Configure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with
Configure the list of URL patterns for sites that the browser will attempt to perform the Token Binding protocol with.
For the domains on this list, the browser will send the Token Binding ClientHello in the TLS handshake (See https://tools.ietf.org/html/rfc8472).
If the server responds with a valid ServerHello response, the browser will create and send Token Binding messages on subsequent https requests. See https://tools.ietf.org/html/rfc8471 for more info.
If this list is empty, Token Binding will be disabled.
This policy is only available on Windows 10 devices with Virtual Secure Mode capability.
Starting in Microsoft Edge 86, this policy no longer supports dynamic refresh.
Example value:
mydomain.com
[*.]mydomain2.com
[*.].mydomain2.com
Supported on: Microsoft Edge version 83, Windows 7 or later
Configure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with
| Registry Hive | HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER |
| Registry Path | Software\Policies\Microsoft\Edge\AllowTokenBindingForUrls |
| Value Name | {number} |
| Value Type | REG_SZ |
| Default Value |
msedge.admx
- Microsoft Edge - Default Settings (users can override)
- Content settings
- Default search provider
- Configure the new tab page search box experience
- Default search provider encodings
- Default search provider keyword
- Default search provider name
- Default search provider search URL
- Default search provider URL for suggestions
- Enable the default search provider
- Parameters for an image URL that uses POST
- Specifies the search-by-image feature for the default search provider
- Password manager and protection
- Performance
- Printing
- Sleeping Tabs settings
- SmartScreen settings
- Startup, home page and new tab page
- Action to take on startup
- Configure the home page URL
- Configure the Microsoft Edge new tab page experience (deprecated)
- Configure the new tab page URL
- Enable preload of the new tab page for faster rendering
- Set new tab page quick links
- Set the new tab page as the home page
- Show Home button on toolbar
- Sites to open when the browser starts
- Allow download restrictions
- Allow importing of autofill form data
- Allow importing of browser settings
- Allow importing of browsing history
- Allow importing of Cookies
- Allow importing of extensions
- Allow importing of favorites
- Allow importing of open tabs
- Allow importing of payment info
- Allow importing of saved passwords
- Allow importing of search engine settings
- Allow importing of shortcuts
- Allow suggestions from local providers
- Block third party cookies
- Clear browsing data when Microsoft Edge closes
- Clear cached images and files when Microsoft Edge closes
- Continue running background apps after Microsoft Edge closes
- Disable synchronization of data using Microsoft sync services
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable favorites bar
- Enable network prediction
- Enable search suggestions
- Enable Translate
- Manage Search Engines
- Redirect incompatible sites from Internet Explorer to Microsoft Edge
- Set application locale
- Set download directory
- Shopping in Microsoft Edge Enabled
- Show Microsoft Rewards experiences
- Suggest similar pages when a webpage can't be found
- Microsoft Edge
- Application Guard settings
- Cast
- Content settings
- Allow cookies on specific sites
- Allow images on these sites
- Allow insecure content on specified sites
- Allow JavaScript on specific sites
- Allow notifications on specific sites
- Allow pop-up windows on specific sites
- Allow read access via the File System API on these sites
- Allow the Adobe Flash plug-in on specific sites (obsolete)
- Allow WebUSB on specific sites
- Allow write access to files and directories on these sites
- Automatically select client certificates for these sites
- Block cookies on specific sites
- Block images on specific sites
- Block insecure content on specified sites
- Block JavaScript on specific sites
- Block notifications on specific sites
- Block pop-up windows on specific sites
- Block read access via the File System API on these sites
- Block the Adobe Flash plug-in on specific sites (obsolete)
- Block WebUSB on specific sites
- Block write access to files and directories on these sites
- Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft services
- Configure cookies
- Control use of insecure content exceptions
- Control use of the File System API for reading
- Control use of the File System API for writing
- Control use of the Web Bluetooth API
- Control use of the WebUSB API
- Default Adobe Flash setting (obsolete)
- Default geolocation setting
- Default images setting
- Default JavaScript setting
- Default notification setting
- Default pop-up window setting
- Enable default legacy SameSite cookie behavior setting
- Grant access to specific sites to connect to specific USB devices
