Minimum TLS version to fallback to
Warning: The TLS version fallback will be removed from Google Chrome after version 52 (around September 2016) and this policy will stop working then.
When a TLS handshake fails, Google Chrome would previously retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.
If this policy is not configured or if it is set to "tls1.2" then Google Chrome no longer performs this fallback. Note that this does not disable support for older TLS versions, only whether Google Chrome will work around buggy servers which cannot negotiate versions correctly.
Otherwise, if compatibility with a buggy server must be maintained, this policy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.
Supported on: SUPPORTED_WIN7
Minimum TLS version to fallback to
- TLS 1.1
Registry Hive HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER Registry Path Software\Policies\Google\Chrome Value Name SSLVersionFallbackMin Value Type REG_SZ Value tls1.1 - TLS 1.2
Registry Hive HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER Registry Path Software\Policies\Google\Chrome Value Name SSLVersionFallbackMin Value Type REG_SZ Value tls1.2
chrome.admx
- Google
- Google Chrome - Default Settings (users can override)
- Content Settings
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternative URLs for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Homepage
- New Tab Page
- Password manager
- Printing
- Removed policies
- Safe Browsing settings
- Startup pages:
- Allow default search provider context menu search access
- Allow download restrictions
- Always Open PDF files externally
- Application locale
- Block third-party cookies
- Continue running background apps when Google Chrome is closed
- Enable alternate error pages
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable network prediction.
- Enable network prediction.
- Enable or disable spell checking web service
- Enable reporting of usage and crash-related data
- Enable Safe Browsing
- Enable search suggestions
- Enable Translate
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- SafeBrowsing enable state for trusted sources
- Set default download directory
- Set download directory
- Show Full URLs
- Show Home button on the toolbar
- Use System Default Printer as Default
- Google Chrome
- Configure remote access options
- Allow gnubby authentication for remote access hosts
- Allow remote access connections to this machine
- Allow remote access users to transfer files to/from the host
- Allow remote users to interact with elevated windows in remote assistance sessions
- Client certificate for connecting to RemoteAccessHostTokenValidationUrl
- Configure the required domain name for remote access clients
- Configure the required domain name for remote access hosts
- Configure the required domain names for remote access clients
- Configure the required domain names for remote access hosts
- Configure the TalkGadget prefix for remote access hosts
- Enable curtaining of remote access hosts
- Enable firewall traversal from remote access host
- Enable or disable PIN-less authentication for remote access hosts
- Enable the use of relay servers by the remote access host
- Maximum session duration allowed for remote access connections
- Policy overrides for Debug builds of the remote access host
- Restrict the UDP port range used by the remote access host
- URL for validating remote access client authentication token
- URL where remote access clients should obtain their authentication token
- Content Settings
- Allow access to sensors on these sites
- Allow cookies on these sites
- Allow images on these sites
- Allow insecure content on these sites
- Allow JavaScript on these sites
- Allow JavaScript to use JIT on these sites
- Allow key generation on these sites
- Allow notifications on these sites
- Allow pop-ups on these sites
- Allow read access via the File System API on these sites
- Allow session only cookies on these sites
- Allow the File Handling API on these web apps
- Allow the Flash plug-in on these sites
- Allow the Serial API on these sites
- Allow WebUSB on these sites
- Allow write access to files and directories on these sites
- Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
- Automatically select client certificates for these sites
- Block access to sensors on these sites
- Block cookies on these sites
- Block images on these sites
- Block insecure content on these sites
- Block JavaScript from using JIT on these sites
- Block JavaScript on these sites
- Block key generation on these sites
- Block notifications from these sites
- Block pop-ups on these sites
- Block read access via the File System API on these sites
- Block the File Handling API on these web apps
- Block the Flash plug-in on these sites
- Block the Serial API on these sites
- Block WebUSB on these sites
- Block write access to files and directories on these sites
- Control use of insecure content exceptions
- Control use of JavaScript JIT
- Control use of the File Handling API
- Control use of the File System API for reading
- Control use of the File System API for writing
- Control use of the Serial API
- Control use of the Web Bluetooth API
- Control use of the WebUSB API
- Default cookies setting
- Default Flash setting
- Default geolocation setting
- Default images setting
- Default JavaScript setting
- Default key generation setting
- Default legacy SameSite cookie behavior setting
- Default notification settings
- Default sensors setting
- Revert to legacy SameSite behavior for cookies on these sites
- setting
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider instant URL
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternative URLs for the default search provider
- Parameter controlling search term placement for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for instant URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Allow insecure algorithms in integrity checks on extension updates and installs
- Allow sign in to Google Chrome
- Allow sites to simultaneously navigate and open pop-ups
- Allow users to show passwords in Password Manager (deprecated)
- Choose how to specify proxy server settings
- Clear site data on browser shutdown (deprecated)
- Control the User-Agent Client Hints feature.
