FI, those using the Eloston Ungoogled Chromium v81.xxxxxx the "Extensions Toolbar Menu" flag is already there. Just enable it.
List of Interesting Experimental Flags for Google Chrome to Try Out
- Thread starter Petrovic
- Start date
- Jul 5, 2019
- 605
Enable next setting in experiments. Will come in Chrome 84.0 in July. Now already in Edge Chromium.
Last edited:
- Jul 5, 2019
- 605
Rectification: the option is already available in Chrome 83. Sorry.
Experimental QUIC Protocol - Disabled
Please read the comment inside the below article to disable it
Quote from comment
The ‘QUIC’ protocol (Google originated BTW) appears to be insecure against webtracking by commercial as well as govt. trackers & surveillance. A user/browser may be (passively) uniquely tracked across a browsing session (and possibly across multiple sessions in some instances), without the need for cookies, other trackers, or fingerprinting, according to a recent University of Hamburg paper:
https://content.sciendo.com/downloadpdf/journals/popets/2019/3/article-p255.pdf
Thus, probably best not to enable this in your browser if you are privacy-minded, until this hole is patched … (I haven’t been able to find any mention that browser vendors have even addressed this to-date)
QUIC has already been enabled in Chrome for quite some time, surprise, surprise (Google builds in yet another hidden, powerful privacy-shredding tracker into its next-generation web technology and as well as its 60%-market-share-browser?? There’s a shocker for ya…)
You can disable this in most Chromium-based browsers, tho’, and/or otherwise at your OS firewall:
How to disable QUIC protocol in Google Chrome
Unquote
Please read the comment inside the below article to disable it
How to enable HTTP/3 support in Firefox - gHacks Tech News
Find out how to enable support for the upcoming Hypertext Transfer Protocol HTTP/3 and the transport protocol QUIC in Firefox.
www.ghacks.net
Quote from comment
The ‘QUIC’ protocol (Google originated BTW) appears to be insecure against webtracking by commercial as well as govt. trackers & surveillance. A user/browser may be (passively) uniquely tracked across a browsing session (and possibly across multiple sessions in some instances), without the need for cookies, other trackers, or fingerprinting, according to a recent University of Hamburg paper:
https://content.sciendo.com/downloadpdf/journals/popets/2019/3/article-p255.pdf
Thus, probably best not to enable this in your browser if you are privacy-minded, until this hole is patched … (I haven’t been able to find any mention that browser vendors have even addressed this to-date)
QUIC has already been enabled in Chrome for quite some time, surprise, surprise (Google builds in yet another hidden, powerful privacy-shredding tracker into its next-generation web technology and as well as its 60%-market-share-browser?? There’s a shocker for ya…)
You can disable this in most Chromium-based browsers, tho’, and/or otherwise at your OS firewall:
How to disable QUIC protocol in Google Chrome
Unquote
- Nov 10, 2017
- 3,250
A new Chrome experimental flag is available to enable the feature in development versions of the Chrome we browser (Canary).
- Name: Throttle Javascript timers in background.
- Description: When enabled, wake ups from DOM Timers are limited to 1 per minute in a page that has been hidden for 5 minutes.
- Load
chrome://flagsin the web browser's address bar. - Search for Throttle Javascript timers in background.
- Set the flag to Enabled.
- Restart the browser.
Chrome JavaScript throttling experiment improves Battery significantly - gHacks Tech News
Google has run experiments in the past couple of months in its Chrome web browser to find out if the throttling of JavaScript in background tabs has an effect on the battery usage of the web browser.
www.ghacks.net
SET TO DISABLE to hide extension icon.
Enable a separate toolbar button and menu for extensions – Mac, Windows, Linux, Chrome OS
Enable a separate toolbar button and menu for extensions – Mac, Windows, Linux, Chrome OS
chrome://flags/#extensions-toolbar-menuCan enable this flag
Prefetch request properties are updated to be privacy-preserving
Prefetch requests will not follow redirects, not send a Referer header, not send credentials for cross-origin requests, and do not pass through service workers.
Prefetch request properties are updated to be privacy-preserving
Prefetch requests will not follow redirects, not send a Referer header, not send credentials for cross-origin requests, and do not pass through service workers.