- Limit cookies from specific websites to the current session
- Revert to legacy SameSite behavior for cookies on specified sites
- Default search provider
- Configure the new tab page search box experience
- Default search provider encodings
- Default search provider keyword
- Default search provider name
- Default search provider search URL
- Default search provider URL for suggestions
- Enable the default search provider
- Parameters for an image URL that uses POST
- Specifies the search-by-image feature for the default search provider
- Extensions
- Allow specific extensions to be installed
- Blocks external extensions from being installed
- Configure allowed extension types
- Configure extension and user script install sources
- Configure extension management settings
- Control which extensions are installed silently
- Control which extensions cannot be installed
- HTTP authentication
- Allow Basic authentication for HTTP
- Allow cross-origin HTTP Authentication prompts
- Configure list of allowed authentication servers
- Disable CNAME lookup when negotiating Kerberos authentication
- Include non-standard port in Kerberos SPN
- Specifies a list of servers that Microsoft Edge can delegate user credentials to
- Supported authentication schemes
- Kiosk Mode settings
- Native Messaging
- Password manager and protection
- Allow users to be alerted if their passwords are found to be unsafe
- Configure password protection warning trigger
- Configure the change password URL
- Configure the list of enterprise login URLs where the password protection service should capture salted hashes of a password
- Enable saving passwords to the password manager
- Performance
- Printing
- Proxy server
- Sleeping Tabs settings
- SmartScreen settings
- Configure Microsoft Defender SmartScreen
- Configure Microsoft Defender SmartScreen to block potentially unwanted apps
- Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings
- Force Microsoft Defender SmartScreen checks on downloads from trusted sources
- Prevent bypassing Microsoft Defender SmartScreen prompts for sites
- Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads
- Startup, home page and new tab page
- Action to take on startup
- Configure the background types allowed for the new tab page layout
- Configure the home page URL
- Configure the Microsoft Edge new tab page experience (deprecated)
- Configure the new tab page URL
- Enable preload of the new tab page for faster rendering
- Hide the default top sites from the new tab page
- Set new tab page company logo (obsolete)
- Set new tab page quick links
- Set the new tab page as the home page
- Show Home button on toolbar
- Sites to open when the browser starts
- Ads setting for sites with intrusive ads
- Allow access to sensors on specific sites
- Allow access to the Enterprise Mode Site List Manager tool
- Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated)
- Allow default search provider context menu search access
- Allow download restrictions
- Allow file selection dialogs
- Allow freezing of background tabs
- Allow full screen mode
- Allow Google Cast to connect to Cast devices on all IP addresses
- Allow importing of autofill form data
- Allow importing of browser settings
- Allow importing of browsing history
- Allow importing of Cookies
- Allow importing of extensions
- Allow importing of favorites
- Allow importing of home page settings
- Allow importing of open tabs
- Allow importing of payment info
- Allow importing of saved passwords
- Allow importing of search engine settings
- Allow importing of shortcuts
- Allow Internet Explorer mode testing
- Allow launching of local files in Internet Explorer mode
- Allow legacy TLS/DTLS downgrade in WebRTC (deprecated)
- Allow managed extensions to use the Enterprise Hardware Platform API
- Allow media autoplay for websites
- Allow or block audio capture
- Allow or block video capture
- Allow or deny screen capture
- Allow pages to send synchronous XHR requests during page dismissal (deprecated)
- Allow personalization of ads, search and news by sending browsing history to Microsoft
- Allow Pin to taskbar wizard
- Allow queries to a Browser Network Time service
- Allow QUIC protocol
- Allows a page to show popups during its unloading (obsolete)
- Allows the AppCache feature to be re-enabled, even if it's turned off by default
- Allow suggestions from local providers
- Allow surf game
- Allows users to edit favorites
- Allow the audio sandbox to run
- Allow the Serial API on specific sites
- Allow the Web widget at Windows startup
- Allow user feedback
- Allow users to configure Family safety
- Allow users to open files using the ClickOnce protocol
- Allow users to open files using the DirectInvoke protocol
- Allow users to proceed from the HTTPS warning page
- Allow WebDriver to Override Incompatible Policies (deprecated)
- Allow websites to query for available payment methods
- Always open PDF files externally
- Ask where to save downloaded files
