Use Clash in Chrome and Edge: No System Proxy

Who This Guide Is For

You installed Clash for better routing, but you do not want every application on the machine to inherit a proxy. Corporate chat, calendaring, internal repositories, and games may break or require audit-friendly direct paths. Search intent sounds like “Chrome only proxy Clash” or “Edge without system proxy.” The workable pattern is: run Clash locally, do not enable the Windows Internet Options / WinINet system proxy toggle, and instead configure Chrome and Edge to send HTTP and HTTPS to 127.0.0.1 on the port that matches your mixed-port (or a dedicated port / socks-port). The rest of the stack—your split rules in the Clash config file, strategy groups, and DNS—still governs which destinations use which exit once traffic reaches the core.

This article complements a full-PC system proxy or TUN story: those modes exist when you need one coherent capture surface. Here we keep the contract intentionally smaller so “everything except the two browsers” stays on a normal network path, including loopback and LAN semantics your IT tools expect. If you are still wiring subscriptions and first launch, read Clash for Windows: install and basics first, then return—browser-only settings only make sense after mixed-port and a healthy profile are already running.

The Three Layers: Browser, OS, and Clash

Think in three layers. The browser decides whether to open a forward proxy connection on localhost. The operating system may still have proxy settings, enterprise policy, or a separate VPN. Clash receives CONNECT requests (for HTTPS) and ordinary HTTP, applies your rules, then hands flows to a selected node or to DIRECT. If you also flip “set system proxy” in the Clash GUI, WinINet-aware apps inherit the same loopback handoff, which is exactly what you are trying to avoid. Turning that off is not “disabling Clash”—it is refusing to be the default for every process.

Your Clash config split rules still matter: the browser is only the client. A rule that sends github.com through a manual PROXY group and 10.0.0.0/8 to DIRECT will behave the same once traffic hits the Clash core. Misaligned expectations usually come from a second problem—DNS (Secure DNS, DoH inside the browser) or a PAC that returns DIRECT for a hostname you thought was proxied.

Map Your Ports Before You Click Anything

Open the running profile and note at least: mixed-port (the usual single listener that speaks both HTTP and SOCKS on one port), the legacy port if you use HTTP only, and socks-port for SOCKS5. Browsers and extensions almost always work well with the mixed port because it accepts HTTP proxy semantics on the same number you can give to Chrome’s “manual proxy” dialog. If your GUI shows “system proxy” or “Clash for Windows is setting proxy,” understand that is simply writing those numbers into the OS; you can copy the same numbers into the browser and leave the OS field blank. When sharing Clash on a LAN, the listener may bind to more than loopback; per-browser Chrome and Edge on the same machine should still use 127.0.0.1 unless you have a good reason to hit another interface.

Step 1: Clash On, System Proxy Off

In the desktop client, ensure the core is running and your subscription is loaded. Then disable the option that registers system proxy (wording varies: “Set as system proxy,” “Set system proxy,” or similar). Verify in Windows: Settings > Network & Internet > Proxy, the “Use a proxy server” entry should be off, unless your organization manages it separately. If a corporate profile forces a PAC URL, that is a different battle—Edge may follow enterprise policy in ways that override manual per-user UI. In those environments, a browser-only Clash plan may conflict with device management, so treat this guide as a personal-device pattern unless IT allows explicit overrides.

If you were debugging Microsoft surfaces that mix WebView2 and the shell, you may have read our Copilot and Edge sidebar note. That article leans on OS-level alignment when multiple components must agree. The browser-only method here is simpler only on the surface: fewer apps ride the tunnel, but you must still be deliberate about Edge channels (stable, Beta) and Chrome profiles because each can carry its own proxy policy.

Step 2: Google Chrome (Per-Profile Manual Proxy)

In Chrome, open chrome://settings/system and confirm you are not instructing the browser to “use the computer’s system proxy” in a way that fights your plan—generally, for this workflow, the browser should not follow the system when the system is clean. The stable approach is: Settings > System > “Open your computer’s proxy settings” is only a shortcut; instead use the OS-independent path via command line or a policy for advanced users, but the most common manual method is: Settings > search “proxy” > “Open your computer’s proxy settings” to verify OS is off, then install a well-maintained extension (for example, a SwitchyOmega-style manager) that can route HTTP/HTTPS to 127.0.0.1:<mixed-port> with patterns, or set Chrome launch flags in a dedicated shortcut.

For a launch-flag profile, a typical Windows shortcut target adds something like --proxy-server="http=127.0.0.1:7890;https=127.0.0.1:7890" (replace 7890 with your mixed-port value). The advantage is no extension in the path; the downside is you must keep one shortcut per “proxied” profile. Extensions add flexibility—per-domain split lists inside the extension—but they can conflict with Chrome’s order of operations: if the extension and the system dialog disagree, the extension usually wins for tab traffic. Document what you use so a future re-install of the browser does not quietly revert you to a broken half-state.

Pay attention to Secure DNS inside the browser. If the browser forces Google or Cloudflare DoH, some lookups may bypass the DNS stack your Clash profile expect when using fake-ip or a local nameserver, which can look like “rules do nothing” even though the proxy path is live. For debugging, you can set DNS to your OS default and align Clash’s nameserver section with the same intent as your split design. This is a subtle but frequent “everything is wrong” source when straddling Chrome and a local core. Also remember Incognito: separate extensions may not run there, so a rule that “works in a normal window” can fail in a private one.

