Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
Setting the policy turns off enforcement of Certificate Transparency disclosure requirements for a list of Legacy Certificate Authorities (CA) for certificate chains with a specified subjectPublicKeyInfo hash. Enterprise hosts can keep using certificates that otherwise wouldn't be trusted (because they weren't properly publicly disclosed). To turn off enforcement, the subjectPublicKeyInfo hash must appear in a CA certificate recognized as a Legacy CA. A Legacy CA is publicly trusted by one or more operating systems supported by Google Chrome, but not Android Open Source Project or Google Chrome OS.
Specify a subjectPublicKeyInfo hash by linking the hash algorithm name, a slash and the Base64 encoding of that hash algorithm applied to the DER-encoded subjectPublicKeyInfo of the specified certificate. Base64 encoding format matches that of an SPKI Fingerprint. The only recognized hash algorithm is sha256; others are ignored.
Leaving the policy unset means that if certificates requiring disclosure through Certificate Transparency aren't disclosed, then Google Chrome doesn't trust those certificates.
Example value:
sha256/AAAAAAAAAAAAAAAAAAAAAA==
sha256//////////////////////w==
Supported on: At least Microsoft Windows 7 or Windows Server 2008 family
Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
| Registry Hive | HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER |
| Registry Path | Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas |
| Value Name | {number} |
| Value Type | REG_SZ |
| Default Value |
chrome.admx
- Google
- Google Chrome - Default Settings (users can override)
- Content settings
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Home page
- New Tab Page
- Password manager
- Printing
- Removed policies
- Safe Browsing settings
- Startup pages
- Allow default search provider context menu search access
- Allow download restrictions
- Always Open PDF files externally
- Application locale
- Block third party cookies
- Continue running background apps when Google Chrome is closed
- Enable alternate error pages
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable network prediction
- Enable network prediction
- Enable or disable spell checking web service
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable Safe Browsing
- Enable search suggestions
- Enable Translate
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Set default download directory
- Set download directory
- Show Full URLs
- Show Home button on toolbar
- Use System Default Printer as Default
- Google Chrome
- Content settings
- Allow access to sensors on these sites
- Allow cookies on these sites
- Allow images on these sites
- Allow insecure content on these sites
- Allow JavaScript on these sites
- Allow JavaScript to use JIT on these sites
- Allow key generation on these sites
- Allow notifications on these sites
- Allow popups on these sites
- Allow read access via the File System API on these sites
- Allow the File Handling API on these web apps
- Allow the Flash plugin on these sites
- Allow the Serial API on these sites
- Allow WebUSB on these sites
- Allow write access to files and directories on these sites
- Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
- Automatically select client certificates for these sites
- Block access to sensors on these sites
- Block cookies on these sites
- Block images on these sites
- Block insecure content on these sites
- Block JavaScript from using JIT on these sites
- Block JavaScript on these sites
- Block key generation on these sites
- Block notifications on these sites
- Block popups on these sites
- Block read access via the File System API on these sites
- Block the File Handling API on these web apps
- Block the Flash plugin on these sites
- Block the Serial API on these sites
- Block WebUSB on these sites
- Block write access to files and directories on these sites
- Control use of insecure content exceptions
- Control use of JavaScript JIT
- Control use of the File Handling API
- Control use of the File System API for reading
- Control use of the File System API for writing
- Control use of the Serial API
- Control use of the Web Bluetooth API
- Control use of the WebUSB API
- Default cookies setting
- Default Flash setting
- Default geolocation setting
- Default images setting
- Default JavaScript setting
- Default key generation setting
- Default legacy SameSite cookie behavior setting
- Default notification setting
- Default popups setting
- Default sensors setting
- Limit cookies from matching URLs to the current session
- Revert to legacy SameSite behavior for cookies on these sites
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider instant URL
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter controlling search term placement for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for instant URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Allow insecure algorithms in integrity checks on extension updates and installs
- Allow sign in to Google Chrome
- Allow sites to simultaneously navigate and open pop-ups
- Allow users to show passwords in Password Manager (deprecated)
- Choose how to specify proxy server settings
- Clear site data on browser shutdown (deprecated)
- Control the User-Agent Client Hints feature.
