URLs/domains automatically permitted direct Security Key attestation
Setting the policy specifies URLs and domains for which no prompt appears when attestation certificates from Security Keys are requested. A signal is also sent to the Security Key indicating that individual attestation may be used. Without this, when sites request attestation of Security Keys, users are prompted in Google Chrome version 65 and later.
URLs will only match as U2F appIDs. Domains only match as webauthn RP IDs. So to cover both U2F and webauthn APIs, list the appID URL and domain for a given site.
Example value:
https://example.com
Supported on: At least Microsoft Windows 7 or Windows Server 2008 family
URLs/domains automatically permitted direct Security Key attestation
| Registry Hive | HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER |
| Registry Path | Software\Policies\Google\Chrome\SecurityKeyPermitAttestation |
| Value Name | {number} |
| Value Type | REG_SZ |
| Default Value |
chrome.admx
- Google
- Google Chrome - Default Settings (users can override)
- Content settings
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Home page
- New Tab Page
- Password manager
- Printing
- Removed policies
- Safe Browsing settings
- Startup pages
- Allow default search provider context menu search access
- Allow download restrictions
- Always Open PDF files externally
- Application locale
- Block third party cookies
- Continue running background apps when Google Chrome is closed
- Enable alternate error pages
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable network prediction
- Enable network prediction
- Enable or disable spell checking web service
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable Safe Browsing
- Enable search suggestions
- Enable Translate
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Set default download directory
- Set download directory
- Show Full URLs
- Show Home button on toolbar
- Use System Default Printer as Default
- Google Chrome
- Content settings
- Allow access to sensors on these sites
- Allow cookies on these sites
- Allow images on these sites
- Allow insecure content on these sites
- Allow JavaScript on these sites
- Allow JavaScript to use JIT on these sites
- Allow key generation on these sites
- Allow notifications on these sites
- Allow popups on these sites
- Allow read access via the File System API on these sites
- Allow the File Handling API on these web apps
- Allow the Flash plugin on these sites
- Allow the Serial API on these sites
- Allow WebUSB on these sites
- Allow write access to files and directories on these sites
- Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
- Automatically select client certificates for these sites
- Block access to sensors on these sites
- Block cookies on these sites
- Block images on these sites
- Block insecure content on these sites
- Block JavaScript from using JIT on these sites
- Block JavaScript on these sites
- Block key generation on these sites
- Block notifications on these sites
- Block popups on these sites
- Block read access via the File System API on these sites
- Block the File Handling API on these web apps
- Block the Flash plugin on these sites
- Block the Serial API on these sites
- Block WebUSB on these sites
- Block write access to files and directories on these sites
- Control use of insecure content exceptions
- Control use of JavaScript JIT
- Control use of the File Handling API
- Control use of the File System API for reading
- Control use of the File System API for writing
- Control use of the Serial API
- Control use of the Web Bluetooth API
- Control use of the WebUSB API
- Default cookies setting
- Default Flash setting
- Default geolocation setting
- Default images setting
- Default JavaScript setting
- Default key generation setting
- Default legacy SameSite cookie behavior setting
- Default notification setting
- Default popups setting
- Default sensors setting
- Limit cookies from matching URLs to the current session
- Revert to legacy SameSite behavior for cookies on these sites
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider instant URL
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter controlling search term placement for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for instant URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Allow insecure algorithms in integrity checks on extension updates and installs
- Allow sign in to Google Chrome
- Allow sites to simultaneously navigate and open pop-ups
- Allow users to show passwords in Password Manager (deprecated)
- Choose how to specify proxy server settings
- Clear site data on browser shutdown (deprecated)
- Control the User-Agent Client Hints feature.
