Advice Request The best experimental flags for Microsoft Edge (edge://flags)

oldschool · Jul 16, 2020

security123 said:
#edge-de-elevate-on-launch is gone

This was integrated by default not long after the introduction of Edge Chromium so the flag was superfluous quite some time ago.

security123 said:
Same for #edge-smartscreen-evaluate-model

Not sure about this one. Maybe relevant for enterprises?

ForgottenSeer 85179 · Jul 16, 2020

oldschool said:
This was integrated by default not long after the introduction of Edge Chromium so the flag was superfluous quite some time ago.

Good to know!

Also i found this new flag:

Application Guard Prelaunch
If enabled, Microsoft Edge Application Guard will be prelaunched in the background when recently used. – Windows

#edge-wdag-prelaunch

ForgottenSeer 85179 · Aug 6, 2020

Tip: DON'T enable this flag if you watch videos in the new Chromium Edge

For a few weeks, I had a bug where I couldn't play any video content in MSEdge, and thought it was just because I was on the canary channel. I thought the bug would resolve itself, but after a while, I realized that something must be wrong as I was the only one experiencing the bug.

After thinking about it some more, and getting really fed-up that I couldn't watch videos of any sort (from Reddit, YouTube, Twitter, etc), I decided to look at the flags I had enabled to see if any of them were causing the issue, and low and behold, disabling this one did the trick.

If you like to enable flags to test new features: DON'T ENABLE THIS ONE! Something about it ruins Edge's ability to play video content, and just shows a black screen instead of the video.

If you know what it does, or you're testing the flag, power to you! Otherwise, just stay away from it.

Enjoy the new Edge experience! I'm excited to see these new vertical tabs.... Seems like an interesting idea....

#edge-mf-clear-playback-win10

Ink · Sep 8, 2020

Thread pinned. @security123

Found this interesting one exclusive to the Edge browser.

Assigns the shortcut Ctrl+K to Duplicate Tab
By default, both Ctrl+E and Ctrl+K are the shortcuts for Focus Search. If enabled, Ctrl+K is assigned to Duplicate Tab. – Windows
edge://flags/#edge-use-alternate-duplicate-tab-shortcut

oldschool · Sep 12, 2020

edge://flags/#cross-origin-opener-policy
Also available in Brave release channel.

Cross-Origin-Opener-Policy - HTTP | MDN

The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents.

developer.mozilla.org

ForgottenSeer 85179 · Oct 9, 2020

I reset #same-site-by-default-cookies because that's now default with Edge 86

SameSite=Lax Cookies By Default. To improve web security and privacy, cookies will now default to SameSite=Lax handling by default. This means that cookies will only be sent in a first-party context and will be omitted for requests sent to third-parties. This change can cause compatibility impact on websites that require cookies for third-party resources to function correctly. To permit such cookies, web developers can mark cookies which should be set from and sent to third-party contexts by adding explicit SameSite=none and Secure attributes when the cookie is set. Enterprises that wish to exempt certain sites from this change can do so using the LegacySameSiteCookieBehaviorEnabledForDomainList policy, or can opt-out of the change across all sites using the LegacySameSiteCookieBehaviorEnabled policy.

Lenny_Fox · Oct 9, 2020

Sorry just being lazy, are any of these setting now default?

#Anonymize local IPs exposed by WebRTC.
#extension-content-verification (strict)
#reduced-referrer-granularity
#disallow-doc-written-script-loads
#enable-mark-http-as (unsecure)
#enable-lazy-image-loading
#enable-lazy-frame-loading
#strict-origin-isolation
#enable-heavy-ad-intervention
#raw-clipboard (disabled)

Thanks in advance (@knowledgable members of this forum

)

