are having issues getting a site to redirect then make sure you raise a ticket with Citrix support and get it looked at.

We think that BCR is good addition to the Citrix HDX Multimedia portfolio giving Citrix system architects another way to further improve the user experience.   It’s not going to be the right choice for every situation, but where you have to deliver rich media content such as audio and video it is a very good option.