- Automatically import another browser's data and settings at first run
- Block access to a list of URLs
- Block access to a specified list of services and export targets in Collections
- Block access to sensors on specific sites
- Block all ads on Bing search results
- Block the Serial API on specific sites
- Block third party cookies
- Block tracking of users' web-browsing activity
- Browser sign-in settings
- Clear browsing data when Microsoft Edge closes
- Clear cached images and files when Microsoft Edge closes
- Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account
- Configure Do Not Track
- Configure enhanced hang detection for Internet Explorer mode
- Configure favorites
- Configure InPrivate mode availability
- Configure Internet Explorer integration
- Configure list of force-installed Web Apps
- Configure Online Text To Speech
- Configures availability of a vertical layout for tabs on the side of the browser
- Configure Speech Recognition
- Configure the default paste format of URLs copied from Microsoft Edge, and determine if additional formats will be available to users
- Configure the Enterprise Mode Site List
- Configure the list of names that will bypass the HSTS policy check
- Configure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with
- Configure the list of types that are excluded from synchronization
- Configure tracking prevention exceptions for specific sites
- Configure whether a user always has a default profile automatically signed in with their work or school account
- Configure whether Microsoft Edge should automatically select a certificate when there are multiple certificate matches for a site configured with "AutoSelectCertificateForUrls"
- Continue running background apps after Microsoft Edge closes
- Control communication with the Experimentation and Configuration Service
- Control the IntensiveWakeUpThrottling feature
- Control the mode of DNS-over-HTTPS
- Control use of the Serial API
- Control where developer tools can be used
- Control where security restrictions on insecure origins apply
- Default sensors setting
- Define a list of allowed URLs
- Define a list of protocols that can launch an external application from listed origins without prompting the user
- Delete old browser data on migration
- Disable Certificate Transparency enforcement for a list of legacy certificate authorities
- Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
- Disable Certificate Transparency enforcement for specific URLs
- Disable download file type extension-based warnings for specified file types on domains
- Disable saving browser history
- Disable support for 3D graphics APIs
- Disable synchronization of data using Microsoft sync services
- Disable taking screenshots
- DNS interception checks enabled
- Do not set window.opener for links targeting _blank
- Enable Ambient Authentication for InPrivate and Guest profiles
- Enable a TLS 1.3 security feature for local trust anchors (obsolete)
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable component updates in Microsoft Edge
- Enable deleting browser and download history
- Enable Domain Actions Download from Microsoft (obsolete)
- Enable ending processes in the Browser task manager
- Enable favorites bar
- Enable full-tab promotional content
- Enable globally scoped HTTP auth cache
- Enable guest mode
- Enable Microsoft Search in Bing suggestions in the address bar
- Enable Native Window Occlusion
- Enable network prediction
- Enable online OCSP/CRL checks
- Enable Proactive Authentication (deprecated)
- Enable profile creation from the Identity flyout menu or the Settings page
- Enable renderer code integrity
- Enables background updates to the list of available templates for Collections and other features that use templates
- Enable scrolling to text specified in URL fragments
- Enable search suggestions
- Enable security warnings for command-line flags
- Enable Signed HTTP Exchange (SXG) support
- Enable site isolation for every site
- Enable site isolation for specific origins
- Enable specific spellcheck languages
- Enable spellcheck
- Enable stricter treatment for mixed content (deprecated)
- Enable the Collections feature
- Enable the User-Agent Client Hints feature (deprecated)
- Enable the Web widget
- Enable Translate
- Enable usage and crash-related data reporting (deprecated)
- Enable use of ephemeral profiles
- Enable using roaming copies for Microsoft Edge profile data
- Enable warnings for insecure forms
- Enable web capture feature in Microsoft Edge
- Enforce Bing SafeSearch
- Enforce Google SafeSearch
- Extend Adobe Flash content setting to all content (obsolete)
- Force direct intranet site navigation instead of searching on single word entries in the Address Bar
- Force disable spellcheck languages
- Force minimum YouTube Restricted Mode
- Force networking code to run in the browser process (obsolete)
- Force synchronization of browser data and do not show the sync consent prompt