ForgottenSeer 85179 · Oct 9, 2020

#Anonymize local IPs exposed by WebRTC

Not available anymore

#reduced-referrer-granularity
#enable-lazy-image-loading

available but not needed

#raw-clipboard

available, unsure about if it is good or not

#extension-content-verification (strict)
#disallow-doc-written-script-loads
#enable-mark-http-as (unsecure)
#enable-lazy-frame-loading
#strict-origin-isolation
#enable-heavy-ad-intervention

available and still important

Lenny_Fox · Oct 9, 2020

Thanks new list of enabled flags

Extension

Extension Content Verification (strict)
CORS for content scripts
Force empty CORB and CORS allowlist
Load Media Router Component Extension (disabled)

Security

Strict-Origin-Isolation
Block scripts loaded via document.write

Privacy

Heavy Ad Intervention
Heavy ad privacy mitigations

SeriousHoax · Oct 10, 2020

security123 said:
available but not needed

Any explanation on why #reduced-referrer-granularity is not needed anymore?

Lenny_Fox said:
Heavy ad privacy mitigations

Looks like according to Edge it's on by default.

ForgottenSeer 85179 · Oct 10, 2020

SeriousHoax said:
Any explanation on why #reduced-referrer-granularity is not needed anymore?

Modify the referer only result in breaking legit website stuff.
For privacy it doesn't increase anything as sites can and will use other methods to check which sites are used before. And even with that, they more care about fingerprinting

Still my opinion through

ForgottenSeer 85179 · Oct 24, 2020

#reduced-referrer-granularity is enabled by default since Chromium 85:

Chrome Platform Status

www.chromestatus.com

found on Privacy-related: Consider enabling these two Chromium flags by default. · Issue #71 · GrapheneOS/Vanadium

oldschool · Oct 24, 2020

CORS for content scripts

Force empty CORB and CORS allowlist

Manifest v3 will integrate some of these newer flags. I wonder how few I'll have enabled then?

ForgottenSeer 85179 · Nov 23, 2020

Thanks to Gandalf_The_Grey and his post i activate the new sleeping tabs feature:

Code:

Enable Sleeping Tabs
Automatically puts idle background tabs to sleep to save resources. – Mac, Windows

#edge-sleeping-tabs

silversurfer · Nov 23, 2020

Flag: Anonymize local IPs exposed by WebRTC seems to be removed even on other chromium-based browsers...

oldschool · Dec 1, 2020

silversurfer said:
Flag: Anonymize local IPs exposed by WebRTC seems to be removed even on other chromium-based browsers...

This one and some other familiar security/privacy flags have been removed or incorporated into browsers. I have only 4 or 5 in Brave and Edge.

ForgottenSeer 85179 · Dec 21, 2020

These are now gone:

Code:

#extension-content-verification
#enable-mark-http-as
#show-legacy-tls-warnings
#post-quantum-cecpq2

tsunami · Jan 16, 2021

What are your enabled flags nowadays?

SpiderWeb · Jan 18, 2021

SecurityNightmares said:
These are now gone:

Code:

#extension-content-verification #enable-mark-http-as #show-legacy-tls-warnings #post-quantum-cecpq2

You can bring them back with this flag:

Code:

#temporary-unexpire-flags-m86

ForgottenSeer 85179 · Jan 18, 2021

SpiderWeb said:
You can bring them back with this flag:

Code:

#temporary-unexpire-flags-m86

If must be a reason why they're remove these.
I also try using less as possible flags.

But thanks for this tip!

Search

Advice Request The best experimental flags for Microsoft Edge (edge://flags)

oldschool

Level 84

ForgottenSeer 85179

ForgottenSeer 85179

Ink

Administrator

oldschool

Level 84

Cross-Origin-Opener-Policy - HTTP | MDN

ForgottenSeer 85179

Lenny_Fox

Level 22

ForgottenSeer 85179

Lenny_Fox

Level 22

SeriousHoax

Level 49

ForgottenSeer 85179

ForgottenSeer 85179

Chrome Platform Status

oldschool

Level 84

ForgottenSeer 85179

silversurfer

Super Moderator

oldschool

Level 84

ForgottenSeer 85179

tsunami

Level 3

SpiderWeb

Level 13

ForgottenSeer 85179

Similar threads