- Default mediastream setting
- Disable URL protocol schemes
- Enable firewall traversal from remote access client
- Enable Incognito mode
- Enable Instant
- Enable JavaScript
- Enable Native Window Occlusion
- Enable the old web-based signin flow
- Enable two-factor authentication for remote access hosts
- Enterprise web store name (deprecated)
- Enterprise web store URL (deprecated)
- Force SafeSearch
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Prevent app promotions from appearing on the new tab page
- The enrollment token of cloud policy on desktop
- Use a default referrer policy of no-referrer-when-downgrade.
- Extensions
- Blocks external extensions from being installed
- Configure allowed app/extension types
- Configure extension, app, and user script install sources
- Configure extension installation allow list
- Configure extension installation blacklist
- Configure extension installation blocklist
- Configure extension installation whitelist
- Configure the list of force-installed apps and extensions
- Extension management settings
- Google Cast
- Homepage
- Legacy Browser Support
- Alternative browser to launch for configured websites.
- Command-line parameters for switching from the alternative browser.
- Command-line parameters for the alternative browser.
- Delay before launching alternative browser (milliseconds)
- Enable the Legacy Browser Support feature.
- Keep last tab open in Chrome.
- Path to Chrome for switching from the alternative browser.
- URL of an XML file that contains URLs that should never trigger a browser switch.
- URL of an XML file that contains URLs to load in an alternative browser.
- Use Internet Explorer's SiteList policy for Legacy Browser Support.
- Websites that should never trigger a browser switch.
- Websites to open in alternative browser
- Locally managed users settings
- Native Messaging
- New Tab Page
- Password manager
- Policies for HTTP authentication
- Allow Basic authentication for HTTP
- Authentication server allowlist
- Authentication server whitelist
- Cross-origin HTTP Basic Auth prompts
- Disable CNAME lookup when negotiating Kerberos authentication
- Include non-standard port in Kerberos SPN
- Kerberos delegation server allowlist
- Kerberos delegation server whitelist
- Supported authentication schemes
- Printing
- Proxy server
- Removed policies
- Allow Google Chrome Frame to handle the listed content types
- Default HTML renderer for Google Chrome Frame
- Allow WebDriver to Override Incompatible Policies
- Enable trust in Symantec Corporation's Legacy PKI Infrastructure
- Suppress Google Cloud Print deprecation messages
- Use Legacy Form Controls until M84.
- Safe Browsing settings
- Configure the change password URL.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of enterprise login URLs where password protection service should capture salted hashes of passwords.
- Enable Safe Browsing Extended Reporting
- Password protection warning trigger
- Safe Browsing Protection Level
- Startup pages:
- Abusive Experience Intervention Enforce
- Ads setting for sites with intrusive ads
- Allow access to a list of URLs
- Allow background tabs freeze
- Allow collection of WebRTC event logs from Google services
- Allow default search provider context menu search access
- Allow Dinosaur Easter Egg Game
- Allow DNS queries for additional DNS record types
- Allow download restrictions
- Allow fullscreen mode
- Allow Google Cast to connect to Cast devices on all IP addresses.