- Default mediastream setting
- Disable URL protocol schemes
- Enable firewall traversal from remote access client
- Enable Incognito mode
- Enable Instant
- Enable JavaScript
- Enable Native Window Occlusion
- Enable the old web-based signin flow
- Enable two-factor authentication for remote access hosts
- Enterprise web store name (deprecated)
- Enterprise web store URL (deprecated)
- Force SafeSearch
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Prevent app promotions from appearing on the new tab page
- The enrollment token of cloud policy on desktop
- Use a default referrer policy of no-referrer-when-downgrade.
- Extensions
- Blocks external extensions from being installed
- Configure allowed app/extension types
- Configure extension, app, and user script install sources
- Configure extension installation allow list
- Configure extension installation blacklist
- Configure extension installation blocklist
- Configure extension installation whitelist
- Configure the list of force-installed apps and extensions
- Extension management settings
- Google Cast
- Home page
- HTTP authentication
- Allow Basic authentication for HTTP
- Authentication server allowlist
- Authentication server whitelist
- Cross-origin HTTP Authentication prompts
- Disable CNAME lookup when negotiating Kerberos authentication
- Include non-standard port in Kerberos SPN
- Kerberos delegation server allowlist
- Kerberos delegation server whitelist
- Supported authentication schemes
- Legacy Browser Support
- Alternative browser to launch for configured websites.
- Command-line parameters for switching from the alternative browser.
- Command-line parameters for the alternative browser.
- Delay before launching alternative browser (milliseconds)
- Enable the Legacy Browser Support feature.
- Keep last tab open in Chrome.
- Path to Chrome for switching from the alternative browser.
- URL of an XML file that contains URLs that should never trigger a browser switch.
- URL of an XML file that contains URLs to load in an alternative browser.
- Use Internet Explorer's SiteList policy for Legacy Browser Support.
- Websites that should never trigger a browser switch.
- Websites to open in alternative browser
- Locally managed users settings
- Native Messaging
- New Tab Page
- Password manager
- Printing
- Proxy server
- Remote access
- Allow gnubby authentication for remote access hosts
- Allow remote access connections to this machine
- Allow remote access users to transfer files to/from the host
- Allow remote users to interact with elevated windows in remote assistance sessions
- Client certificate for connecting to RemoteAccessHostTokenValidationUrl
- Configure the required domain name for remote access clients
- Configure the required domain name for remote access hosts
- Configure the required domain names for remote access clients
- Configure the required domain names for remote access hosts
- Configure the TalkGadget prefix for remote access hosts
- Enable curtaining of remote access hosts
- Enable firewall traversal from remote access host
- Enable or disable PIN-less authentication for remote access hosts
- Enable the use of relay servers by the remote access host
- Maximum session duration allowed for remote access connections
- Policy overrides for Debug builds of the remote access host
- Restrict the UDP port range used by the remote access host
- URL for validating remote access client authentication token
- URL where remote access clients should obtain their authentication token
- Removed policies
- Allow Google Chrome Frame to handle the following content types
- Default HTML renderer for Google Chrome Frame
- Allow WebDriver to Override Incompatible Policies
- Enable trust in Symantec Corporation's Legacy PKI Infrastructure
- Suppress Google Cloud Print deprecation messages
- Use Legacy Form Controls until M84.
- Safe Browsing settings
- Configure the change password URL.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of enterprise login URLs where password protection service should capture salted hashes of passwords.
- Enable Safe Browsing Extended Reporting
- Password protection warning trigger
- Safe Browsing Protection Level
- Startup pages
- Abusive Experience Intervention Enforce
- Ads setting for sites with intrusive ads
- Allow access to a list of URLs
- Allow access to a list of URLs
- Allow background tabs freeze
- Allow certificates issued by local trust anchors without subjectAlternativeName extension
- Allow collection of WebRTC event logs from Google services
- Allow default search provider context menu search access
- Allow Dinosaur Easter Egg Game
- Allow DNS queries for additional DNS record types
- Allow download restrictions
- Allow fullscreen mode
- Allow Google Cast to connect to Cast devices on all IP addresses.