- Default mediastream setting
- Disable URL protocol schemes
- Enable firewall traversal from remote access client
- Enable Incognito mode
- Enable Instant
- Enable JavaScript
- Enable Native Window Occlusion
- Enable the old web-based signin flow
- Enable two-factor authentication for remote access hosts
- Enterprise web store name (deprecated)
- Enterprise web store URL (deprecated)
- Force SafeSearch
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Prevent app promotions from appearing on the new tab page
- The enrollment token of cloud policy on desktop
- Use a default referrer policy of no-referrer-when-downgrade.
- Extensions
- Blocks external extensions from being installed
- Configure allowed app/extension types
- Configure extension, app, and user script install sources
- Configure extension installation allow list
- Configure extension installation blacklist
- Configure extension installation blocklist
- Configure extension installation whitelist
- Configure the list of force-installed apps and extensions
- Extension management settings
- Google Cast
- Home page
- HTTP authentication
- Allow Basic authentication for HTTP
- Authentication server allowlist
- Authentication server whitelist
- Cross-origin HTTP Authentication prompts
- Disable CNAME lookup when negotiating Kerberos authentication
- Include non-standard port in Kerberos SPN
- Kerberos delegation server allowlist
- Kerberos delegation server whitelist
- Supported authentication schemes
- Legacy Browser Support
- Alternative browser to launch for configured websites.
- Command-line parameters for switching from the alternative browser.
- Command-line parameters for the alternative browser.
- Delay before launching alternative browser (milliseconds)
- Enable the Legacy Browser Support feature.
- Keep last tab open in Chrome.
- Path to Chrome for switching from the alternative browser.
- URL of an XML file that contains URLs that should never trigger a browser switch.
- URL of an XML file that contains URLs to load in an alternative browser.
- Use Internet Explorer's SiteList policy for Legacy Browser Support.
- Websites that should never trigger a browser switch.
- Websites to open in alternative browser
- Locally managed users settings
- Native Messaging
- New Tab Page
- Password manager
- Printing
- Proxy server
- Remote access
- Allow gnubby authentication for remote access hosts
- Allow remote access connections to this machine
- Allow remote access users to transfer files to/from the host
- Allow remote users to interact with elevated windows in remote assistance sessions
- Client certificate for connecting to RemoteAccessHostTokenValidationUrl
- Configure the required domain name for remote access clients
- Configure the required domain name for remote access hosts
- Configure the required domain names for remote access clients
- Configure the required domain names for remote access hosts
- Configure the TalkGadget prefix for remote access hosts
- Enable curtaining of remote access hosts
- Enable firewall traversal from remote access host
- Enable or disable PIN-less authentication for remote access hosts
- Enable the use of relay servers by the remote access host
- Maximum session duration allowed for remote access connections
- Policy overrides for Debug builds of the remote access host
- Restrict the UDP port range used by the remote access host
- URL for validating remote access client authentication token
- URL where remote access clients should obtain their authentication token
- Removed policies
- Allow Google Chrome Frame to handle the following content types
- Default HTML renderer for Google Chrome Frame
- Allow WebDriver to Override Incompatible Policies
- Enable trust in Symantec Corporation's Legacy PKI Infrastructure
- Suppress Google Cloud Print deprecation messages
- Use Legacy Form Controls until M84.
- Safe Browsing settings
- Configure the change password URL.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of enterprise login URLs where password protection service should capture salted hashes of passwords.
- Enable Safe Browsing Extended Reporting
- Password protection warning trigger
- Safe Browsing Protection Level
- Startup pages
- Abusive Experience Intervention Enforce
- Ads setting for sites with intrusive ads
- Allow access to a list of URLs
- Allow access to a list of URLs
- Allow background tabs freeze
- Allow certificates issued by local trust anchors without subjectAlternativeName extension
- Allow collection of WebRTC event logs from Google services
- Allow default search provider context menu search access
- Allow Dinosaur Easter Egg Game
- Allow DNS queries for additional DNS record types
- Allow download restrictions
- Allow fullscreen mode
- Allow Google Cast to connect to Cast devices on all IP addresses.