- Allow invocation of file selection dialogues
- Allow legacy TLS/DTLS downgrade in WebRTC
- Allow media autoplay
- Allow media autoplay on a allowlist of URL patterns
- Allow media autoplay on a whitelist of URL patterns
- Allow merging dictionary policies from different sources
- Allow merging list policies from different sources
- Allow or deny audio capture
- Allow or deny screen capture
- Allow or deny video capture
- Allow proceeding from the SSL warning page
- Allow proceeding from the SSL warning page on specific origins
- Allow queries to a Google time service
- Allow queries to a Google time service
- Allow remote debugging
- Allow running plug-ins that are outdated
- Allows access to a list of URLs
- Allows a page to perform synchronous XHR requests during page dismissal.
- Allows a page to show popups during its unloading
- Allows QUIC protocol
- Allows the AppCache feature to be re-enabled even if it is off by default.
- Allow the audio process to run with priority above normal on Windows
- Allow the audio sandbox to run
- Allow the listed sites to make requests to more-private network endpoints from insecure contexts.
- Allow user feedback
- Allow users to customize the background on the New Tab page
- Allow users to opt in to Safe Browsing extended reporting
- Allow websites to query for available payment methods.
- Always Open PDF files externally
- Always runs plug-ins that require authorisation
- Application locale
- Ask where to save each file before downloading
- Block access to a list of URLs
- Block access to a list of URLs
- Block third-party cookies
- Browser experiments icon in toolbar
- Browser sign in settings
- Browsing Data Lifetime Settings
- CECPQ2 post-quantum key-agreement enabled for TLS
- Clear Browsing Data on Exit
- Configure list of force-installed Web Apps
- Configure the color of the browser's theme
- Configure the content and order of preferred languages
- Continue running background apps when Google Chrome is closed
- Control how Chrome Cleanup reports data to Google
- Control SafeSites adult content filtering.
- Controls the mode of DNS-over-HTTPS
- Control the IntensiveWakeUpThrottling feature.
- Control use of the Headless Mode
- Control where Developer Tools can be used
- Default printer selection rules
- Define a list of protocols that can launch an external application from listed origins without prompting the user
- Define domains allowed to access Google Apps
- Determine the availability of variations
- Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
- Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
- Disable Certificate Transparency enforcement for a list of URLs
- Disable Developer Tools
- Disable Print Preview
- Disable proceeding from the Safe Browsing warning page
- Disable saving browser history
- Disable SPDY protocol
- Disable support for 3D graphics APIs
- Disable synchronisation of data with Google
- Disable taking screenshots
- Disable TLS False Start
- DNS interception checks enabled
- Do not set window.opener for links targeting _blank
- Enable 3DES cipher suites in TLS
- Enable additional protections for users enrolled in the Advanced Protection program
- Enable add person in user manager
- Enable alternate error pages
- Enable Ambient Authentication for profile types.
- Enable a TLS 1.3 security feature for local trust anchors.
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable chrome://devices
- Enable Chrome Cleanup on Windows
- Enable CORS check mitigations in the new CORS implementation
- Enable deleting browser and download history
- Enable deprecated privet printing
- Enable deprecated web platform features for a limited time
- Enable desktop sharing in the omnibox and 3-dot menu
- Enable Get Image Descriptions from Google.
- Enable globally scoped HTTP auth cache
- Enable Google Cloud Print proxy
- Enable guest mode in browser
- Enable lock icon in the omnibox for secure connections
- Enable mandatory cloud management enrollment
- Enable Media Recommendations
- Enable network prediction.
- Enable network prediction.