- Allow invocation of file selection dialogs
- Allow legacy TLS/DTLS downgrade in WebRTC
- Allow media autoplay
- Allow media autoplay on a allowlist of URL patterns
- Allow media autoplay on a whitelist of URL patterns
- Allow merging dictionary policies from different sources
- Allow merging list policies from different sources
- Allow or deny audio capture
- Allow or deny screen capture
- Allow or deny video capture
- Allow proceeding from the SSL warning page
- Allow proceeding from the SSL warning page on specific origins
- Allow queries to a Google time service
- Allow queries to a Google time service
- Allow QUIC protocol
- Allow remote debugging
- Allow running plugins that are outdated
- Allows a page to perform synchronous XHR requests during page dismissal.
- Allows a page to show popups during its unloading
- Allow SHA-1 signed certificates issued by local trust anchors
- Allows the AppCache feature to be re-enabled even if it is off by default.
- Allow the audio process to run with priority above normal on Windows
- Allow the audio sandbox to run
- Allow the listed sites to make requests to more-private network endpoints from insecure contexts.
- Allow user feedback
- Allow users to customize the background on the New Tab page
- Allow users to opt in to Safe Browsing extended reporting
- Allow websites to query for available payment methods.
- Always Open PDF files externally
- Always runs plugins that require authorization (deprecated)
- Application locale
- Ask where to save each file before downloading
- Block access to a list of URLs
- Block access to a list of URLs
- Block third party cookies
- Browser experiments icon in toolbar
- Browser sign in settings
- Browsing Data Lifetime Settings
- CECPQ2 post-quantum key-agreement enabled for TLS
- Clear Browsing Data on Exit
- Configure list of force-installed Web Apps
- Configure the color of the browser's theme
- Configure the content and order of preferred languages
- Continue running background apps when Google Chrome is closed
- Control how Chrome Cleanup reports data to Google
- Control SafeSites adult content filtering.
- Controls the mode of DNS-over-HTTPS
- Control the IntensiveWakeUpThrottling feature.
- Control use of the Headless Mode
- Control where Developer Tools can be used
- Default printer selection rules
- Define a list of protocols that can launch an external application from listed origins without prompting the user
- Define domains allowed to access Google Workspace
- Determine the availability of variations
- Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
- Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
- Disable Certificate Transparency enforcement for a list of URLs
- Disable Developer Tools
- Disable Print Preview
- Disable proceeding from the Safe Browsing warning page
- Disable saving browser history
- Disable SPDY protocol
- Disable support for 3D graphics APIs
- Disable synchronization of data with Google
- Disable taking screenshots
- Disable TLS False Start
- DNS interception checks enabled
- Do not set window.opener for links targeting _blank
- Enable 3DES cipher suites in TLS
- Enable additional protections for users enrolled in the Advanced Protection program
- Enable add person in user manager
- Enable alternate error pages
- Enable Ambient Authentication for profile types.
- Enable a TLS 1.3 security feature for local trust anchors.
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable chrome://devices
- Enable Chrome Cleanup on Windows
- Enable component updates in Google Chrome
- Enable CORS check mitigations in the new CORS implementation
- Enable deleting browser and download history
- Enable deprecated privet printing
- Enable deprecated web platform features for a limited time
- Enable desktop sharing in the omnibox and 3-dot menu
- Enable DHE cipher suites in TLS
- Enable ending processes in Task Manager
- Enable force sign in for Google Chrome
- Enable Get Image Descriptions from Google.