- Allow invocation of file selection dialogs
- Allow legacy TLS/DTLS downgrade in WebRTC
- Allow media autoplay
- Allow media autoplay on a allowlist of URL patterns
- Allow media autoplay on a whitelist of URL patterns
- Allow merging dictionary policies from different sources
- Allow merging list policies from different sources
- Allow or deny audio capture
- Allow or deny screen capture
- Allow or deny video capture
- Allow proceeding from the SSL warning page
- Allow proceeding from the SSL warning page on specific origins
- Allow queries to a Google time service
- Allow queries to a Google time service
- Allow QUIC protocol
- Allow remote debugging
- Allow running plugins that are outdated
- Allows a page to perform synchronous XHR requests during page dismissal.
- Allows a page to show popups during its unloading
- Allow SHA-1 signed certificates issued by local trust anchors
- Allows the AppCache feature to be re-enabled even if it is off by default.
- Allow the audio process to run with priority above normal on Windows
- Allow the audio sandbox to run
- Allow the listed sites to make requests to more-private network endpoints from insecure contexts.
- Allow user feedback
- Allow users to customize the background on the New Tab page
- Allow users to opt in to Safe Browsing extended reporting
- Allow websites to query for available payment methods.
- Always Open PDF files externally
- Always runs plugins that require authorization (deprecated)
- Application locale
- Ask where to save each file before downloading
- Block access to a list of URLs
- Block access to a list of URLs
- Block third party cookies
- Browser experiments icon in toolbar
- Browser sign in settings
- Browsing Data Lifetime Settings
- CECPQ2 post-quantum key-agreement enabled for TLS
- Clear Browsing Data on Exit
- Configure list of force-installed Web Apps
- Configure the color of the browser's theme
- Configure the content and order of preferred languages
- Continue running background apps when Google Chrome is closed
- Control how Chrome Cleanup reports data to Google
- Control SafeSites adult content filtering.
- Controls the mode of DNS-over-HTTPS
- Control the IntensiveWakeUpThrottling feature.
- Control use of the Headless Mode
- Control where Developer Tools can be used
- Default printer selection rules
- Define a list of protocols that can launch an external application from listed origins without prompting the user
- Define domains allowed to access Google Workspace
- Determine the availability of variations
- Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
- Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
- Disable Certificate Transparency enforcement for a list of URLs
- Disable Developer Tools
- Disable Print Preview
- Disable proceeding from the Safe Browsing warning page
- Disable saving browser history
- Disable SPDY protocol
- Disable support for 3D graphics APIs
- Disable synchronization of data with Google
- Disable taking screenshots
- Disable TLS False Start
- DNS interception checks enabled
- Do not set window.opener for links targeting _blank
- Enable 3DES cipher suites in TLS
- Enable additional protections for users enrolled in the Advanced Protection program
- Enable add person in user manager
- Enable alternate error pages
- Enable Ambient Authentication for profile types.
- Enable a TLS 1.3 security feature for local trust anchors.
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable chrome://devices
- Enable Chrome Cleanup on Windows
- Enable component updates in Google Chrome
- Enable CORS check mitigations in the new CORS implementation
- Enable deleting browser and download history
- Enable deprecated privet printing
- Enable deprecated web platform features for a limited time
- Enable desktop sharing in the omnibox and 3-dot menu
- Enable DHE cipher suites in TLS
- Enable ending processes in Task Manager
- Enable force sign in for Google Chrome
- Enable Get Image Descriptions from Google.