- Enable or disable spell checking web service
- Enable PAC URL stripping (for https://)
- Enable printing
- Enable Renderer Code Integrity
- Enable reporting of usage and crash-related data
- Enable Safe Browsing
- Enables component updates in Google Chrome
- Enable scrolling to text specified in URL fragments
- Enable search suggestions
- Enable security warnings for command-line flags
- Enable sending downloads to Google for deep scanning for users enrolled in the Advanced Protection program
- Enables ending processes in Task Manager
- Enables experimental policies
- Enables force sign in for Google Chrome
- Enables Google Cast
- Enable showing full-tab promotional content
- Enable showing the welcome page on the first browser launch following OS upgrade
- Enables HTTP/0.9 support on non-default ports
- Enable Signed HTTP Exchange (SXG) support
- Enable signin interception
- Enable Site Isolation for every site
- Enable Site Isolation for specified origins
- Enables managed extensions to use the Enterprise Hardware Platform API
- Enables merging of user cloud policies into machine-level policies
- Enables or disables bookmark editing
- Enable spellcheck
- Enables the concept of policy atomic groups
- Enable stricter treatment for mixed content
- Enable submission of documents to Google Cloud Print
- Enable the Click to Call Feature
- Enable the creation of roaming copies for Google Chrome profile data
- Enable third party software injection blocking
- Enable Translate
- Enable URL-keyed anonymized data collection
- Enable warnings for insecure forms
- Enable Window Occlusion
- Enable WPAD optimisation
- Enforce browser guest mode
- Ephemeral profile
- Explicitly allowed network ports
- Extend Flash content setting to all content (deprecated)
- Fetch keepalive duration on Shutdown
- finder should be disabled
- Force disable spellcheck languages
- Force disable spellcheck languages
- Force enable spellcheck languages
- Force Google SafeSearch
- Force minimum YouTube Restricted Mode
- Force networking code to run in the browser process
- Force YouTube Safety Mode
- Google Chrome cloud policy overrides Platform policy.
- Hide the web store from the New Tab Page and app launcher
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import of homepage from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Incognito mode availability
- Intranet Redirection Behavior
- Limits the number of user data snapshots retained for use in case of emergency rollback.
- List of file types that should be automatically opened on download
- List of names that will bypass the HSTS policy check
- List of types that should be excluded from synchronization
- Managed Bookmarks
- Maximum fetch delay after a policy invalidation
- Maximum number of concurrent connections to the proxy server
- Maximum SSL version enabled
- Minimum SSL version enabled
- Minimum TLS version to fallback to
- Notify a user that a browser relaunch or device restart is recommended or required
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Profile picker availability on startup
- Proxy settings
- Re-enable Web Components v0 API until M84.
- Refresh rate for user policy
- Restrict the range of local UDP ports used by WebRTC
- Restrict which users are allowed to sign in to Google Chrome
- SafeBrowsing enable state for trusted sources
- Set disk cache directory
- Set disk cache size in bytes
- Set download directory
- Set Google Chrome as Default Browser
- Set Google Chrome Frame user data directory
- Set limit on megabytes of memory a single Chrome instance can use.
- Set media disk cache size in bytes
- Sets managed configuration values to websites to specific origins
- Set the roaming profile directory
- Set the time interval for relaunch
- Set the time period for update notifications
- Set user data directory
- Show an "Always open" checkbox in external protocol dialog.
- Show cards on the New Tab Page
- Show Full URLs
- Show Home button on the toolbar
- Show the apps shortcut in the bookmark bar
- Specifies whether to allow insecure websites to make requests to more-private network endpoints
- Specify a list of disabled plug-ins
- Specify a list of enabled plug-ins
- Specify a list of plug-ins that the user can enable or disable
- Specify URI template of desired DNS-over-HTTPS resolver
- Suppress JavaScript Dialogs triggered from different origin subframes
- Suppress lookalike domain warnings on domains
- Suppress the Google Chrome Frame turn-down prompt
- Suppress the unsupported OS warning
- The enrollment token of cloud policy on desktop
- The IP handling policy of WebRTC
- URLs/domains automatically permitted direct Security Key attestation
- URLs for which local IPs are exposed in WebRTC ICE candidates
- URLs that will be granted access to audio capture devices without prompt
- URLs that will be granted access to video capture devices without prompt
- URLs where AutoOpenFileTypes can apply
- Use built-in DNS client
- Use hardware acceleration when available
- Use System Default Printer as Default
- Use the legacy CORS implementation rather than new CORS
- Whether DHE cipher suites in TLS are enabled
- Whether online OCSP/CRL checks are performed
- Whether online OCSP/CRL checks are required for local trust anchors
- Whether RC4 cipher suites in TLS are enabled
- Whether SHA-1 signed certificates issued by local trust anchors are allowed
- Whether to allow certificates issued by local trust anchors that are missing the subjectAlternativeName extension
- Configure remote access options
- Google Chrome - Default Settings (users can override)
- Google
- Google Chrome - Default Settings (users can override)
- Content Settings
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternative URLs for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Homepage
- New Tab Page
- Password manager
- Printing
- Removed policies
- Safe Browsing settings
- Startup pages:
- Allow default search provider context menu search access
- Allow download restrictions
- Always Open PDF files externally
- Application locale
- Block third-party cookies
- Continue running background apps when Google Chrome is closed
- Enable alternate error pages
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable network prediction.
