# Policy Tester

The Policy Tester can be accessed on the SWG tab, or inside of a SWG policy. With it, you will see exactly how a URL will be treated for a specific user or group without testing on your laptop. It mirrors the policy engine on the endpoint, so you can validate changes without asking users to reproduce on their device.

Use it to:

* Debug access issues for a user or group
* Verify new or edited policies before rollout
* Confirm that exceptions are working
* Check the category of a website

<figure><img src="/files/LuXAQmK3dSOEL5QosZIF" alt=""><figcaption><p>Find the policy tester at the bottom right of the SWG tab</p></figcaption></figure>

***

{% hint style="danger" %}
**No device-endpoint state**\
The Policy Tester will not know if a user clicked “Proceed” on a warning page on their device. If an endpoint is currently allowing a site because the user accepted a warning, the Policy Tester will show the verdict (e.g., `Warn`)\
\
**No network conditions**\
The tool does not simulate TLS errors or connectivity issues. It answers only: “If this traffic reaches dope.endpoint and is evaluated by policy, what should happen?”

**No malware override visibility**\
Policy Tester focuses on policy verdict evaluation. Runtime malware/security checks may still block traffic after policy evaluation.

**Use logs for history**\
Policy Tester shows expected behavior, not past events. To see what actually happened for a real request, use your activity or SIEM logs alongside this tool
{% endhint %}

### Running a test

1. **Select the user or group**\
   Start typing a name or email in **Search User/Group** and pick the correct identity. This determines which policy will be evaluated.
2. **Enter the URL**\
   Type a domain (`thepiratebay.org`) or full URL (`https://thepiratebay.org/`).
3. **Click&#x20;*****Go***\
   Policy Tester evaluates the request and shows the result under **Status**

<figure><img src="/files/x5Uwu2eevMAvgkRO8SA3" alt="" width="375"><figcaption></figcaption></figure>

### Understanding the results

#### Status can be:

* **Allowed**
* **Warn**
* **Blocked**

#### Explanations:

* **Policy assignment:** Shows the policy applied to the selected user/group
* **Category restrictions:** Shows the categories of the URL and any restrictions, e.g.:\
  `The Category "Torrents/P2P" has restrictions`
* **Other rule matches:** Indicates any custom URL rules or app controls that influenced the verdict.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://inflight.dope.security/dope.console/dope.swg-policy/policy-tester.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.