- Enable globally scoped HTTP auth cache
- Enable Google Cast
- Enable Google Cloud Print proxy
- Enable guest mode in browser
- Enable HTTP/0.9 support on non-default ports
- Enable lock icon in the omnibox for secure connections
- Enable mandatory cloud management enrollment
- Enable Media Recommendations
- Enable network prediction
- Enable network prediction
- Enable online OCSP/CRL checks
- Enable or disable bookmark editing
- Enable or disable spell checking web service
- Enable PAC URL stripping (for https://)
- Enable printing
- Enable RC4 cipher suites in TLS
- Enable Renderer Code Integrity
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable Safe Browsing
- Enable scrolling to text specified in URL fragments
- Enable search suggestions
- Enable security warnings for command-line flags
- Enable sending downloads to Google for deep scanning for users enrolled in the Advanced Protection program
- Enables experimental policies
- Enable showing full-tab promotional content
- Enable showing the welcome page on the first browser launch following OS upgrade
- Enable Signed HTTP Exchange (SXG) support
- Enable signin interception
- Enable Site Isolation for every site
- Enable Site Isolation for specified origins
- Enables managed extensions to use the Enterprise Hardware Platform API
- Enables merging of user cloud policies into machine-level policies
- Enable spellcheck
- Enables the concept of policy atomic groups
- Enable stricter treatment for mixed content
- Enable submission of documents to Google Cloud Print
- Enable the Click to Call Feature
- Enable the creation of roaming copies for Google Chrome profile data
- Enable third party software injection blocking
- Enable Translate
- Enable URL-keyed anonymized data collection
- Enable warnings for insecure forms
- Enable Window Occlusion
- Enable WPAD optimization
- Enforce browser guest mode
- Ephemeral profile
- Explicitly allowed network ports
- Extend Flash content setting to all content (deprecated)
- Fetch keepalive duration on Shutdown
- Force disable spellcheck languages
- Force disable spellcheck languages
- Force enable spellcheck languages
- Force Google SafeSearch
- Force minimum YouTube Restricted Mode
- Force networking code to run in the browser process
- Force YouTube Safety Mode
- Google Chrome cloud policy overrides Platform policy.
- Hide the web store from the New Tab Page and app launcher
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import of homepage from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Incognito mode availability
- Intranet Redirection Behavior
- Limits the number of user data snapshots retained for use in case of emergency rollback.
- List of file types that should be automatically opened on download
- List of names that will bypass the HSTS policy check
- List of types that should be excluded from synchronization
- Managed Bookmarks
- Maximal number of concurrent connections to the proxy server
- Maximum fetch delay after a policy invalidation
- Maximum SSL version enabled
- Minimum SSL version enabled
- Minimum TLS version to fallback to
- Notify a user that a browser relaunch or device restart is recommended or required
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Profile picker availability on startup
- Proxy settings
- Re-enable Web Components v0 API until M84.
- Refresh rate for user policy
- Require online OCSP/CRL checks for local trust anchors
- Restrict the range of local UDP ports used by WebRTC
- Restrict which Google accounts are allowed to be set as browser primary accounts in Google Chrome
- Set disk cache directory
- Set disk cache size in bytes
- Set download directory
- Set Google Chrome as Default Browser
- Set Google Chrome Frame user data directory
- Set limit on megabytes of memory a single Chrome instance can use.
- Set media disk cache size in bytes
- Sets managed configuration values to websites to specific origins
- Set the roaming profile directory
- Set the time interval for relaunch
- Set the time period for update notifications
- Set user data directory
- Show an "Always open" checkbox in external protocol dialog.
