security123

Level 25
Verified
As we have only threads for other browser flags, i think it's time to create one for new Chromium-Edge :)

Here are my flags for my Version 80.0.361.66 (Offizielles Build) (64-Bit) (Stable):

# Anonymize local IPs exposed by WebRTC: Enabled
# Extension Content Verification: Enforce Strict
# Reduce default 'referer' header granularity: Enabled
# Load Media Router Component Extension: Disabled
# Connect to Cast devices on all IP addresses: Disabled
# Block scripts loaded via document.write: Enabled
# Parallel downloading: Enabled
# Mark non-secure origins as non-secure: Enabled (mark as active dangerous)
# Enable GPU AppContainer Lockdown: Enabled
# Treat risky downloads over insecure connections as active mixed content: Enabled
# De-elevate browser on launch: Enabled
# Enable IE Integration: Disabled
# Strict-Origin-Isolation: Enabled
# SameSite by default cookie: Enabled
# Cookies without SameSite must be secure: Enabled
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Now, you ;)
 
Last edited:

security123

Level 25
Verified
You add:

Microsoft Edge tracking prevention
To Enabled i guess

Secure DNS lookups
Only needed if system DNS is insecure ;)
This would circumvent my PiHole.

I also found:
Blockable mixed content switch as site setting
(Removes the blockable mixed content shield, and adds an 'Insecure Content' site setting to allow blockable mixed content)

Edit:
And thanks to the tracking prevention suggestion i also found:
Experimental Tracking Prevention Features

(Enables upcoming and experimental improvements to Tracking Prevention)
 

security123

Level 25
Verified
You don't have to enable it:

Removes the blockable mixed content shield, and adds an 'Insecure Content' site setting to allow blockable mixed content

P.S. Obviously I don't use Chromium / Edge I write it for the benefit of others.
Okay.

I add these to mainpost:
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Also i found:
# Microsoft Defender SmartScreen AppRep support:
(Enable Microsoft Defender SmartScreen AppRep support)

# Enable SmartScreen Model Evaluation:
(If enabled, Microsoft Defender SmartScreen may collect information about sites you visit to evaluate their reputation)

But i'm not sure if these are required or good for privacy. Also we have already SmartScreen.
@Andy_Ful: What you mean?
 

oldschool

Level 55
Verified
Okay.

I add these to mainpost:
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Also i found:
# Microsoft Defender SmartScreen AppRep support:
(Enable Microsoft Defender SmartScreen AppRep support)

# Enable SmartScreen Model Evaluation:
(If enabled, Microsoft Defender SmartScreen may collect information about sites you visit to evaluate their reputation)

But i'm not sure if these are required or good for privacy. Also we have already SmartScreen.
@Andy_Ful: What you mean?

Available by default in settings: #1, #3,

#2 appears to do nothing. Maybe something in the future?

#4, I don't know what it does. ???

#5 It's already in settings. Will lower your privacy if enabled.
 

Andy Ful

Level 63
Verified
Trusted
Content Creator
Okay.

I add these to mainpost:
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Also i found:
# Microsoft Defender SmartScreen AppRep support:
(Enable Microsoft Defender SmartScreen AppRep support)

# Enable SmartScreen Model Evaluation:
(If enabled, Microsoft Defender SmartScreen may collect information about sites you visit to evaluate their reputation)

But i'm not sure if these are required or good for privacy. Also we have already SmartScreen.
@Andy_Ful: What you mean?
I disabled # Enable SmartScreen Model Evaluation - it is not required. Others can be set via : Settings >> Privacy and services.
There are also Windows Policies to set these (and many other) restrictions for Edge Chromium, but they do not work on Windows Pro, so far.
The Edge Chromium SmartScreen settings for the current user can be set via reg tweaks.
 

security123

Level 25
Verified
With Edge 82, TLS Post-Quantum Confidentiality is available in edge://flags
This option enables a post-quantum (i.e. resistent to quantum computers) key exchange algorithm in TLS (CECPQ2). – Mac, Windows #post-quantum-cecpq2
 

security123

Level 25
Verified
Edge 84 will get the following new flag:
#sharing-qr-code-generator

That provide a „Enable sharing page via QR Code“ feature:

(found that on german site QR Code im Microsoft Edge aktivieren und nutzen)
 

Lenny_Fox

Level 14
Verified
Edge flags currently enabled:

#enable-webrtc-hide-local-ips-with-mdns
#extension-content-verification (strict)
#reduced-referrer-granularity
#load-media-router-component-extension (disabled)
#media-router-cast-allow-all-ips (disabled)
#disallow-doc-written-script-loads
#enable-parallel-downloading
#enable-lazy-image-loading (enabled)
#enable-lazy-frame-loading (enabled)
#treat-unsafe-downloads-as-active-content
#edge-de-elevate-on-launch [this is a great feature IMO]
#edge-internet-explorer-integration (disabled)
#strict-origin-isolation
#same-site-by-default-cookies
#cookies-without-same-site-must-be-secure

Using AdGuard extension instead of SmartScreen and Anti-tracking (because of privacy/granularity reasons) otherwise this would be a near copy of @security123 's flag selection
 

cryogent

Level 5
Verified
My Edge Dev (84.0.488.1 ) flags:

Enabled
#enable-webrtc-hide-local-ips-with-mdns
#smooth-scrolling
#enable-gpu-rasterization
#extension-content-verification - Enforce Strict
#reduced-referrer-granularity
#disallow-doc-written-script-loads
#post-quantum-cecpq2
#enable-parallel-downloading
#treat-unsafe-downloads-as-active-content
#edge-de-elevate-on-launch
#edge-experimental-tracking-prevention-features
#edge-smartscreen-apprep
#edge-smartscreen-pua
#edge-tracking-prevention
#strict-origin-isolation
#same-site-by-default-cookies
#cookies-without-same-site-must-be-secure
#turn-off-streaming-media-caching
#dns-over-https
#show-legacy-tls-warnings

Disabled
#media-router-cast-allow-all-ips
#load-media-router-component-extension
 

security123

Level 25
Verified
Freeze User-Agent request header
Google Groups
I test it with useragent at DuckDuckGo and the result is:

before:
Code:
Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

after:
Code:
Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

So i wait until it's finished as this state would only produce false warnings because of outdated browser version
 

HarborFront

Level 54
Verified
Content Creator
I test it with useragent at DuckDuckGo and the result is:

before:
Code:
Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

after:
Code:
Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

So i wait until it's finished as this state would only produce false warnings because of outdated browser version
With this flag I removed Random User-Agent extension. One extension less in Brave/Ungoogled Chromium browsers
 
Top