- Hide the First-run experience and splash screen
- Hide the one-time redirection dialog and the banner on Microsoft Edge
- Intranet Redirection Behavior
- Limits the number of user data snapshots retained for use in case of emergency rollback
- List of file types that should be automatically opened on download
- Manage exposure of local IP addressess by WebRTC
- Manage Search Engines
- Maximum number of concurrent connections to the proxy server
- Minimum TLS version enabled
- Notify a user that a browser restart is recommended or required for pending updates
- Open local files in Internet Explorer mode file extension allow list
- Prevent install of the BHO to redirect incompatible sites from Internet Explorer to Microsoft Edge
- Re-enable deprecated web platform features for a limited time (obsolete)
- Re-enable Web Components v0 API until M84 (obsolete)
- Redirect incompatible sites from Internet Explorer to Microsoft Edge
- Restrict exposure of local IP address by WebRTC
- Restrict the range of local UDP ports used by WebRTC
- Restrict which accounts can be used as Microsoft Edge primary accounts
- Save cookies when Microsoft Edge closes
- Send all intranet sites to Internet Explorer
- Send required and optional diagnostic data about browser usage
- Send site information to improve Microsoft services (deprecated)
- Set application locale
- Set disk cache directory
- Set disk cache size, in bytes
- Set download directory
- Set limit on megabytes of memory a single Microsoft Edge instance can use
- Set Microsoft Edge as default browser
- Set the roaming profile directory
- Set the time period for update notifications
- Set the user data directory
- Set WPAD optimization
- Shopping in Microsoft Edge Enabled
- Show an "Always open" checkbox in external protocol dialog
- Show context menu to open a link in Internet Explorer mode
- Show Microsoft Office shortcut in favorites bar (deprecated)
- Show Microsoft Rewards experiences
- Sites that can access audio capture devices without requesting permission
- Sites that can access video capture devices without requesting permission
- Specify custom help link
- Specify how "in-page" navigations to unconfigured sites behave when started from Internet Explorer mode pages
- Specify if online OCSP/CRL checks are required for local trust anchors
- Specify the TLS cipher suites to disable
- Specify URI template of desired DNS-over-HTTPS resolver
- Suggest similar pages when a webpage can't be found
- Suppress the unsupported OS warning
- URLs where AutoOpenFileTypes can apply
- Use a default referrer policy of no-referrer-when-downgrade (deprecated)
- Use built-in DNS client
- Use hardware acceleration when available
- Use Windows proxy resolver (deprecated)
- Websites or domains that don't need permission to use direct Security Key attestation
- Microsoft Edge Update
- Applications
- Microsoft Edge Beta
- Microsoft Edge Canary
- Microsoft Edge Dev
- Microsoft Edge
- Allow installation default
- Allow Microsoft Edge Side by Side browser experience
- Prevent Desktop Shortcut creation upon install default
- Update policy override default
- Microsoft Edge WebView
- Preferences
- Proxy Server
- Applications
- Microsoft Edge WebView2
- Loader Override Settings
- Microsoft Edge - Default Settings (users can override)
- Content settings
- Default search provider
- Configure the new tab page search box experience
- Default search provider encodings
- Default search provider keyword
- Default search provider name
- Default search provider search URL
- Default search provider URL for suggestions
- Enable the default search provider
- Parameters for an image URL that uses POST
- Specifies the search-by-image feature for the default search provider
- Password manager and protection
- Performance
- Printing
- Sleeping Tabs settings
- SmartScreen settings
- Startup, home page and new tab page
- Action to take on startup
- Configure the home page URL
- Configure the Microsoft Edge new tab page experience (deprecated)
- Configure the new tab page URL
- Enable preload of the new tab page for faster rendering
- Set new tab page quick links
- Set the new tab page as the home page
- Show Home button on toolbar
- Sites to open when the browser starts
- Allow download restrictions
- Allow importing of autofill form data
- Allow importing of browser settings
- Allow importing of browsing history
- Allow importing of Cookies
- Allow importing of extensions
- Allow importing of favorites
- Allow importing of open tabs
- Allow importing of payment info
- Allow importing of saved passwords
- Allow importing of search engine settings
- Allow importing of shortcuts
- Allow suggestions from local providers
- Block third party cookies
- Clear browsing data when Microsoft Edge closes
- Clear cached images and files when Microsoft Edge closes
- Continue running background apps after Microsoft Edge closes
- Disable synchronization of data using Microsoft sync services