- Show cards on the New Tab Page
- Show Full URLs
- Show Home button on toolbar
- Show the apps shortcut in the bookmark bar
- Specifies whether to allow insecure websites to make requests to more-private network endpoints
- Specify a list of disabled plugins
- Specify a list of enabled plugins
- Specify a list of plugins that the user can enable or disable
- Specify URI template of desired DNS-over-HTTPS resolver
- Specify whether the plugin finder should be disabled (deprecated)
- Suppress JavaScript Dialogs triggered from different origin subframes
- Suppress lookalike domain warnings on domains
- Suppress the Google Chrome Frame turndown prompt
- Suppress the unsupported OS warning
- The enrollment token of cloud policy on desktop
- The IP handling policy of WebRTC
- URLs/domains automatically permitted direct Security Key attestation
- URLs for which local IPs are exposed in WebRTC ICE candidates
- URLs that will be granted access to audio capture devices without prompt
- URLs that will be granted access to video capture devices without prompt
- URLs where AutoOpenFileTypes can apply
- Use built-in DNS client
- Use hardware acceleration when available
- Use System Default Printer as Default
- Use the legacy CORS implementation rather than new CORS
- Content settings
- Google Chrome - Default Settings (users can override)
- Google
- Google Chrome - Default Settings (users can override)
- Content settings
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Home page
- New Tab Page
- Password manager
- Printing
- Removed policies
- Safe Browsing settings
- Startup pages
- Allow default search provider context menu search access
- Allow download restrictions
- Always Open PDF files externally
- Application locale
- Block third party cookies
- Continue running background apps when Google Chrome is closed
- Enable alternate error pages
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable network prediction
- Enable network prediction
- Enable or disable spell checking web service
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable Safe Browsing
- Enable search suggestions
- Enable Translate
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Set default download directory
- Set download directory
- Show Full URLs
- Show Home button on toolbar
- Use System Default Printer as Default
- Google Chrome
- Content settings
- Allow access to sensors on these sites
- Allow cookies on these sites
- Allow images on these sites
- Allow insecure content on these sites
- Allow JavaScript on these sites
- Allow JavaScript to use JIT on these sites
- Allow key generation on these sites
- Allow notifications on these sites
- Allow popups on these sites
- Allow read access via the File System API on these sites
- Allow the File Handling API on these web apps
- Allow the Flash plugin on these sites
- Allow the Serial API on these sites
- Allow WebUSB on these sites
- Allow write access to files and directories on these sites
- Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
- Automatically select client certificates for these sites
- Block access to sensors on these sites
- Block cookies on these sites
- Block images on these sites
- Block insecure content on these sites
- Block JavaScript from using JIT on these sites
- Block JavaScript on these sites
- Block key generation on these sites
- Block notifications on these sites
- Block popups on these sites
- Block read access via the File System API on these sites
- Block the File Handling API on these web apps
- Block the Flash plugin on these sites
- Block the Serial API on these sites
- Block WebUSB on these sites
- Block write access to files and directories on these sites
- Control use of insecure content exceptions
- Control use of JavaScript JIT
- Control use of the File Handling API
- Control use of the File System API for reading
- Control use of the File System API for writing
- Control use of the Serial API
- Control use of the Web Bluetooth API
- Control use of the WebUSB API
- Default cookies setting
- Default Flash setting
- Default geolocation setting
- Default images setting
- Default JavaScript setting
- Default key generation setting
- Default legacy SameSite cookie behavior setting
- Default notification setting
- Default popups setting
- Default sensors setting
- Limit cookies from matching URLs to the current session
- Revert to legacy SameSite behavior for cookies on these sites
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider instant URL
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter controlling search term placement for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for instant URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Allow insecure algorithms in integrity checks on extension updates and installs
- Allow sign in to Google Chrome
- Allow sites to simultaneously navigate and open pop-ups
- Allow users to show passwords in Password Manager (deprecated)
- Choose how to specify proxy server settings
- Clear site data on browser shutdown (deprecated)
- Control the User-Agent Client Hints feature.
- Default mediastream setting
- Disable URL protocol schemes
- Enable firewall traversal from remote access client
- Enable Incognito mode
- Enable Instant
- Enable JavaScript
- Enable Native Window Occlusion
- Enable the old web-based signin flow
- Enable two-factor authentication for remote access hosts
- Enterprise web store name (deprecated)
- Enterprise web store URL (deprecated)
- Force SafeSearch
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Prevent app promotions from appearing on the new tab page
- The enrollment token of cloud policy on desktop
- Use a default referrer policy of no-referrer-when-downgrade.
