Advice Request The best experimental flags for Microsoft Edge (edge://flags)

[ForgottenSeer 85179]

As we have only threads for other browser flags, i think it's time to create one for new Chromium-Edge

Here are my flags for my Version 80.0.361.66 (Offizielles Build) (64-Bit) (Stable):

# Anonymize local IPs exposed by WebRTC: Enabled
# Extension Content Verification: Enforce Strict
# Reduce default 'referer' header granularity: Enabled
# Load Media Router Component Extension: Disabled
# Connect to Cast devices on all IP addresses: Disabled
# Block scripts loaded via document.write: Enabled
# Parallel downloading: Enabled
# Mark non-secure origins as non-secure: Enabled (mark as active dangerous)
# Enable GPU AppContainer Lockdown: Enabled
# Treat risky downloads over insecure connections as active mixed content: Enabled
# De-elevate browser on launch: Enabled
# Enable IE Integration: Disabled
# Strict-Origin-Isolation: Enabled
# SameSite by default cookie: Enabled
# Cookies without SameSite must be secure: Enabled
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Now, you

 

[Sampei Nihira]

You add:

Microsoft Edge tracking prevention
Secure DNS lookups

 

[ForgottenSeer 85179]

You add:

Microsoft Edge tracking prevention

To Enabled i guess

Secure DNS lookups

Only needed if system DNS is insecure
This would circumvent my PiHole.

I also found:
Blockable mixed content switch as site setting
(Removes the blockable mixed content shield, and adds an 'Insecure Content' site setting to allow blockable mixed content)

Edit:
And thanks to the tracking prevention suggestion i also found:
Experimental Tracking Prevention Features
(Enables upcoming and experimental improvements to Tracking Prevention)

 

[Sampei Nihira]

You don't have to enable it:

Removes the blockable mixed content shield, and adds an 'Insecure Content' site setting to allow blockable mixed content

P.S. Obviously I don't use Chromium / Edge I write it for the benefit of others.

 

[ForgottenSeer 85179]

You don't have to enable it:

Removes the blockable mixed content shield, and adds an 'Insecure Content' site setting to allow blockable mixed content

P.S. Obviously I don't use Chromium / Edge I write it for the benefit of others.

Okay.

I add these to mainpost:
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Also i found:
# Microsoft Defender SmartScreen AppRep support:
(Enable Microsoft Defender SmartScreen AppRep support)

# Enable SmartScreen Model Evaluation:
(If enabled, Microsoft Defender SmartScreen may collect information about sites you visit to evaluate their reputation)

But i'm not sure if these are required or good for privacy. Also we have already SmartScreen.
@Andy_Ful: What you mean?

 

[oldschool]

Okay.

I add these to mainpost:
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Also i found:
# Microsoft Defender SmartScreen AppRep support:
(Enable Microsoft Defender SmartScreen AppRep support)

# Enable SmartScreen Model Evaluation:
(If enabled, Microsoft Defender SmartScreen may collect information about sites you visit to evaluate their reputation)

But i'm not sure if these are required or good for privacy. Also we have already SmartScreen.
@Andy_Ful: What you mean?

Available by default in settings: #1, #3,

#2 appears to do nothing. Maybe something in the future?

#4, I don't know what it does. ???

#5 It's already in settings. Will lower your privacy if enabled.

 

[Andy Ful]

Okay.

I add these to mainpost:
# Microsoft Edge tracking prevention: Enabled
# Experimental Tracking Prevention Features: Enabled
# Potentially unwanted app protection: Enabled

Also i found:
# Microsoft Defender SmartScreen AppRep support:
(Enable Microsoft Defender SmartScreen AppRep support)

# Enable SmartScreen Model Evaluation:
(If enabled, Microsoft Defender SmartScreen may collect information about sites you visit to evaluate their reputation)

But i'm not sure if these are required or good for privacy. Also we have already SmartScreen.
@Andy_Ful: What you mean?

I disabled # Enable SmartScreen Model Evaluation - it is not required. Others can be set via : Settings >> Privacy and services.
There are also Windows Policies to set these (and many other) restrictions for Edge Chromium, but they do not work on Windows Pro, so far.
The Edge Chromium SmartScreen settings for the current user can be set via reg tweaks.