- Aug 21, 2020
- 605
I have been using the post-quantum key exchange flag for 2 months now with no issues. What you will see in the Security tab is "CECPQ2" (screenshot) as you navigate Google and Cloudflare websites. It's a combination of X25519 + an updated structured-lattice scheme (NTRU-HRSS). The links below go into way better detail. For me it appears to only trigger PQ encryption on Google domains but it's still worth turning on:
Information on CECPQ2:
blog.cloudflare.com
NIST Research Presentation (PDF)
Observations:
-I have not noticed a discernible difference in performance compared to TLS 1.3 with just X25519
-It is slower than QUIC X25519 and Google Chrome will prefer QUIC over TLS 1.3 CECPQ2
-There are reports that it does break a few sites (ERR_CONNECTION_RESET): Source
chrome://flags/#post-quantum-cecpq2Information on CECPQ2:
The TLS Post-Quantum Experiment
Take a look at the results of a real-world TLS post-quantum experiment conducted by Cloudflare & Google.
blog.cloudflare.com
ImperialViolet - ImperialViolet.org
www.imperialviolet.org
Observations:
-I have not noticed a discernible difference in performance compared to TLS 1.3 with just X25519
-It is slower than QUIC X25519 and Google Chrome will prefer QUIC over TLS 1.3 CECPQ2
-There are reports that it does break a few sites (ERR_CONNECTION_RESET): Source
Attachments
Please enable the following flags in Chrome 85 if you have them
Framebusting requirers same-origin or a user gesture
Top document isolation
Strict site isolation
I'm basing on my latest Kiwi browesr version
Framebusting requirers same-origin or a user gesture
Top document isolation
Strict site isolation
I'm basing on my latest Kiwi browesr version
Last edited:
Enable flag 'Insecure origins treated as secure'
In my case I added the below HTTP sites (separated by a comma). By doing so the word 'Not secure' will no longer appear before the http://xxxxxxxxx in the address bar. Since some of the HTTP sites also cannot be upgraded to HTTPS sites in this case the Smart HTTP extension is of no use.
httx://budgetlightforum.com/, httx://eng.chinamil.com.cn/, httx://forum.notebookreview.com/, httx://www.candlepowerforums.com/, httx://www.globaltimes.cn/index.html, httx://www.ecns.cn/
Replace the 'x' by 'p'
In my case I added the below HTTP sites (separated by a comma). By doing so the word 'Not secure' will no longer appear before the http://xxxxxxxxx in the address bar. Since some of the HTTP sites also cannot be upgraded to HTTPS sites in this case the Smart HTTP extension is of no use.
httx://budgetlightforum.com/, httx://eng.chinamil.com.cn/, httx://forum.notebookreview.com/, httx://www.candlepowerforums.com/, httx://www.globaltimes.cn/index.html, httx://www.ecns.cn/
Replace the 'x' by 'p'
Last edited:
Enabling Back-forward cache
web.dev
Back/forward cache
Learn how to optimize your pages for instant loads when using the browser's back and forward buttons.
web.dev
Last edited:
- Oct 1, 2019
- 1,120
Lazy Lenny here 
these the flags set. Which ones are redundant because the default has changed?
Security
Experimental quick protocol - disabled
Block scripts loaded via document Write - disabled
Block insecure private network requests - enabled
Force empty CORB and CORS allowlist - enabled
Treat risky downloads over insecure connections as active mixed content - enabled
Strict-Origin-Isolation - enabled
Storage Access API - disabled
Privacy
Anonymize local IPs exposed by WebRTC - enabled
Frecency ranking for local history zero-prefix suggestions - disabled
Omnibox short bookmark suggestions - disabled
Omnibox switch to tab suggestions - disabled
Omnibox Pedal suggestions - disabled
Omnibox Rich Autocompletion Promising Combinations - disabled
Omnibox Dynamic Max Autocomplete - disabled
SameSite by default cookies - enabled
Cookies without SameSite must be secure - enabled
Heavy Ad Intervention - enabled
Heavy ad privacy mitigations - enabled
Schemeful Same-Site - enabled
Performance
Load media router component - disabled
Parallel downloading - enabled
Enable lazy image loading - enabled
Enable lazy frame loading - enabled
Don't use or don't need
Allow all sites to initiate mirroring - disabled
Enable On-Demand Media Router Extension - disabled
Background Push Notifications - disabled
Toast Notification Background Task Event Handlers - disabled
Enable Share Targets - disabled
Functionality
Vertical tabs - enabled
Thanks for your feedback and tips in advance
Lenny
these the flags set. Which ones are redundant because the default has changed?Security
Experimental quick protocol - disabled
Block scripts loaded via document Write - disabled
Block insecure private network requests - enabled
Force empty CORB and CORS allowlist - enabled
Treat risky downloads over insecure connections as active mixed content - enabled
Strict-Origin-Isolation - enabled
Storage Access API - disabled
Privacy
Anonymize local IPs exposed by WebRTC - enabled
Frecency ranking for local history zero-prefix suggestions - disabled
Omnibox short bookmark suggestions - disabled
Omnibox switch to tab suggestions - disabled
Omnibox Pedal suggestions - disabled
Omnibox Rich Autocompletion Promising Combinations - disabled
Omnibox Dynamic Max Autocomplete - disabled
SameSite by default cookies - enabled
Cookies without SameSite must be secure - enabled
Heavy Ad Intervention - enabled
Heavy ad privacy mitigations - enabled
Schemeful Same-Site - enabled
Performance
Load media router component - disabled
Parallel downloading - enabled
Enable lazy image loading - enabled
Enable lazy frame loading - enabled
Don't use or don't need
Allow all sites to initiate mirroring - disabled
Enable On-Demand Media Router Extension - disabled
Background Push Notifications - disabled
Toast Notification Background Task Event Handlers - disabled
Enable Share Targets - disabled
Functionality
Vertical tabs - enabled
Thanks for your feedback and tips in advance
Lenny
Last edited:
- May 13, 2017
- 2,630
I was under impression, it is better to have it disabled.