- Extensions
- Blocks external extensions from being installed
- Configure allowed app/extension types
- Configure extension, app, and user script install sources
- Configure extension installation allow list
- Configure extension installation blacklist
- Configure extension installation blocklist
- Configure extension installation whitelist
- Configure the list of force-installed apps and extensions
- Extension management settings
- Google Cast
- Home page
- HTTP authentication
- Allow Basic authentication for HTTP
- Authentication server allowlist
- Authentication server whitelist
- Cross-origin HTTP Authentication prompts
- Disable CNAME lookup when negotiating Kerberos authentication
- Include non-standard port in Kerberos SPN
- Kerberos delegation server allowlist
- Kerberos delegation server whitelist
- Supported authentication schemes
- Legacy Browser Support
- Alternative browser to launch for configured websites.
- Command-line parameters for switching from the alternative browser.
- Command-line parameters for the alternative browser.
- Delay before launching alternative browser (milliseconds)
- Enable the Legacy Browser Support feature.
- Keep last tab open in Chrome.
- Path to Chrome for switching from the alternative browser.
- URL of an XML file that contains URLs that should never trigger a browser switch.
- URL of an XML file that contains URLs to load in an alternative browser.
- Use Internet Explorer's SiteList policy for Legacy Browser Support.
- Websites that should never trigger a browser switch.
- Websites to open in alternative browser
- Locally managed users settings
- Native Messaging
- New Tab Page
- Password manager
- Printing
- Proxy server
- Remote access
- Allow gnubby authentication for remote access hosts
- Allow remote access connections to this machine
- Allow remote access users to transfer files to/from the host
- Allow remote users to interact with elevated windows in remote assistance sessions
- Client certificate for connecting to RemoteAccessHostTokenValidationUrl
- Configure the required domain name for remote access clients
- Configure the required domain name for remote access hosts
- Configure the required domain names for remote access clients
- Configure the required domain names for remote access hosts
- Configure the TalkGadget prefix for remote access hosts
- Enable curtaining of remote access hosts
- Enable firewall traversal from remote access host
- Enable or disable PIN-less authentication for remote access hosts
- Enable the use of relay servers by the remote access host
- Maximum session duration allowed for remote access connections
- Policy overrides for Debug builds of the remote access host
- Restrict the UDP port range used by the remote access host
- URL for validating remote access client authentication token
- URL where remote access clients should obtain their authentication token
- Removed policies
- Allow Google Chrome Frame to handle the following content types
- Default HTML renderer for Google Chrome Frame
- Allow WebDriver to Override Incompatible Policies
- Enable trust in Symantec Corporation's Legacy PKI Infrastructure
- Suppress Google Cloud Print deprecation messages
- Use Legacy Form Controls until M84.
- Safe Browsing settings
- Configure the change password URL.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of enterprise login URLs where password protection service should capture salted hashes of passwords.
- Enable Safe Browsing Extended Reporting
- Password protection warning trigger
- Safe Browsing Protection Level
- Startup pages
- Abusive Experience Intervention Enforce
- Ads setting for sites with intrusive ads
- Allow access to a list of URLs
- Allow access to a list of URLs
- Allow background tabs freeze
- Allow certificates issued by local trust anchors without subjectAlternativeName extension
- Allow collection of WebRTC event logs from Google services
- Allow default search provider context menu search access
- Allow Dinosaur Easter Egg Game
- Allow DNS queries for additional DNS record types
- Allow download restrictions
- Allow fullscreen mode
- Allow Google Cast to connect to Cast devices on all IP addresses.