- Enable globally scoped HTTP auth cache
- Enable Google Cast
- Enable Google Cloud Print proxy
- Enable guest mode in browser
- Enable HTTP/0.9 support on non-default ports
- Enable lock icon in the omnibox for secure connections
- Enable mandatory cloud management enrollment
- Enable Media Recommendations
- Enable network prediction
- Enable network prediction
- Enable online OCSP/CRL checks
- Enable or disable bookmark editing
- Enable or disable spell checking web service
- Enable PAC URL stripping (for https://)
- Enable printing
- Enable RC4 cipher suites in TLS
- Enable Renderer Code Integrity
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable Safe Browsing
- Enable scrolling to text specified in URL fragments
- Enable search suggestions
- Enable security warnings for command-line flags
- Enable sending downloads to Google for deep scanning for users enrolled in the Advanced Protection program
- Enables experimental policies
- Enable showing full-tab promotional content
- Enable showing the welcome page on the first browser launch following OS upgrade
- Enable Signed HTTP Exchange (SXG) support
- Enable signin interception
- Enable Site Isolation for every site
- Enable Site Isolation for specified origins
- Enables managed extensions to use the Enterprise Hardware Platform API
- Enables merging of user cloud policies into machine-level policies
- Enable spellcheck
- Enables the concept of policy atomic groups
- Enable stricter treatment for mixed content
- Enable submission of documents to Google Cloud Print
- Enable the Click to Call Feature
- Enable the creation of roaming copies for Google Chrome profile data
- Enable third party software injection blocking
- Enable Translate
- Enable URL-keyed anonymized data collection
- Enable warnings for insecure forms
- Enable Window Occlusion
- Enable WPAD optimization
- Enforce browser guest mode
- Ephemeral profile
- Explicitly allowed network ports
- Extend Flash content setting to all content (deprecated)
- Fetch keepalive duration on Shutdown
- Force disable spellcheck languages
- Force disable spellcheck languages
- Force enable spellcheck languages
- Force Google SafeSearch
- Force minimum YouTube Restricted Mode
- Force networking code to run in the browser process
- Force YouTube Safety Mode
- Google Chrome cloud policy overrides Platform policy.
- Hide the web store from the New Tab Page and app launcher
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import of homepage from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Incognito mode availability
- Intranet Redirection Behavior
- Limits the number of user data snapshots retained for use in case of emergency rollback.
- List of file types that should be automatically opened on download
- List of names that will bypass the HSTS policy check
- List of types that should be excluded from synchronization
- Managed Bookmarks
- Maximal number of concurrent connections to the proxy server
- Maximum fetch delay after a policy invalidation
- Maximum SSL version enabled
- Minimum SSL version enabled
- Minimum TLS version to fallback to
- Notify a user that a browser relaunch or device restart is recommended or required
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Profile picker availability on startup
- Proxy settings
- Re-enable Web Components v0 API until M84.
- Refresh rate for user policy
- Require online OCSP/CRL checks for local trust anchors
- Restrict the range of local UDP ports used by WebRTC
- Restrict which Google accounts are allowed to be set as browser primary accounts in Google Chrome
- Set disk cache directory
- Set disk cache size in bytes
- Set download directory
- Set Google Chrome as Default Browser
- Set Google Chrome Frame user data directory
- Set limit on megabytes of memory a single Chrome instance can use.
- Set media disk cache size in bytes
- Sets managed configuration values to websites to specific origins
- Set the roaming profile directory
- Set the time interval for relaunch
- Set the time period for update notifications
- Set user data directory
- Show an "Always open" checkbox in external protocol dialog.