 

[ForgottenSeer 85179]

With Edge 82, TLS Post-Quantum Confidentiality is available in edge://flags

This option enables a post-quantum (i.e. resistent to quantum computers) key exchange algorithm in TLS (CECPQ2). – Mac, Windows #post-quantum-cecpq2

New feature in Microsoft Edge: TLS Post-Quantum Confidentiality

To get familiar with it, here are 2 articles Towards Post-Quantum Cryptography in TLShttps://blog.cloudflare.com/towards-post-quantum-cryptography-in-tls/ Post-..

techcommunity.microsoft.com

 

[ForgottenSeer 85179]

With actually Edge 81 the following setting disappear:
#enable-gpu-appcontainer

New:
#show-legacy-tls-warnings
#passive-mixed-content-warning

 

[ForgottenSeer 85179]

The setting "Treat risky downloads over insecure connections as active mixed content"
(#treat-unsafe-downloads-as-active-content)
no longer break Edge extension store

 

[ForgottenSeer 85179]

Edge 84 will get the following new flag:
#sharing-qr-code-generator

That provide a „Enable sharing page via QR Code“ feature:

(found that on german site QR Code im Microsoft Edge aktivieren und nutzen)

 

[Lenny_Fox]

Edge flags currently enabled:

#enable-webrtc-hide-local-ips-with-mdns
#extension-content-verification (strict)
#reduced-referrer-granularity
#load-media-router-component-extension (disabled)
#media-router-cast-allow-all-ips (disabled)
#disallow-doc-written-script-loads
#enable-parallel-downloading
#enable-lazy-image-loading (enabled)
#enable-lazy-frame-loading (enabled)
#treat-unsafe-downloads-as-active-content
#edge-de-elevate-on-launch [this is a great feature IMO]
#edge-internet-explorer-integration (disabled)
#strict-origin-isolation
#same-site-by-default-cookies
#cookies-without-same-site-must-be-secure

Using AdGuard extension instead of SmartScreen and Anti-tracking (because of privacy/granularity reasons) otherwise this would be a near copy of @security123 's flag selection

 

[cryogent]

My Edge Dev (84.0.488.1 ) flags:

Enabled
#enable-webrtc-hide-local-ips-with-mdns
#smooth-scrolling
#enable-gpu-rasterization
#extension-content-verification - Enforce Strict
#reduced-referrer-granularity
#disallow-doc-written-script-loads
#post-quantum-cecpq2
#enable-parallel-downloading
#treat-unsafe-downloads-as-active-content
#edge-de-elevate-on-launch
#edge-experimental-tracking-prevention-features
#edge-smartscreen-apprep
#edge-smartscreen-pua
#edge-tracking-prevention
#strict-origin-isolation
#same-site-by-default-cookies
#cookies-without-same-site-must-be-secure
#turn-off-streaming-media-caching
#dns-over-https
#show-legacy-tls-warnings

Disabled
#media-router-cast-allow-all-ips
#load-media-router-component-extension

 

[SeriousHoax]

#enable-gpu-rasterization

I see that there's 4 more flags related to rasterization. Does anyone have more details on this? Any performance improvements by using this flags?

 

[oldschool]

I see that there's 4 more flags related to rasterization. Does anyone have more details on this? Any performance improvements by using this flags?

Haven't tried them.

 

[oldschool]

New ones I'm using:

CORS for content scripts
Changes to Cross-Origin Requests in Chrome Extension Content Scripts - The Chromium Projects

Freeze User-Agent request header
Google Groups

Flags come and go, so it's wise not to become attached to them.

 

[ForgottenSeer 85179]

Freeze User-Agent request header
Google Groups

I test it with useragent at DuckDuckGo and the result is:

before:

Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

after:

Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

So i wait until it's finished as this state would only produce false warnings because of outdated browser version

 

[HarborFront]

I test it with useragent at DuckDuckGo and the result is:

before:

Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Edg/83.0.478.45
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

after:

Your user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
Other HTTP headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Host: duckduckgo.com
Referer: https://duckduckgo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36 Edg/75.0.131.0
DNT: 1
SEC-FETCH-DEST: document
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-origin
SEC-FETCH-USER: ?1
UPGRADE-INSECURE-REQUESTS: 1

So i wait until it's finished as this state would only produce false warnings because of outdated browser version

With this flag I removed Random User-Agent extension. One extension less in Brave/Ungoogled Chromium browsers

 

[ForgottenSeer 85179]

In the Edge flag thread Andy already answer it as I ask before and he disable it.
But you should enable PUA - which also can be enabled from Defender settings

 

[ForgottenSeer 85179]

#legacy-tls-enforced isn't needed any more as with curent Edge 74 TLS 1.0 & 1.1 are disabled by default.
Can be tested on SSLabs

Edit:
#edge-de-elevate-on-launch is gone
Same for #edge-smartscreen-evaluate-model
and #passive-mixed-content-warning