- Enable network prediction.
- Enable or disable spell checking web service
- Enable reporting of usage and crash-related data
- Enable Safe Browsing
- Enable search suggestions
- Enable Translate
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- SafeBrowsing enable state for trusted sources
- Set default download directory
- Set download directory
- Show Full URLs
- Show Home button on the toolbar
- Use System Default Printer as Default
- Google Chrome
- Configure remote access options
- Allow gnubby authentication for remote access hosts
- Allow remote access connections to this machine
- Allow remote access users to transfer files to/from the host
- Allow remote users to interact with elevated windows in remote assistance sessions
- Client certificate for connecting to RemoteAccessHostTokenValidationUrl
- Configure the required domain name for remote access clients
- Configure the required domain name for remote access hosts
- Configure the required domain names for remote access clients
- Configure the required domain names for remote access hosts
- Configure the TalkGadget prefix for remote access hosts
- Enable curtaining of remote access hosts
- Enable firewall traversal from remote access host
- Enable or disable PIN-less authentication for remote access hosts
- Enable the use of relay servers by the remote access host
- Maximum session duration allowed for remote access connections
- Policy overrides for Debug builds of the remote access host
- Restrict the UDP port range used by the remote access host
- URL for validating remote access client authentication token
- URL where remote access clients should obtain their authentication token
- Content Settings
- Allow access to sensors on these sites
- Allow cookies on these sites
- Allow images on these sites
- Allow insecure content on these sites
- Allow JavaScript on these sites
- Allow JavaScript to use JIT on these sites
- Allow key generation on these sites
- Allow notifications on these sites
- Allow pop-ups on these sites
- Allow read access via the File System API on these sites
- Allow session only cookies on these sites
- Allow the File Handling API on these web apps
- Allow the Flash plug-in on these sites
- Allow the Serial API on these sites
- Allow WebUSB on these sites
- Allow write access to files and directories on these sites
- Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
- Automatically select client certificates for these sites
- Block access to sensors on these sites
- Block cookies on these sites
- Block images on these sites
- Block insecure content on these sites
- Block JavaScript from using JIT on these sites
- Block JavaScript on these sites
- Block key generation on these sites
- Block notifications from these sites
- Block pop-ups on these sites
- Block read access via the File System API on these sites
- Block the File Handling API on these web apps
- Block the Flash plug-in on these sites
- Block the Serial API on these sites
- Block WebUSB on these sites
- Block write access to files and directories on these sites
- Control use of insecure content exceptions
- Control use of JavaScript JIT
- Control use of the File Handling API
- Control use of the File System API for reading
- Control use of the File System API for writing
- Control use of the Serial API
- Control use of the Web Bluetooth API
- Control use of the WebUSB API
- Default cookies setting
- Default Flash setting
- Default geolocation setting
- Default images setting
- Default JavaScript setting
- Default key generation setting
- Default legacy SameSite cookie behavior setting
- Default notification settings
- Default sensors setting
- Revert to legacy SameSite behavior for cookies on these sites
- setting
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider instant URL
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternative URLs for the default search provider
- Parameter controlling search term placement for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for instant URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Allow insecure algorithms in integrity checks on extension updates and installs
- Allow sign in to Google Chrome
- Allow sites to simultaneously navigate and open pop-ups
- Allow users to show passwords in Password Manager (deprecated)
- Choose how to specify proxy server settings
- Clear site data on browser shutdown (deprecated)
- Control the User-Agent Client Hints feature.