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable favorites bar
- Enable network prediction
- Enable search suggestions
- Enable Translate
- Manage Search Engines
- Redirect incompatible sites from Internet Explorer to Microsoft Edge
- Set application locale
- Set download directory
- Shopping in Microsoft Edge Enabled
- Show Microsoft Rewards experiences
- Suggest similar pages when a webpage can't be found
- Microsoft Edge
- Application Guard settings
- Cast
- Content settings
- Allow cookies on specific sites
- Allow images on these sites
- Allow insecure content on specified sites
- Allow JavaScript on specific sites
- Allow notifications on specific sites
- Allow pop-up windows on specific sites
- Allow read access via the File System API on these sites
- Allow the Adobe Flash plug-in on specific sites (obsolete)
- Allow WebUSB on specific sites
- Allow write access to files and directories on these sites
- Automatically select client certificates for these sites
- Block cookies on specific sites
- Block images on specific sites
- Block insecure content on specified sites
- Block JavaScript on specific sites
- Block notifications on specific sites
- Block pop-up windows on specific sites
- Block read access via the File System API on these sites
- Block the Adobe Flash plug-in on specific sites (obsolete)
- Block WebUSB on specific sites
- Block write access to files and directories on these sites
- Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft services
- Configure cookies
- Control use of insecure content exceptions
- Control use of the File System API for reading
- Control use of the File System API for writing
- Control use of the Web Bluetooth API
- Control use of the WebUSB API
- Default Adobe Flash setting (obsolete)
- Default geolocation setting
- Default images setting
- Default JavaScript setting
- Default notification setting
- Default pop-up window setting
- Enable default legacy SameSite cookie behavior setting
- Grant access to specific sites to connect to specific USB devices
- Limit cookies from specific websites to the current session
- Revert to legacy SameSite behavior for cookies on specified sites
- Default search provider
- Configure the new tab page search box experience
- Default search provider encodings
- Default search provider keyword
- Default search provider name
- Default search provider search URL
- Default search provider URL for suggestions
- Enable the default search provider
- Parameters for an image URL that uses POST
- Specifies the search-by-image feature for the default search provider
- Extensions
- Allow specific extensions to be installed
- Blocks external extensions from being installed
- Configure allowed extension types
- Configure extension and user script install sources
- Configure extension management settings
- Control which extensions are installed silently
- Control which extensions cannot be installed
- HTTP authentication
- Allow Basic authentication for HTTP
- Allow cross-origin HTTP Authentication prompts
- Configure list of allowed authentication servers
- Disable CNAME lookup when negotiating Kerberos authentication
- Include non-standard port in Kerberos SPN
- Specifies a list of servers that Microsoft Edge can delegate user credentials to
- Supported authentication schemes
- Kiosk Mode settings
- Native Messaging
- Password manager and protection
- Allow users to be alerted if their passwords are found to be unsafe
- Configure password protection warning trigger
- Configure the change password URL
- Configure the list of enterprise login URLs where the password protection service should capture salted hashes of a password
- Enable saving passwords to the password manager
- Performance
- Printing
- Proxy server
- Sleeping Tabs settings
- SmartScreen settings
- Configure Microsoft Defender SmartScreen
- Configure Microsoft Defender SmartScreen to block potentially unwanted apps
- Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings
- Force Microsoft Defender SmartScreen checks on downloads from trusted sources
- Prevent bypassing Microsoft Defender SmartScreen prompts for sites
- Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads
- Startup, home page and new tab page
- Action to take on startup
- Configure the background types allowed for the new tab page layout
- Configure the home page URL
- Configure the Microsoft Edge new tab page experience (deprecated)
- Configure the new tab page URL
- Enable preload of the new tab page for faster rendering
- Hide the default top sites from the new tab page
- Set new tab page company logo (obsolete)
- Set new tab page quick links
- Set the new tab page as the home page
- Show Home button on toolbar
- Sites to open when the browser starts
- Ads setting for sites with intrusive ads
- Allow access to sensors on specific sites
- Allow access to the Enterprise Mode Site List Manager tool
- Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated)