- Show cards on the New Tab Page
- Show Full URLs
- Show Home button on toolbar
- Show the apps shortcut in the bookmark bar
- Specifies whether to allow insecure websites to make requests to more-private network endpoints
- Specify a list of disabled plugins
- Specify a list of enabled plugins
- Specify a list of plugins that the user can enable or disable
- Specify URI template of desired DNS-over-HTTPS resolver
- Specify whether the plugin finder should be disabled (deprecated)
- Suppress JavaScript Dialogs triggered from different origin subframes
- Suppress lookalike domain warnings on domains
- Suppress the Google Chrome Frame turndown prompt
- Suppress the unsupported OS warning
- The enrollment token of cloud policy on desktop
- The IP handling policy of WebRTC
- URLs/domains automatically permitted direct Security Key attestation
- URLs for which local IPs are exposed in WebRTC ICE candidates
- URLs that will be granted access to audio capture devices without prompt
- URLs that will be granted access to video capture devices without prompt
- URLs where AutoOpenFileTypes can apply
- Use built-in DNS client
- Use hardware acceleration when available
- Use System Default Printer as Default
- Use the legacy CORS implementation rather than new CORS
- Content settings
- Google Chrome - Default Settings (users can override)
- Google
- Google Chrome - Default Settings (users can override)
- Content settings
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Home page
- New Tab Page
- Password manager
- Printing
- Removed policies
- Safe Browsing settings
- Startup pages
- Allow default search provider context menu search access
- Allow download restrictions
- Always Open PDF files externally
- Application locale
- Block third party cookies
- Continue running background apps when Google Chrome is closed
- Enable alternate error pages
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable network prediction
- Enable network prediction
- Enable or disable spell checking web service
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable Safe Browsing
- Enable search suggestions
- Enable Translate
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Set default download directory
- Set download directory
- Show Full URLs
- Show Home button on toolbar
- Use System Default Printer as Default
- Google Chrome
- Content settings
- Allow access to sensors on these sites
- Allow cookies on these sites
- Allow images on these sites
- Allow insecure content on these sites
- Allow JavaScript on these sites
- Allow JavaScript to use JIT on these sites
- Allow key generation on these sites
- Allow notifications on these sites
- Allow popups on these sites
- Allow read access via the File System API on these sites
- Allow the File Handling API on these web apps
- Allow the Flash plugin on these sites
- Allow the Serial API on these sites
- Allow WebUSB on these sites
- Allow write access to files and directories on these sites
- Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
- Automatically select client certificates for these sites
- Block access to sensors on these sites
- Block cookies on these sites
- Block images on these sites
- Block insecure content on these sites
- Block JavaScript from using JIT on these sites
- Block JavaScript on these sites
- Block key generation on these sites
- Block notifications on these sites
- Block popups on these sites
- Block read access via the File System API on these sites
- Block the File Handling API on these web apps
- Block the Flash plugin on these sites
- Block the Serial API on these sites
- Block WebUSB on these sites
- Block write access to files and directories on these sites
- Control use of insecure content exceptions
- Control use of JavaScript JIT
- Control use of the File Handling API
- Control use of the File System API for reading
- Control use of the File System API for writing
- Control use of the Serial API
- Control use of the Web Bluetooth API
- Control use of the WebUSB API
- Default cookies setting
- Default Flash setting
- Default geolocation setting
- Default images setting
- Default JavaScript setting
- Default key generation setting
- Default legacy SameSite cookie behavior setting
- Default notification setting
- Default popups setting
- Default sensors setting
- Limit cookies from matching URLs to the current session
- Revert to legacy SameSite behavior for cookies on these sites
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider instant URL
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter controlling search term placement for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for instant URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Allow insecure algorithms in integrity checks on extension updates and installs
- Allow sign in to Google Chrome
- Allow sites to simultaneously navigate and open pop-ups
- Allow users to show passwords in Password Manager (deprecated)
- Choose how to specify proxy server settings
- Clear site data on browser shutdown (deprecated)
- Control the User-Agent Client Hints feature.
- Default mediastream setting
- Disable URL protocol schemes
- Enable firewall traversal from remote access client
- Enable Incognito mode
- Enable Instant
- Enable JavaScript
- Enable Native Window Occlusion
- Enable the old web-based signin flow
- Enable two-factor authentication for remote access hosts
- Enterprise web store name (deprecated)
- Enterprise web store URL (deprecated)
- Force SafeSearch
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Prevent app promotions from appearing on the new tab page
- The enrollment token of cloud policy on desktop
- Use a default referrer policy of no-referrer-when-downgrade.