- Default mediastream setting
- Disable URL protocol schemes
- Enable firewall traversal from remote access client
- Enable Incognito mode
- Enable Instant
- Enable JavaScript
- Enable Native Window Occlusion
- Enable the old web-based signin flow
- Enable two-factor authentication for remote access hosts
- Enterprise web store name (deprecated)
- Enterprise web store URL (deprecated)
- Force SafeSearch
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Prevent app promotions from appearing on the new tab page
- The enrollment token of cloud policy on desktop
- Use a default referrer policy of no-referrer-when-downgrade.
- Extensions
- Blocks external extensions from being installed
- Configure allowed app/extension types
- Configure extension, app, and user script install sources
- Configure extension installation allow list
- Configure extension installation blacklist
- Configure extension installation blocklist
- Configure extension installation whitelist
- Configure the list of force-installed apps and extensions
- Extension management settings
- Google Cast
- Homepage
- Legacy Browser Support
- Alternative browser to launch for configured websites.
- Command-line parameters for switching from the alternative browser.
- Command-line parameters for the alternative browser.
- Delay before launching alternative browser (milliseconds)
- Enable the Legacy Browser Support feature.
- Keep last tab open in Chrome.
- Path to Chrome for switching from the alternative browser.
- URL of an XML file that contains URLs that should never trigger a browser switch.
- URL of an XML file that contains URLs to load in an alternative browser.
- Use Internet Explorer's SiteList policy for Legacy Browser Support.
- Websites that should never trigger a browser switch.
- Websites to open in alternative browser
- Locally managed users settings
- Native Messaging
- New Tab Page
- Password manager
- Policies for HTTP authentication
- Allow Basic authentication for HTTP
- Authentication server allowlist
- Authentication server whitelist
- Cross-origin HTTP Basic Auth prompts
- Disable CNAME lookup when negotiating Kerberos authentication
- Include non-standard port in Kerberos SPN
- Kerberos delegation server allowlist
- Kerberos delegation server whitelist
- Supported authentication schemes
- Printing
- Proxy server
- Removed policies
- Allow Google Chrome Frame to handle the listed content types
- Default HTML renderer for Google Chrome Frame
- Allow WebDriver to Override Incompatible Policies
- Enable trust in Symantec Corporation's Legacy PKI Infrastructure
- Suppress Google Cloud Print deprecation messages
- Use Legacy Form Controls until M84.
- Safe Browsing settings
- Configure the change password URL.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of enterprise login URLs where password protection service should capture salted hashes of passwords.
- Enable Safe Browsing Extended Reporting
- Password protection warning trigger
- Safe Browsing Protection Level
- Startup pages:
- Abusive Experience Intervention Enforce
- Ads setting for sites with intrusive ads
- Allow access to a list of URLs
- Allow background tabs freeze
- Allow collection of WebRTC event logs from Google services
- Allow default search provider context menu search access
- Allow Dinosaur Easter Egg Game
- Allow DNS queries for additional DNS record types
- Allow download restrictions
- Allow fullscreen mode
- Allow Google Cast to connect to Cast devices on all IP addresses.
- Allow invocation of file selection dialogues
- Allow legacy TLS/DTLS downgrade in WebRTC
- Allow media autoplay
- Allow media autoplay on a allowlist of URL patterns
- Allow media autoplay on a whitelist of URL patterns
- Allow merging dictionary policies from different sources
- Allow merging list policies from different sources
- Allow or deny audio capture
- Allow or deny screen capture
- Allow or deny video capture
- Allow proceeding from the SSL warning page
- Allow proceeding from the SSL warning page on specific origins
- Allow queries to a Google time service
- Allow queries to a Google time service
- Allow remote debugging
- Allow running plug-ins that are outdated
- Allows access to a list of URLs
- Allows a page to perform synchronous XHR requests during page dismissal.