- Allow default search provider context menu search access
- Allow download restrictions
- Allow file selection dialogs
- Allow freezing of background tabs
- Allow full screen mode
- Allow Google Cast to connect to Cast devices on all IP addresses
- Allow importing of autofill form data
- Allow importing of browser settings
- Allow importing of browsing history
- Allow importing of Cookies
- Allow importing of extensions
- Allow importing of favorites
- Allow importing of home page settings
- Allow importing of open tabs
- Allow importing of payment info
- Allow importing of saved passwords
- Allow importing of search engine settings
- Allow importing of shortcuts
- Allow Internet Explorer mode testing
- Allow launching of local files in Internet Explorer mode
- Allow legacy TLS/DTLS downgrade in WebRTC (deprecated)
- Allow managed extensions to use the Enterprise Hardware Platform API
- Allow media autoplay for websites
- Allow or block audio capture
- Allow or block video capture
- Allow or deny screen capture
- Allow pages to send synchronous XHR requests during page dismissal (deprecated)
- Allow personalization of ads, search and news by sending browsing history to Microsoft
- Allow Pin to taskbar wizard
- Allow queries to a Browser Network Time service
- Allow QUIC protocol
- Allows a page to show popups during its unloading (obsolete)
- Allows the AppCache feature to be re-enabled, even if it's turned off by default
- Allow suggestions from local providers
- Allow surf game
- Allows users to edit favorites
- Allow the audio sandbox to run
- Allow the Serial API on specific sites
- Allow the Web widget at Windows startup
- Allow user feedback
- Allow users to configure Family safety
- Allow users to open files using the ClickOnce protocol
- Allow users to open files using the DirectInvoke protocol
- Allow users to proceed from the HTTPS warning page
- Allow WebDriver to Override Incompatible Policies (deprecated)
- Allow websites to query for available payment methods
- Always open PDF files externally
- Ask where to save downloaded files
- Automatically import another browser's data and settings at first run
- Block access to a list of URLs
- Block access to a specified list of services and export targets in Collections
- Block access to sensors on specific sites
- Block all ads on Bing search results
- Block the Serial API on specific sites
- Block third party cookies
- Block tracking of users' web-browsing activity
- Browser sign-in settings
- Clear browsing data when Microsoft Edge closes
- Clear cached images and files when Microsoft Edge closes
- Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account
- Configure Do Not Track
- Configure enhanced hang detection for Internet Explorer mode
- Configure favorites
- Configure InPrivate mode availability
- Configure Internet Explorer integration
- Configure list of force-installed Web Apps
- Configure Online Text To Speech
- Configures availability of a vertical layout for tabs on the side of the browser
- Configure Speech Recognition
- Configure the default paste format of URLs copied from Microsoft Edge, and determine if additional formats will be available to users
- Configure the Enterprise Mode Site List
- Configure the list of names that will bypass the HSTS policy check
- Configure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with
- Configure the list of types that are excluded from synchronization
- Configure tracking prevention exceptions for specific sites
- Configure whether a user always has a default profile automatically signed in with their work or school account
- Configure whether Microsoft Edge should automatically select a certificate when there are multiple certificate matches for a site configured with "AutoSelectCertificateForUrls"
- Continue running background apps after Microsoft Edge closes
- Control communication with the Experimentation and Configuration Service
- Control the IntensiveWakeUpThrottling feature
- Control the mode of DNS-over-HTTPS
- Control use of the Serial API
- Control where developer tools can be used
- Control where security restrictions on insecure origins apply
- Default sensors setting
- Define a list of allowed URLs
- Define a list of protocols that can launch an external application from listed origins without prompting the user
- Delete old browser data on migration
- Disable Certificate Transparency enforcement for a list of legacy certificate authorities
- Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
- Disable Certificate Transparency enforcement for specific URLs
- Disable download file type extension-based warnings for specified file types on domains
- Disable saving browser history
- Disable support for 3D graphics APIs
- Disable synchronization of data using Microsoft sync services
- Disable taking screenshots
- DNS interception checks enabled
- Do not set window.opener for links targeting _blank
- Enable Ambient Authentication for InPrivate and Guest profiles
