Within the field of computing, many scenarios involve the provision of a set of containers in a computing environment that are respectively restricted to a domain. As a first such example, a web page presented within a web browser may include an iframe that presents content retrieved from a network domain, and that is only permitted by the web browser to access other resources from the same network domain. As a second such example, an untrusted application retrieved from an application source may be executed within a virtual machine container, and may be restricted from communicating with any network domain other than the application source.