- Allows a page to show popups during its unloading
- Allows QUIC protocol
- Allows the AppCache feature to be re-enabled even if it is off by default.
- Allow the audio process to run with priority above normal on Windows
- Allow the audio sandbox to run
- Allow the listed sites to make requests to more-private network endpoints from insecure contexts.
- Allow user feedback
- Allow users to customize the background on the New Tab page
- Allow users to opt in to Safe Browsing extended reporting
- Allow websites to query for available payment methods.
- Always Open PDF files externally
- Always runs plug-ins that require authorisation
- Application locale
- Ask where to save each file before downloading
- Block access to a list of URLs
- Block access to a list of URLs
- Block third-party cookies
- Browser experiments icon in toolbar
- Browser sign in settings
- Browsing Data Lifetime Settings
- CECPQ2 post-quantum key-agreement enabled for TLS
- Clear Browsing Data on Exit
- Configure list of force-installed Web Apps
- Configure the color of the browser's theme
- Configure the content and order of preferred languages
- Continue running background apps when Google Chrome is closed
- Control how Chrome Cleanup reports data to Google
- Control SafeSites adult content filtering.
- Controls the mode of DNS-over-HTTPS
- Control the IntensiveWakeUpThrottling feature.
- Control use of the Headless Mode
- Control where Developer Tools can be used
- Default printer selection rules
- Define a list of protocols that can launch an external application from listed origins without prompting the user
- Define domains allowed to access Google Apps
- Determine the availability of variations
- Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
- Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
- Disable Certificate Transparency enforcement for a list of URLs
- Disable Developer Tools
- Disable Print Preview
- Disable proceeding from the Safe Browsing warning page
- Disable saving browser history
- Disable SPDY protocol
- Disable support for 3D graphics APIs
- Disable synchronisation of data with Google
- Disable taking screenshots
- Disable TLS False Start
- DNS interception checks enabled
- Do not set window.opener for links targeting _blank
- Enable 3DES cipher suites in TLS
- Enable additional protections for users enrolled in the Advanced Protection program
- Enable add person in user manager
- Enable alternate error pages
- Enable Ambient Authentication for profile types.
- Enable a TLS 1.3 security feature for local trust anchors.
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable chrome://devices
- Enable Chrome Cleanup on Windows
- Enable CORS check mitigations in the new CORS implementation
- Enable deleting browser and download history
- Enable deprecated privet printing
- Enable deprecated web platform features for a limited time
- Enable desktop sharing in the omnibox and 3-dot menu
- Enable Get Image Descriptions from Google.
- Enable globally scoped HTTP auth cache
- Enable Google Cloud Print proxy
- Enable guest mode in browser
- Enable lock icon in the omnibox for secure connections
- Enable mandatory cloud management enrollment
- Enable Media Recommendations
- Enable network prediction.
- Enable network prediction.