Code:
Disabled #heavy-ad-privacy-mitigations
Disabled #tab-hover-cards
Enabled #block-insecure-private-network-requests
Enabled #disallow-doc-written-script-loads
Enabled #dns-httpssvc
Enabled #enable-heavy-ad-intervention
Enabled #enable-parallel-downloading
Enabled #enable-quic
Enabled #enable-webrtc-hide-local-ips-with-mdns
Enabled #omnibox-default-typed-navigations-to-https
Enabled #quiet-notification-prompts
Enabled #safe-browsing-enhanced-protection-message-in-interstitials
Enabled #turn-off-streaming-media-caching-always
Enabled #use-sync-sandboxA new flag in Chrome v89 which you can enable. Chrome will try HTTPS first if you type an incomplete URL
chrome://flags/#omnibox-default-typed-navigations-to-https
chrome://flags/#omnibox-default-typed-navigations-to-https
- Mar 16, 2019
- 3,862
Looks like Chrome already does this in 89.
Source:
Here is what is new in Google Chrome 89 - gHacks Tech News
Google released a new stable version of its Chrome browser on March 2, 2021. Google Chrome 89 is a security release that includes improvements and bug fixes.
www.ghacks.net
Just updated my UC to v95 and found some new flags
1) Strict Extension Isolation
Experimental security mode that prevents extensions from sharing a process with each other. – Mac, Windows, Linux, Chrome OS
2) HTTPS-First Mode Setting
Adds a setting under chrome://settings/security to opt-in to HTTPS-First Mode. – Mac, Windows, Linux, Chrome OS, Android
The below flag has expired
chrome://flags/#omnibox-default-typed-navigations-to-https
Note: Many of the existing flags have EXPIRED!!
Anyone enables the above?
Any other flag(s) that deserves to be enabled i.e from v90 to v95?
1) Strict Extension Isolation
Experimental security mode that prevents extensions from sharing a process with each other. – Mac, Windows, Linux, Chrome OS
2) HTTPS-First Mode Setting
Adds a setting under chrome://settings/security to opt-in to HTTPS-First Mode. – Mac, Windows, Linux, Chrome OS, Android
The below flag has expired
chrome://flags/#omnibox-default-typed-navigations-to-https
Note: Many of the existing flags have EXPIRED!!
Anyone enables the above?
Any other flag(s) that deserves to be enabled i.e from v90 to v95?
Last edited:
- Jan 26, 2020
- 1,628
Is this flag ok and safe to enable now in Google Chrome last version?
You can now enable Windows 11 design in Google Chrome 96
www.windowslatest.com
You can now enable Windows 11 design in Google Chrome 96
You can now enable Windows 11 design in Google Chrome 96
Chrome 96 is now available for everyone and it comes with a new experimental flag that will make the browser appear more like native apps on Windows 11. As you know, this new generation of Windows focuses on rounded corners, subtle design improvements, and Mica material (a new transparency...
www.windowslatest.com
- May 29, 2018
- 2,728
Its visual flag only , its been there for ''long'' time as far as i know & lastly there is no warning as there mostly is when it might cause problems.... so i suppose its pretty ok to turn it onIs this flag ok and safe to enable now in Google Chrome last version?
You can now enable Windows 11 design in Google Chrome 96
You can now enable Windows 11 design in Google Chrome 96
Chrome 96 is now available for everyone and it comes with a new experimental flag that will make the browser appear more like native apps on Windows 11. As you know, this new generation of Windows focuses on rounded corners, subtle design improvements, and Mica material (a new transparency...
- Jan 26, 2020
- 1,628
Update: The writer of that blog post Mayank Parmar, wrote to me that it's better to avoid that flag.
- Apr 24, 2016
- 7,233
Similar threads