- Allow invocation of file selection dialogs
- Allow legacy TLS/DTLS downgrade in WebRTC
- Allow media autoplay
- Allow media autoplay on a allowlist of URL patterns
- Allow media autoplay on a whitelist of URL patterns
- Allow merging dictionary policies from different sources
- Allow merging list policies from different sources
- Allow or deny audio capture
- Allow or deny screen capture
- Allow or deny video capture
- Allow proceeding from the SSL warning page
- Allow proceeding from the SSL warning page on specific origins
- Allow queries to a Google time service
- Allow queries to a Google time service
- Allow QUIC protocol
- Allow remote debugging
- Allow running plugins that are outdated
- Allows a page to perform synchronous XHR requests during page dismissal.
- Allows a page to show popups during its unloading
- Allow SHA-1 signed certificates issued by local trust anchors
- Allows the AppCache feature to be re-enabled even if it is off by default.
- Allow the audio process to run with priority above normal on Windows
- Allow the audio sandbox to run
- Allow the listed sites to make requests to more-private network endpoints from insecure contexts.
- Allow user feedback
- Allow users to customize the background on the New Tab page
- Allow users to opt in to Safe Browsing extended reporting
- Allow websites to query for available payment methods.
- Always Open PDF files externally
- Always runs plugins that require authorization (deprecated)
- Application locale
- Ask where to save each file before downloading
- Block access to a list of URLs
- Block access to a list of URLs
- Block third party cookies
- Browser experiments icon in toolbar
- Browser sign in settings
- Browsing Data Lifetime Settings
- CECPQ2 post-quantum key-agreement enabled for TLS
- Clear Browsing Data on Exit
- Configure list of force-installed Web Apps
- Configure the color of the browser's theme
- Configure the content and order of preferred languages
- Continue running background apps when Google Chrome is closed
- Control how Chrome Cleanup reports data to Google
- Control SafeSites adult content filtering.
- Controls the mode of DNS-over-HTTPS
- Control the IntensiveWakeUpThrottling feature.
- Control use of the Headless Mode
- Control where Developer Tools can be used
- Default printer selection rules
- Define a list of protocols that can launch an external application from listed origins without prompting the user
- Define domains allowed to access Google Workspace
- Determine the availability of variations
- Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
- Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
- Disable Certificate Transparency enforcement for a list of URLs
- Disable Developer Tools
- Disable Print Preview
- Disable proceeding from the Safe Browsing warning page
- Disable saving browser history
- Disable SPDY protocol
- Disable support for 3D graphics APIs
- Disable synchronization of data with Google
- Disable taking screenshots
- Disable TLS False Start
- DNS interception checks enabled
- Do not set window.opener for links targeting _blank
- Enable 3DES cipher suites in TLS
- Enable additional protections for users enrolled in the Advanced Protection program
- Enable add person in user manager
- Enable alternate error pages
- Enable Ambient Authentication for profile types.
- Enable a TLS 1.3 security feature for local trust anchors.
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable chrome://devices
- Enable Chrome Cleanup on Windows
- Enable component updates in Google Chrome
- Enable CORS check mitigations in the new CORS implementation
- Enable deleting browser and download history
- Enable deprecated privet printing
- Enable deprecated web platform features for a limited time
- Enable desktop sharing in the omnibox and 3-dot menu
- Enable DHE cipher suites in TLS
- Enable ending processes in Task Manager
- Enable force sign in for Google Chrome
- Enable Get Image Descriptions from Google.