- Enable a TLS 1.3 security feature for local trust anchors (obsolete)
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable component updates in Microsoft Edge
- Enable deleting browser and download history
- Enable Domain Actions Download from Microsoft (obsolete)
- Enable ending processes in the Browser task manager
- Enable favorites bar
- Enable full-tab promotional content
- Enable globally scoped HTTP auth cache
- Enable guest mode
- Enable Microsoft Search in Bing suggestions in the address bar
- Enable Native Window Occlusion
- Enable network prediction
- Enable online OCSP/CRL checks
- Enable Proactive Authentication (deprecated)
- Enable profile creation from the Identity flyout menu or the Settings page
- Enable renderer code integrity
- Enables background updates to the list of available templates for Collections and other features that use templates
- Enable scrolling to text specified in URL fragments
- Enable search suggestions
- Enable security warnings for command-line flags
- Enable Signed HTTP Exchange (SXG) support
- Enable site isolation for every site
- Enable site isolation for specific origins
- Enable specific spellcheck languages
- Enable spellcheck
- Enable stricter treatment for mixed content (deprecated)
- Enable the Collections feature
- Enable the User-Agent Client Hints feature (deprecated)
- Enable the Web widget
- Enable Translate
- Enable usage and crash-related data reporting (deprecated)
- Enable use of ephemeral profiles
- Enable using roaming copies for Microsoft Edge profile data
- Enable warnings for insecure forms
- Enable web capture feature in Microsoft Edge
- Enforce Bing SafeSearch
- Enforce Google SafeSearch
- Extend Adobe Flash content setting to all content (obsolete)
- Force direct intranet site navigation instead of searching on single word entries in the Address Bar
- Force disable spellcheck languages
- Force minimum YouTube Restricted Mode
- Force networking code to run in the browser process (obsolete)
- Force synchronization of browser data and do not show the sync consent prompt
- Hide the First-run experience and splash screen
- Hide the one-time redirection dialog and the banner on Microsoft Edge
- Intranet Redirection Behavior
- Limits the number of user data snapshots retained for use in case of emergency rollback
- List of file types that should be automatically opened on download
- Manage exposure of local IP addressess by WebRTC
- Manage Search Engines
- Maximum number of concurrent connections to the proxy server
- Minimum TLS version enabled
- Notify a user that a browser restart is recommended or required for pending updates
- Open local files in Internet Explorer mode file extension allow list
- Prevent install of the BHO to redirect incompatible sites from Internet Explorer to Microsoft Edge
- Re-enable deprecated web platform features for a limited time (obsolete)
- Re-enable Web Components v0 API until M84 (obsolete)
- Redirect incompatible sites from Internet Explorer to Microsoft Edge
- Restrict exposure of local IP address by WebRTC
- Restrict the range of local UDP ports used by WebRTC
- Restrict which accounts can be used as Microsoft Edge primary accounts
- Save cookies when Microsoft Edge closes
- Send all intranet sites to Internet Explorer
- Send required and optional diagnostic data about browser usage
- Send site information to improve Microsoft services (deprecated)
- Set application locale
- Set disk cache directory
- Set disk cache size, in bytes
- Set download directory
- Set limit on megabytes of memory a single Microsoft Edge instance can use
- Set Microsoft Edge as default browser
- Set the roaming profile directory
- Set the time period for update notifications
- Set the user data directory
- Set WPAD optimization
- Shopping in Microsoft Edge Enabled
- Show an "Always open" checkbox in external protocol dialog
- Show context menu to open a link in Internet Explorer mode
- Show Microsoft Office shortcut in favorites bar (deprecated)
- Show Microsoft Rewards experiences
- Sites that can access audio capture devices without requesting permission
- Sites that can access video capture devices without requesting permission
- Specify custom help link
- Specify how "in-page" navigations to unconfigured sites behave when started from Internet Explorer mode pages
- Specify if online OCSP/CRL checks are required for local trust anchors
- Specify the TLS cipher suites to disable
- Specify URI template of desired DNS-over-HTTPS resolver
- Suggest similar pages when a webpage can't be found
- Suppress the unsupported OS warning
- URLs where AutoOpenFileTypes can apply
- Use a default referrer policy of no-referrer-when-downgrade (deprecated)
- Use built-in DNS client
- Use hardware acceleration when available
- Use Windows proxy resolver (deprecated)
- Websites or domains that don't need permission to use direct Security Key attestation
- Microsoft Edge WebView2
- Loader Override Settings