Disable Certificate Transparency enforcement for specific URLs

Disables enforcing Certificate Transparency requirements for the listed URLs.

This policy lets you not disclose certificates for the hostnames in the specified URLs via Certificate Transparency. This lets you use certificates that would otherwise be untrusted, because they weren't properly publicly disclosed, but it makes it harder to detect mis-issued certificates for those hosts.

Form your URL pattern according to https://go.microsoft.com/fwlink/?linkid=2095322. Because certificates are valid for a given hostname, independent of the scheme, port, or path, only the hostname part of the URL is considered. Wildcard hosts are not supported.

If you don't configure this policy, any certificate that should be disclosed via Certificate Transparency is treated as untrusted if it's not disclosed.

Example value:

contoso.com
.contoso.com

Supported on: Microsoft Edge version 77, Windows 7 or later

Disable Certificate Transparency enforcement for specific URLs

Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Registry PathSoftware\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForUrls
Value Name{number}
Value TypeREG_SZ
Default Value

msedge.admx

Administrative Templates (Computers)

Administrative Templates (Users)