- Extensions
- Blocks external extensions from being installed
- Configure allowed app/extension types
- Configure extension, app, and user script install sources
- Configure extension installation allow list
- Configure extension installation blacklist
- Configure extension installation blocklist
- Configure extension installation whitelist
- Configure the list of force-installed apps and extensions
- Extension management settings
- Google Cast
- Home page
- HTTP authentication
- Allow Basic authentication for HTTP
- Authentication server allowlist
- Authentication server whitelist
- Cross-origin HTTP Authentication prompts
- Disable CNAME lookup when negotiating Kerberos authentication
- Include non-standard port in Kerberos SPN
- Kerberos delegation server allowlist
- Kerberos delegation server whitelist
- Supported authentication schemes
- Legacy Browser Support
- Alternative browser to launch for configured websites.
- Command-line parameters for switching from the alternative browser.
- Command-line parameters for the alternative browser.
- Delay before launching alternative browser (milliseconds)
- Enable the Legacy Browser Support feature.
- Keep last tab open in Chrome.
- Path to Chrome for switching from the alternative browser.
- URL of an XML file that contains URLs that should never trigger a browser switch.
- URL of an XML file that contains URLs to load in an alternative browser.
- Use Internet Explorer's SiteList policy for Legacy Browser Support.
- Websites that should never trigger a browser switch.
- Websites to open in alternative browser
- Locally managed users settings
- Native Messaging
- New Tab Page
- Password manager
- Printing
- Proxy server
- Remote access
- Allow gnubby authentication for remote access hosts
- Allow remote access connections to this machine
- Allow remote access users to transfer files to/from the host
- Allow remote users to interact with elevated windows in remote assistance sessions
- Client certificate for connecting to RemoteAccessHostTokenValidationUrl
- Configure the required domain name for remote access clients
- Configure the required domain name for remote access hosts
- Configure the required domain names for remote access clients
- Configure the required domain names for remote access hosts
- Configure the TalkGadget prefix for remote access hosts
- Enable curtaining of remote access hosts
- Enable firewall traversal from remote access host
- Enable or disable PIN-less authentication for remote access hosts
- Enable the use of relay servers by the remote access host
- Maximum session duration allowed for remote access connections
- Policy overrides for Debug builds of the remote access host
- Restrict the UDP port range used by the remote access host
- URL for validating remote access client authentication token
- URL where remote access clients should obtain their authentication token
- Removed policies
- Allow Google Chrome Frame to handle the following content types
- Default HTML renderer for Google Chrome Frame
- Allow WebDriver to Override Incompatible Policies
- Enable trust in Symantec Corporation's Legacy PKI Infrastructure
- Suppress Google Cloud Print deprecation messages
- Use Legacy Form Controls until M84.
- Safe Browsing settings
- Configure the change password URL.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of enterprise login URLs where password protection service should capture salted hashes of passwords.
- Enable Safe Browsing Extended Reporting
- Password protection warning trigger
- Safe Browsing Protection Level
- Startup pages
- Abusive Experience Intervention Enforce
- Ads setting for sites with intrusive ads
- Allow access to a list of URLs
- Allow access to a list of URLs
- Allow background tabs freeze
- Allow certificates issued by local trust anchors without subjectAlternativeName extension
- Allow collection of WebRTC event logs from Google services
- Allow default search provider context menu search access
- Allow Dinosaur Easter Egg Game
- Allow DNS queries for additional DNS record types
- Allow download restrictions
- Allow fullscreen mode
- Allow Google Cast to connect to Cast devices on all IP addresses.
- Allow invocation of file selection dialogs
- Allow legacy TLS/DTLS downgrade in WebRTC
- Allow media autoplay
- Allow media autoplay on a allowlist of URL patterns
- Allow media autoplay on a whitelist of URL patterns
- Allow merging dictionary policies from different sources
- Allow merging list policies from different sources
- Allow or deny audio capture
- Allow or deny screen capture
- Allow or deny video capture
- Allow proceeding from the SSL warning page
- Allow proceeding from the SSL warning page on specific origins
- Allow queries to a Google time service
- Allow queries to a Google time service
- Allow QUIC protocol
- Allow remote debugging
- Allow running plugins that are outdated
- Allows a page to perform synchronous XHR requests during page dismissal.