Step 3: Microsoft Edge (Same Idea, Slightly Different Chrome)

Edge is Chromium-based, so the mental model is the same, but the settings UI and profile (Work vs personal) are easy to mix up. Open edge://settings/system and review proxy-related toggles, then the Windows proxy page if needed. You can set a per-profile manual proxy in Edge for HTTP and HTTPS, again pointing to 127.0.0.1 and your mixed-port. If your machine is Azure AD–joined, check whether a management policy re-applies system proxy on schedule; that is outside Clash’s control but it explains periodic “I changed nothing and it broke” events.

Some users keep two Edge channels—one for proxyed research and one for direct internal portals. That is a reasonable workflow as long as you name the taskbar icons differently; otherwise the wrong window ends up in screenshots and bug reports. Edge extensions for switching destinations follow the same caution as Chrome: they are powerful for pattern lists but add another place where mistakes hide. Prefer a single source of truth—either a managed extension profile or a dedicated browser shortcut, not both fighting each other.

Optional: A Local PAC for Fine-Grained Splitting

A PAC file (Proxy Auto-Config) can return PROXY 127.0.0.1:7890 for a list of host suffixes and DIRECT for everything else, then you point the browser at file:///C:/path/your.pac or a tiny local static server. This duplicates some of what Clash does in YAML, but it can be useful if you need the browser to avoid sending local intranet or printer URLs through CONNECT storms. The failure mode to remember: a buggy PAC is harder to read than a flat config in Clash Meta, and Windows may cache PAC content differently than the browser. Use PAC when you truly need JavaScript conditions; otherwise your YAML split rules plus a clean browser proxy to localhost are often simpler. Never point the OS system proxy at a PAC you did not write if you are trying to keep non-browser apps direct—the moment the OS proxy is on, the “browser-only” story is no longer true.

Your Clash Config Still Does the Real Splitting

Browser-level tricks choose whether traffic reaches the core. The YAML split rules choose how it leaves. Keep DOMAIN-SUFFIX order readable: business SaaS, AI APIs, and CDNs you care about should sit above a blunt GEOIP or MATCH to DIRECT if you use regional shortcuts. A common mistake is assuming “the browser is proxied, so my rules are irrelevant”; the opposite is true—without coherent rules, you may send everything through a distant node, or, worse, half through DIRECT because a keyword rule misfired. Revisit the principles in the rule-based split deep dive when you expand beyond a handful of sites.

Strategy groups: prefer a manual select for sessions that break when a url-test flaps—long reads, sign-ins, and WebSockets are touchy. Browsers are particularly good at surfacing that pain as “random 502” or “This site can’t be reached” without a precise TLS error. If you are comparing transparent capture, read TUN again; this tutorial deliberately avoids TUN to keep the office laptop’s other apps out of the tunnel.

Pitfalls: Extensions, Profiles, and WebViews

First, the extension trap: a proxy manager is convenient until it is outdated or conflicts with a second extension that rewrites headers. Whitelist the minimum set of extensions for your research profile. Second, Chrome and Edge profiles are not interchangeable; one profile with a launch-flag proxy and another without is a feature, not a bug—until you open the wrong one during a call. Third, PWA, installed “apps” from a site, and some sign-in Edge sidebars can spawn WebView2 windows that do not always inherit the parent window’s extension graph the way you expect. If something “inside” Edge is blank while a normal tab works, suspect WebView2 path or corporate SSO before you re-export your Clash config.

Fourth, mixed content and service workers: aggressive caching can show stale failure pages after you fix a node. Clear site data for the affected origin once you know routing is good. Fifth, localhost and captive portals: your browser may try to proxy to Clash for addresses that should stay direct on the hotel Wi-Fi; a PAC or a simple extension bypass list for localhost and RFC1918 ranges is often necessary in those “almost works” cases.

When Browser-Only Clash Is Not Enough

If you need terminal git or a container to share the same exit as a tab, a browser-only proxy will not help—export HTTP(S)_PROXY for those tools or step up to TUN. If a binary ignores the system proxy and also ignores manual env vars, TUN is often the only honest fix. The goal of this page is not to say “ never use TUN again”; it is to offer a low-blast-radius setup when your threat model and workplace constraints favor two browsers over a whole-machine tunnel.

Quick Checklist

Confirm Clash is listening on the port you type into the browser. Turn off the client’s system proxy auto-configuration (the toggle that rewrites Windows proxy settings). In Chrome and Edge, avoid duplicating a second conflicting proxy story (OS + extension + flags). Re-read your YAML split rules and DNS, because Clash still enforces the contract once traffic hits the port. Re-test in a fresh profile or Incognito with extensions disabled when results look impossible. If something still makes no sense, move one variable at a time: node selection, rule order, then DNS, then a temporary pause of Secure DNS in the browser. That sequence saves hours compared with toggling “random” Clash buttons that do not map to a single layer of the stack.

Closing the Loop

Using Clash for Chrome and Edge only, without changing the system proxy, is a deliberate compromise: you carry the split logic in the YAML config, you hand the two browsers a single local hop—HTTP or SOCKS to 127.0.0.1—and you keep the rest of the workstation on paths your employer and your games expect. The setup is not “lighter” in terms of thinking; it simply reduces the number of programs that can surprise you. Compared with poking every app separately, a stable Clash profile plus a clean browser proxy line often ends evenings earlier.

→ Download Clash for free and experience the difference when you are ready to standardize the client, then wire this browser pattern on top of a profile you actually trust to stay online under load.