- Enable or disable spell checking web service
- Enable PAC URL stripping (for https://)
- Enable printing
- Enable Renderer Code Integrity
- Enable reporting of usage and crash-related data
- Enable Safe Browsing
- Enables component updates in Google Chrome
- Enable scrolling to text specified in URL fragments
- Enable search suggestions
- Enable security warnings for command-line flags
- Enable sending downloads to Google for deep scanning for users enrolled in the Advanced Protection program
- Enables ending processes in Task Manager
- Enables experimental policies
- Enables force sign in for Google Chrome
- Enables Google Cast
- Enable showing full-tab promotional content
- Enable showing the welcome page on the first browser launch following OS upgrade
- Enables HTTP/0.9 support on non-default ports
- Enable Signed HTTP Exchange (SXG) support
- Enable signin interception
- Enable Site Isolation for every site
- Enable Site Isolation for specified origins
- Enables managed extensions to use the Enterprise Hardware Platform API
- Enables merging of user cloud policies into machine-level policies
- Enables or disables bookmark editing
- Enable spellcheck
- Enables the concept of policy atomic groups
- Enable stricter treatment for mixed content
- Enable submission of documents to Google Cloud Print
- Enable the Click to Call Feature
- Enable the creation of roaming copies for Google Chrome profile data
- Enable third party software injection blocking
- Enable Translate
- Enable URL-keyed anonymized data collection
- Enable warnings for insecure forms
- Enable Window Occlusion
- Enable WPAD optimisation
- Enforce browser guest mode
- Ephemeral profile
- Explicitly allowed network ports
- Extend Flash content setting to all content (deprecated)
- Fetch keepalive duration on Shutdown
- finder should be disabled
- Force disable spellcheck languages
- Force disable spellcheck languages
- Force enable spellcheck languages
- Force Google SafeSearch
- Force minimum YouTube Restricted Mode
- Force networking code to run in the browser process
- Force YouTube Safety Mode
- Google Chrome cloud policy overrides Platform policy.
- Hide the web store from the New Tab Page and app launcher
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import of homepage from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Incognito mode availability
- Intranet Redirection Behavior
- Limits the number of user data snapshots retained for use in case of emergency rollback.
- List of file types that should be automatically opened on download
- List of names that will bypass the HSTS policy check
- List of types that should be excluded from synchronization
- Managed Bookmarks
- Maximum fetch delay after a policy invalidation
- Maximum number of concurrent connections to the proxy server
- Maximum SSL version enabled
- Minimum SSL version enabled
- Minimum TLS version to fallback to
- Notify a user that a browser relaunch or device restart is recommended or required
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Profile picker availability on startup
- Proxy settings
- Re-enable Web Components v0 API until M84.
- Refresh rate for user policy
- Restrict the range of local UDP ports used by WebRTC
- Restrict which users are allowed to sign in to Google Chrome
- SafeBrowsing enable state for trusted sources
- Set disk cache directory
- Set disk cache size in bytes
- Set download directory
- Set Google Chrome as Default Browser
- Set Google Chrome Frame user data directory
- Set limit on megabytes of memory a single Chrome instance can use.
- Set media disk cache size in bytes
- Sets managed configuration values to websites to specific origins
- Set the roaming profile directory
- Set the time interval for relaunch
- Set the time period for update notifications
- Set user data directory
- Show an "Always open" checkbox in external protocol dialog.
- Show cards on the New Tab Page
- Show Full URLs
- Show Home button on the toolbar
- Show the apps shortcut in the bookmark bar
- Specifies whether to allow insecure websites to make requests to more-private network endpoints
- Specify a list of disabled plug-ins
- Specify a list of enabled plug-ins
- Specify a list of plug-ins that the user can enable or disable
- Specify URI template of desired DNS-over-HTTPS resolver
- Suppress JavaScript Dialogs triggered from different origin subframes
- Suppress lookalike domain warnings on domains
- Suppress the Google Chrome Frame turn-down prompt
- Suppress the unsupported OS warning
- The enrollment token of cloud policy on desktop
- The IP handling policy of WebRTC
- URLs/domains automatically permitted direct Security Key attestation
- URLs for which local IPs are exposed in WebRTC ICE candidates
- URLs that will be granted access to audio capture devices without prompt
- URLs that will be granted access to video capture devices without prompt
- URLs where AutoOpenFileTypes can apply
- Use built-in DNS client
- Use hardware acceleration when available
- Use System Default Printer as Default
- Use the legacy CORS implementation rather than new CORS
- Whether DHE cipher suites in TLS are enabled
- Whether online OCSP/CRL checks are performed
- Whether online OCSP/CRL checks are required for local trust anchors
- Whether RC4 cipher suites in TLS are enabled
- Whether SHA-1 signed certificates issued by local trust anchors are allowed
- Whether to allow certificates issued by local trust anchors that are missing the subjectAlternativeName extension
- Configure remote access options
- Google Chrome - Default Settings (users can override)