- Allows a page to show popups during its unloading
- Allow SHA-1 signed certificates issued by local trust anchors
- Allows the AppCache feature to be re-enabled even if it is off by default.
- Allow the audio process to run with priority above normal on Windows
- Allow the audio sandbox to run
- Allow the listed sites to make requests to more-private network endpoints from insecure contexts.
- Allow user feedback
- Allow users to customize the background on the New Tab page
- Allow users to opt in to Safe Browsing extended reporting
- Allow websites to query for available payment methods.
- Always Open PDF files externally
- Always runs plugins that require authorization (deprecated)
- Application locale
- Ask where to save each file before downloading
- Block access to a list of URLs
- Block access to a list of URLs
- Block third party cookies
- Browser experiments icon in toolbar
- Browser sign in settings
- Browsing Data Lifetime Settings
- CECPQ2 post-quantum key-agreement enabled for TLS
- Clear Browsing Data on Exit
- Configure list of force-installed Web Apps
- Configure the color of the browser's theme
- Configure the content and order of preferred languages
- Continue running background apps when Google Chrome is closed
- Control how Chrome Cleanup reports data to Google
- Control SafeSites adult content filtering.
- Controls the mode of DNS-over-HTTPS
- Control the IntensiveWakeUpThrottling feature.
- Control use of the Headless Mode
- Control where Developer Tools can be used
- Default printer selection rules
- Define a list of protocols that can launch an external application from listed origins without prompting the user
- Define domains allowed to access Google Workspace
- Determine the availability of variations
- Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
- Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
- Disable Certificate Transparency enforcement for a list of URLs
- Disable Developer Tools
- Disable Print Preview
- Disable proceeding from the Safe Browsing warning page
- Disable saving browser history
- Disable SPDY protocol
- Disable support for 3D graphics APIs
- Disable synchronization of data with Google
- Disable taking screenshots
- Disable TLS False Start
- DNS interception checks enabled
- Do not set window.opener for links targeting _blank
- Enable 3DES cipher suites in TLS
- Enable additional protections for users enrolled in the Advanced Protection program
- Enable add person in user manager
- Enable alternate error pages
- Enable Ambient Authentication for profile types.
- Enable a TLS 1.3 security feature for local trust anchors.
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable AutoFill
- Enable Bookmark Bar
- Enable chrome://devices
- Enable Chrome Cleanup on Windows
- Enable component updates in Google Chrome
- Enable CORS check mitigations in the new CORS implementation
- Enable deleting browser and download history
- Enable deprecated privet printing
- Enable deprecated web platform features for a limited time
- Enable desktop sharing in the omnibox and 3-dot menu
- Enable DHE cipher suites in TLS
- Enable ending processes in Task Manager
- Enable force sign in for Google Chrome
- Enable Get Image Descriptions from Google.
