security123

Level 26
Verified
This was integrated by default not long after the introduction of Edge Chromium so the flag was superfluous quite some time ago.
Good to know!

Also i found this new flag:
Application Guard Prelaunch
If enabled, Microsoft Edge Application Guard will be prelaunched in the background when recently used. – Windows
#edge-wdag-prelaunch
 

security123

Level 26
Verified
Tip: DON'T enable this flag if you watch videos in the new Chromium Edge

For a few weeks, I had a bug where I couldn't play any video content in MSEdge, and thought it was just because I was on the canary channel. I thought the bug would resolve itself, but after a while, I realized that something must be wrong as I was the only one experiencing the bug.

After thinking about it some more, and getting really fed-up that I couldn't watch videos of any sort (from Reddit, YouTube, Twitter, etc), I decided to look at the flags I had enabled to see if any of them were causing the issue, and low and behold, disabling this one did the trick.

If you like to enable flags to test new features: DON'T ENABLE THIS ONE! Something about it ruins Edge's ability to play video content, and just shows a black screen instead of the video.

If you know what it does, or you're testing the flag, power to you! Otherwise, just stay away from it. ;)

Enjoy the new Edge experience! I'm excited to see these new vertical tabs.... Seems like an interesting idea....
#edge-mf-clear-playback-win10
 

Spawn

Administrator
Verified
Staff member
I don't think this is new, but might be of interest for some users.
Extension Content Verification
This flag can be used to turn on verification that the contents of the files on disk for extensions from the webstore match what they're expected to be. This can be used to turn on this feature if it would not otherwise have been turned on, but cannot be used to turn it off (because this setting can be tampered with by malware). – Mac, Windows
edge://flags/#extension-content-verification

1600616943183.png
 

security123

Level 26
Verified
I reset #same-site-by-default-cookies because that's now default with Edge 86 (y)

SameSite=Lax Cookies By Default. To improve web security and privacy, cookies will now default to SameSite=Lax handling by default. This means that cookies will only be sent in a first-party context and will be omitted for requests sent to third-parties. This change can cause compatibility impact on websites that require cookies for third-party resources to function correctly. To permit such cookies, web developers can mark cookies which should be set from and sent to third-party contexts by adding explicit SameSite=none and Secure attributes when the cookie is set. Enterprises that wish to exempt certain sites from this change can do so using the LegacySameSiteCookieBehaviorEnabledForDomainList policy, or can opt-out of the change across all sites using the LegacySameSiteCookieBehaviorEnabled policy.
 

Lenny_Fox

Level 14
Verified
Sorry just being lazy, are any of these setting now default?

#Anonymize local IPs exposed by WebRTC.
#extension-content-verification (strict)
#reduced-referrer-granularity
#disallow-doc-written-script-loads
#enable-mark-http-as (unsecure)
#enable-lazy-image-loading
#enable-lazy-frame-loading
#strict-origin-isolation
#enable-heavy-ad-intervention
#raw-clipboard (disabled)

Thanks in advance (@knowledgable members of this forum :) )
 
Last edited:

security123

Level 26
Verified
#Anonymize local IPs exposed by WebRTC
Not available anymore

available but not needed

available, unsure about if it is good or not

#extension-content-verification (strict)
#disallow-doc-written-script-loads
#enable-mark-http-as (unsecure)
#enable-lazy-frame-loading
#strict-origin-isolation
#enable-heavy-ad-intervention
available and still important
 

Lenny_Fox

Level 14
Verified
Thanks new list of enabled flags

Extension
  • Extension Content Verification (strict)
  • CORS for content scripts
  • Force empty CORB and CORS allowlist
  • Load Media Router Component Extension (disabled)
Security
  • Strict-Origin-Isolation
  • Block scripts loaded via document.write
Privacy
  • Heavy Ad Intervention
  • Heavy ad privacy mitigations
 

security123

Level 26
Verified
#reduced-referrer-granularity is enabled by default since Chromium 85:

found on Privacy-related: Consider enabling these two Chromium flags by default. · Issue #71 · GrapheneOS/Vanadium
 
Top