- Enable globally scoped HTTP auth cache
- Enable Google Cast
- Enable Google Cloud Print proxy
- Enable guest mode in browser
- Enable HTTP/0.9 support on non-default ports
- Enable lock icon in the omnibox for secure connections
- Enable mandatory cloud management enrollment
- Enable Media Recommendations
- Enable network prediction
- Enable network prediction
- Enable online OCSP/CRL checks
- Enable or disable bookmark editing
- Enable or disable spell checking web service
- Enable PAC URL stripping (for https://)
- Enable printing
- Enable RC4 cipher suites in TLS
- Enable Renderer Code Integrity
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable Safe Browsing
- Enable scrolling to text specified in URL fragments
- Enable search suggestions
- Enable security warnings for command-line flags
- Enable sending downloads to Google for deep scanning for users enrolled in the Advanced Protection program
- Enables experimental policies
- Enable showing full-tab promotional content
- Enable showing the welcome page on the first browser launch following OS upgrade
- Enable Signed HTTP Exchange (SXG) support
- Enable signin interception
- Enable Site Isolation for every site
- Enable Site Isolation for specified origins
- Enables managed extensions to use the Enterprise Hardware Platform API
- Enables merging of user cloud policies into machine-level policies
- Enable spellcheck
- Enables the concept of policy atomic groups
- Enable stricter treatment for mixed content
- Enable submission of documents to Google Cloud Print
- Enable the Click to Call Feature
- Enable the creation of roaming copies for Google Chrome profile data
- Enable third party software injection blocking
- Enable Translate
- Enable URL-keyed anonymized data collection
- Enable warnings for insecure forms
- Enable Window Occlusion
- Enable WPAD optimization
- Enforce browser guest mode
- Ephemeral profile
- Explicitly allowed network ports
- Extend Flash content setting to all content (deprecated)
- Fetch keepalive duration on Shutdown
- Force disable spellcheck languages
- Force disable spellcheck languages
- Force enable spellcheck languages
- Force Google SafeSearch
- Force minimum YouTube Restricted Mode
- Force networking code to run in the browser process
- Force YouTube Safety Mode
- Google Chrome cloud policy overrides Platform policy.
- Hide the web store from the New Tab Page and app launcher
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import of homepage from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Incognito mode availability
- Intranet Redirection Behavior
- Limits the number of user data snapshots retained for use in case of emergency rollback.
- List of file types that should be automatically opened on download
- List of names that will bypass the HSTS policy check
- List of types that should be excluded from synchronization
- Managed Bookmarks
- Maximal number of concurrent connections to the proxy server
- Maximum fetch delay after a policy invalidation
- Maximum SSL version enabled
- Minimum SSL version enabled
- Minimum TLS version to fallback to
- Notify a user that a browser relaunch or device restart is recommended or required
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Profile picker availability on startup
- Proxy settings
- Re-enable Web Components v0 API until M84.
- Refresh rate for user policy
- Require online OCSP/CRL checks for local trust anchors
- Restrict the range of local UDP ports used by WebRTC
- Restrict which Google accounts are allowed to be set as browser primary accounts in Google Chrome
- Set disk cache directory
- Set disk cache size in bytes
- Set download directory
- Set Google Chrome as Default Browser
- Set Google Chrome Frame user data directory
- Set limit on megabytes of memory a single Chrome instance can use.
- Set media disk cache size in bytes
- Sets managed configuration values to websites to specific origins
- Set the roaming profile directory
- Set the time interval for relaunch
- Set the time period for update notifications
- Set user data directory
- Show an "Always open" checkbox in external protocol dialog.
- Show cards on the New Tab Page
- Show Full URLs
- Show Home button on toolbar
- Show the apps shortcut in the bookmark bar
- Specifies whether to allow insecure websites to make requests to more-private network endpoints
- Specify a list of disabled plugins
- Specify a list of enabled plugins
- Specify a list of plugins that the user can enable or disable
- Specify URI template of desired DNS-over-HTTPS resolver
- Specify whether the plugin finder should be disabled (deprecated)
- Suppress JavaScript Dialogs triggered from different origin subframes
- Suppress lookalike domain warnings on domains
- Suppress the Google Chrome Frame turndown prompt
- Suppress the unsupported OS warning
- The enrollment token of cloud policy on desktop
- The IP handling policy of WebRTC
- URLs/domains automatically permitted direct Security Key attestation
- URLs for which local IPs are exposed in WebRTC ICE candidates
- URLs that will be granted access to audio capture devices without prompt
- URLs that will be granted access to video capture devices without prompt
- URLs where AutoOpenFileTypes can apply
- Use built-in DNS client
- Use hardware acceleration when available
- Use System Default Printer as Default
- Use the legacy CORS implementation rather than new CORS
- Content settings
- Google Chrome - Default Settings (users can override)