- Enable globally scoped HTTP auth cache
- Enable Google Cast
- Enable Google Cloud Print proxy
- Enable guest mode in browser
- Enable HTTP/0.9 support on non-default ports
- Enable lock icon in the omnibox for secure connections
- Enable mandatory cloud management enrollment
- Enable Media Recommendations
- Enable network prediction
- Enable network prediction
- Enable online OCSP/CRL checks
- Enable or disable bookmark editing
- Enable or disable spell checking web service
- Enable PAC URL stripping (for https://)
- Enable printing
- Enable RC4 cipher suites in TLS
- Enable Renderer Code Integrity
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable Safe Browsing
- Enable scrolling to text specified in URL fragments
- Enable search suggestions
- Enable security warnings for command-line flags
- Enable sending downloads to Google for deep scanning for users enrolled in the Advanced Protection program
- Enables experimental policies
- Enable showing full-tab promotional content
- Enable showing the welcome page on the first browser launch following OS upgrade
- Enable Signed HTTP Exchange (SXG) support
- Enable signin interception
- Enable Site Isolation for every site
- Enable Site Isolation for specified origins
- Enables managed extensions to use the Enterprise Hardware Platform API
- Enables merging of user cloud policies into machine-level policies
- Enable spellcheck
- Enables the concept of policy atomic groups
- Enable stricter treatment for mixed content
- Enable submission of documents to Google Cloud Print
- Enable the Click to Call Feature
- Enable the creation of roaming copies for Google Chrome profile data
- Enable third party software injection blocking
- Enable Translate
- Enable URL-keyed anonymized data collection
- Enable warnings for insecure forms
- Enable Window Occlusion
- Enable WPAD optimization
- Enforce browser guest mode
- Ephemeral profile
- Explicitly allowed network ports
- Extend Flash content setting to all content (deprecated)
- Fetch keepalive duration on Shutdown
- Force disable spellcheck languages
- Force disable spellcheck languages
- Force enable spellcheck languages
- Force Google SafeSearch
- Force minimum YouTube Restricted Mode
- Force networking code to run in the browser process
- Force YouTube Safety Mode
- Google Chrome cloud policy overrides Platform policy.
- Hide the web store from the New Tab Page and app launcher
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import of homepage from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Incognito mode availability
- Intranet Redirection Behavior
- Limits the number of user data snapshots retained for use in case of emergency rollback.
- List of file types that should be automatically opened on download
- List of names that will bypass the HSTS policy check
- List of types that should be excluded from synchronization
- Managed Bookmarks
- Maximal number of concurrent connections to the proxy server
- Maximum fetch delay after a policy invalidation
- Maximum SSL version enabled
- Minimum SSL version enabled
- Minimum TLS version to fallback to
- Notify a user that a browser relaunch or device restart is recommended or required
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Profile picker availability on startup
- Proxy settings
- Re-enable Web Components v0 API until M84.
- Refresh rate for user policy
- Require online OCSP/CRL checks for local trust anchors
- Restrict the range of local UDP ports used by WebRTC
- Restrict which Google accounts are allowed to be set as browser primary accounts in Google Chrome
- Set disk cache directory
- Set disk cache size in bytes
- Set download directory
- Set Google Chrome as Default Browser
- Set Google Chrome Frame user data directory
- Set limit on megabytes of memory a single Chrome instance can use.
- Set media disk cache size in bytes
- Sets managed configuration values to websites to specific origins
- Set the roaming profile directory
- Set the time interval for relaunch
- Set the time period for update notifications
- Set user data directory
- Show an "Always open" checkbox in external protocol dialog.
- Show cards on the New Tab Page
- Show Full URLs
- Show Home button on toolbar
- Show the apps shortcut in the bookmark bar
- Specifies whether to allow insecure websites to make requests to more-private network endpoints
- Specify a list of disabled plugins
- Specify a list of enabled plugins
- Specify a list of plugins that the user can enable or disable
- Specify URI template of desired DNS-over-HTTPS resolver
- Specify whether the plugin finder should be disabled (deprecated)
- Suppress JavaScript Dialogs triggered from different origin subframes
- Suppress lookalike domain warnings on domains
- Suppress the Google Chrome Frame turndown prompt
- Suppress the unsupported OS warning
- The enrollment token of cloud policy on desktop
- The IP handling policy of WebRTC
- URLs/domains automatically permitted direct Security Key attestation
- URLs for which local IPs are exposed in WebRTC ICE candidates
- URLs that will be granted access to audio capture devices without prompt
- URLs that will be granted access to video capture devices without prompt
- URLs where AutoOpenFileTypes can apply
- Use built-in DNS client
- Use hardware acceleration when available
- Use System Default Printer as Default
- Use the legacy CORS implementation rather than new CORS
- Content settings
- Google Chrome - Default Settings (users can override)