Control where security restrictions on insecure origins apply

Specifies a list of origins (URLs) or hostname patterns (like "*.contoso.com") for which security restrictions on insecure origins don't apply.

This policy lets you specify allowed origins for legacy applications that can't deploy TLS or set up a staging server for internal web development so that developers can test out features requiring secure contexts without having to deploy TLS on the staging server. This policy also prevents the origin from being labeled "Not Secure" in the omnibox.

Setting a list of URLs in this policy has the same effect as setting the command-line flag '--unsafely-treat-insecure-origin-as-secure' to a comma-separated list of the same URLs. If you enable this policy, it overrides the command-line flag.

For more information on secure contexts, see https://www.w3.org/TR/secure-contexts/.

Example value:

http://testserver.contoso.com/
*.contoso.com

Supported on: Microsoft Edge version 77, Windows 7 or later

Control where security restrictions on insecure origins apply

Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Registry PathSoftware\Policies\Microsoft\Edge\OverrideSecurityRestrictionsOnInsecureOrigin
Value Name{number}
Value TypeREG_SZ
Default Value

msedge.admx

Administrative Templates (Computers)

Administrative Templates (Users)