Advice Request The best experimental flags for Microsoft Edge (edge://flags)

  • Thread starter ForgottenSeer 85179
  • Start date

Please provide comments and solutions that are helpful to the author of this topic.

F

ForgottenSeer 85179

Thread author
As we have only threads for other browser flags, i think it's time to create one for new Chromium-Edge :)

Here are my flags for my Version 80.0.361.66 (Offizielles Build) (64-Bit) (Stable):

# Anonymize local IPs exposed by WebRTC: Enabled
# Extension Content Verification: Enforce Strict
# Reduce default 'referer' header granularity: Enabled
# Load Media Router Component Extension: Disabled
# Connect to Cast devices on all IP addresses: Disabled
# Block scripts loaded via document.write: Enabled
# Parallel downloading: Enabled
# Mark non-secure origins as non-secure: Enabled (mark as active dangerous)
# Enable GPU AppContainer Lockdown: Enabled
# Treat risky downloads over insecure connections as active mixed content: Enabled
# De-elevate browser on launch: Enabled
# Enable IE Integration: Disabled
# Strict-Origin-Isolation: Enabled
# SameSite by default cookie: Enabled
# Cookies without SameSite must be secure: Enabled
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Now, you ;)
 
Last edited by a moderator:
F

ForgottenSeer 85179

Thread author
You add:

Microsoft Edge tracking prevention
To Enabled i guess

Secure DNS lookups
Only needed if system DNS is insecure ;)
This would circumvent my PiHole.

I also found:
Blockable mixed content switch as site setting
(Removes the blockable mixed content shield, and adds an 'Insecure Content' site setting to allow blockable mixed content)

Edit:
And thanks to the tracking prevention suggestion i also found:
Experimental Tracking Prevention Features

(Enables upcoming and experimental improvements to Tracking Prevention)
 
F

ForgottenSeer 85179

Thread author
You don't have to enable it:

Removes the blockable mixed content shield, and adds an 'Insecure Content' site setting to allow blockable mixed content

P.S. Obviously I don't use Chromium / Edge I write it for the benefit of others.
Okay.

I add these to mainpost:
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Also i found:
# Microsoft Defender SmartScreen AppRep support:
(Enable Microsoft Defender SmartScreen AppRep support)

# Enable SmartScreen Model Evaluation:
(If enabled, Microsoft Defender SmartScreen may collect information about sites you visit to evaluate their reputation)

But i'm not sure if these are required or good for privacy. Also we have already SmartScreen.
@Andy_Ful: What you mean?
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
Okay.

I add these to mainpost:
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Also i found:
# Microsoft Defender SmartScreen AppRep support:
(Enable Microsoft Defender SmartScreen AppRep support)

# Enable SmartScreen Model Evaluation:
(If enabled, Microsoft Defender SmartScreen may collect information about sites you visit to evaluate their reputation)

But i'm not sure if these are required or good for privacy. Also we have already SmartScreen.
@Andy_Ful: What you mean?

Available by default in settings: #1, #3,

#2 appears to do nothing. Maybe something in the future?

#4, I don't know what it does. ???

#5 It's already in settings. Will lower your privacy if enabled.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Okay.

I add these to mainpost:
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Also i found:
# Microsoft Defender SmartScreen AppRep support:
(Enable Microsoft Defender SmartScreen AppRep support)

# Enable SmartScreen Model Evaluation:
(If enabled, Microsoft Defender SmartScreen may collect information about sites you visit to evaluate their reputation)

But i'm not sure if these are required or good for privacy. Also we have already SmartScreen.
@Andy_Ful: What you mean?
I disabled # Enable SmartScreen Model Evaluation - it is not required. Others can be set via : Settings >> Privacy and services.
There are also Windows Policies to set these (and many other) restrictions for Edge Chromium, but they do not work on Windows Pro, so far.
The Edge Chromium SmartScreen settings for the current user can be set via reg tweaks.
 
F

ForgottenSeer 85179

Thread author
With Edge 82, TLS Post-Quantum Confidentiality is available in edge://flags
This option enables a post-quantum (i.e. resistent to quantum computers) key exchange algorithm in TLS (CECPQ2). – Mac, Windows #post-quantum-cecpq2
 
F

ForgottenSeer 85179

Thread author
Edge 84 will get the following new flag:
#sharing-qr-code-generator

That provide a „Enable sharing page via QR Code“ feature:
qr-code-microsoft-edge-chromium.jpg

(found that on german site QR Code im Microsoft Edge aktivieren und nutzen)
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Edge flags currently enabled:

#enable-webrtc-hide-local-ips-with-mdns
#extension-content-verification (strict)
#reduced-referrer-granularity
#load-media-router-component-extension (disabled)
#media-router-cast-allow-all-ips (disabled)
#disallow-doc-written-script-loads
#enable-parallel-downloading
#enable-lazy-image-loading (enabled)
#enable-lazy-frame-loading (enabled)
#treat-unsafe-downloads-as-active-content
#edge-de-elevate-on-launch [this is a great feature IMO]
#edge-internet-explorer-integration (disabled)
#strict-origin-isolation
#same-site-by-default-cookies
#cookies-without-same-site-must-be-secure

Using AdGuard extension instead of SmartScreen and Anti-tracking (because of privacy/granularity reasons) otherwise this would be a near copy of @security123 's flag selection
 

cryogent

Level 7
Verified
Well-known
Oct 1, 2016
307
My Edge Dev (84.0.488.1 ) flags:

Enabled
#enable-webrtc-hide-local-ips-with-mdns
#smooth-scrolling
#enable-gpu-rasterization
#extension-content-verification - Enforce Strict
#reduced-referrer-granularity
#disallow-doc-written-script-loads
#post-quantum-cecpq2
#enable-parallel-downloading
#treat-unsafe-downloads-as-active-content
#edge-de-elevate-on-launch
#edge-experimental-tracking-prevention-features
#edge-smartscreen-apprep
#edge-smartscreen-pua
#edge-tracking-prevention
#strict-origin-isolation
#same-site-by-default-cookies
#cookies-without-same-site-must-be-secure
#turn-off-streaming-media-caching
#dns-over-https
#show-legacy-tls-warnings

Disabled
#media-router-cast-allow-all-ips
#load-media-router-component-extension
 
F

ForgottenSeer 85179

Thread author
Freeze User-Agent request header
Google Groups
I test it with useragent at DuckDuckGo and the result is:

before:
Code:
Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

after:
Code:
Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

So i wait until it's finished as this state would only produce false warnings because of outdated browser version
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
I test it with useragent at DuckDuckGo and the result is:

before:
Code:
Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

after:
Code:
Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

So i wait until it's finished as this state would only produce false warnings because of outdated browser version
With this flag I removed Random User-Agent extension. One extension less in Brave/Ungoogled Chromium browsers
 
F

ForgottenSeer 85179

Thread author
#legacy-tls-enforced isn't needed any more as with curent Edge 74 TLS 1.0 & 1.1 are disabled by default.
Can be tested on SSLabs

Edit:
#edge-de-elevate-on-launch is gone :oops:
Same for #edge-smartscreen-evaluate-model
and #passive-mixed-content-warning
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top