Advice Request The best experimental flags for Microsoft Edge (edge://flags)

  • Thread starter ForgottenSeer 85179
  • Start date

Please provide comments and solutions that are helpful to the author of this topic.

F

ForgottenSeer 85179

Thread author
turn-off-streaming-media-caching
cors-for-content-scripts
are gone.

block-insecure-private-network-requests
Block insecure private network requests.

Prevents non-secure contexts from making sub-resource requests to more-private IP addresses. An IP address IP1 is more private than IP2 if 1) IP1 is localhost and IP2 is not, or 2) IP1 is private and IP2 is public. This is a first step towards full enforcement of CORS-RFC1918: CORS and RFC1918 – Mac, Windows
is new

You can bring them back with this flag:
Code:
#temporary-unexpire-flags-m86
The description already warns:
These flags will be removed soon.
 

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
Here are my current flags in edge 89.0.774.50 stable.

Anonymize local IPs exposed by WebRTC - enabled
Smooth Scrolling - enabled
Block scripts loaded via document.write - enabled
Parallel downloading - enabled
Enable sharing page via QR Code - enabled
Strict-Origin-Isolation - enabled
SameSite by default cookies - enabled
Cookies without SameSite must be secure - enabled
Global Media Controls - enabled
Global Media Controls Picture-in-Picture - enabled
 

TairikuOkami

Level 36
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,515
You do not really need parallel downloading, it can cause problems sometimes. Like one webpage allows only 2 downloads per IP, so I got banned for hours because of it (Cloudflare).

Heavy AD flag is obvious, but you might want to disable privacy mitigations to avoid an extra overhead, just a simple block for heavy ADs will do.
Code:
Disabled #heavy-ad-privacy-mitigations
Enabled #enable-heavy-ad-intervention

To show full URL. But it only shows https, http link can be copied/pasted then it reveals itself.
Code:
Disabled #edge-omnibox-ui-hide-steady-state-url-scheme
Disabled #edge-omnibox-ui-hide-steady-state-url-trivial-subdomains
Not sure, why hardly anyone mentions QUIC, it exists since 2015, but it sure seems to make some services run better, like YouTube.
Code:
Enabled #enable-quic
 

Attachments

  • capture_04302021_235752.jpg
    capture_04302021_235752.jpg
    126.9 KB · Views: 443

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,040
You do not really need parallel downloading, it can cause problems sometimes. Like one webpage allows only 2 downloads per IP, so I got banned for hours because of it (Cloudflare).

Heavy AD flag is obvious, but you might want to disable privacy mitigations to avoid an extra overhead, just a simple block for heavy ADs will do.
Code:
Disabled #heavy-ad-privacy-mitigations
Enabled #enable-heavy-ad-intervention

To show full URL. But it only shows https, http link can be copied/pasted then it reveals itself.
Code:
Disabled #edge-omnibox-ui-hide-steady-state-url-scheme
Disabled #edge-omnibox-ui-hide-steady-state-url-trivial-subdomains
Not sure, why hardly anyone mentions QUIC, it exists since 2015, but it sure seems to make some services run better, like YouTube.
Code:
Enabled #enable-quic
Yes, QUIC speeds up your browser. However, if you value your privacy keep the QUIC flag disabled

Read post #124 below

 

TairikuOkami

Level 36
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,515
Yes, QUIC speeds up your browser. However, if you value your privacy keep the QUIC flag disabled
Thanks. Disabled it is then. This paper nicely explains in.
The boffins claim that the maximum attack accuracy on QUIC is about 57 per cent, which is 73 per cent higher than on HTTPS. By using "early traffic" – the initial packets being exchanged – they claim QUIC attack accuracy can reach about 95 per cent with only 40 packets and Simple features, compared to about 60 per cent attack accuracy for HTTPS.
 

TairikuOkami

Level 36
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,515

Attachments

  • capture_05012021_093338.jpg
    capture_05012021_093338.jpg
    84.1 KB · Views: 429

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
Here are my current flags in edge 89.0.774.50 stable.

Anonymize local IPs exposed by WebRTC - enabled
Smooth Scrolling - enabled
Block scripts loaded via document.write - enabled
Parallel downloading - enabled
Enable sharing page via QR Code - enabled
Strict-Origin-Isolation - enabled
SameSite by default cookies - enabled
Cookies without SameSite must be secure - enabled
Global Media Controls - enabled
Global Media Controls Picture-in-Picture - enabled
Changes in Edge 91.0.864.37

Anonymize local IPs exposed by WebRTC - enabled
Smooth Scrolling - enabled
Block scripts loaded via document.write - enabled
Parallel downloading - enabled
Vertical tabs hide title bar - enabled
Enable sharing page via QR Code - enabled
Strict-Origin-Isolation - enabled
SameSite by default cookies - enabled
Cookies without SameSite must be secure - enabled

Global Media Controls - enabled
Global Media Controls Picture-in-Picture - enabled
 

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
Thanks to Gandalf_The_Grey i re-join the experimental flag team and disable edge-show-feature-recommendations
Does this disable the prompt to use 'recommended settings' at the start of edge?


Thanks! i disabled it too.
 

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,147
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,688
Love this feature:

Microsoft Edge 92 won't autoplay all media anymore by default​

Microsoft released a new stable version of its Edge web browser, Microsoft Edge 92, earlier this week. Edge 92 is a big update that introduces lots of new features for home users and Enterprise customers.

One of the changes of Edge 92 impacts autoplay content on the web. Microsoft Edge, up until now, allowed all sites to autoplay content by default. Starting in Edge 92, that is no longer the case.

Microsoft flipped the media autoplay setting to limited instead. Limited allows some content to be played automatically, but it requires that users have interacted with the site previously. If you are a regular on YouTube, YouTube videos continue to autoplay. If you visit a site for the first time, content won't autoplay as you never interacted with the site before.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,300
Love this feature:

Microsoft Edge 92 won't autoplay all media anymore by default​



Maybe even interesting for other users. I have been always chosen "block", it's the 3rd option for media autoplay, but need to be enabled manually as "flag"
edge://flags/#edge-autoplay-user-setting-block-option
 

qua3k

Level 1
Jul 18, 2021
19
Yes, QUIC speeds up your browser. However, if you value your privacy keep the QUIC flag disabled

Read post #124 below

Suggest not disabling HTTP/3(QUIC). It’s enabled by default in every major browser except Safari, and while it does present tracking opportunities(HTTP/2 also presents some concerns; you shouldn’t disable it either), disabling it only serves to make you more unique as one of the only users on the latest browser version but w/o QUIC enabled.
 

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
404
What flags do you recommend to enable / disable in the latest current version of the browser (version 95)?
 
  • Like
Reactions: oldschool

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,147
What flags do you recommend to enable / disable in the latest current version of the browser (version 95)?
Same as @Kees1958 plus
Code:
Show block option in autoplay settings
If enabled, block will appear as an option in media autoplay settings.
Code:
Experimental Tracking Prevention Features
Enables upcoming and experimental improvements to Tracking Prevention.
 

TairikuOkami

Level 36
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,515
What flags do you recommend to enable / disable in the latest current version of the browser (version 95)?
Code:
 Disabled #heavy-ad-privacy-mitigations
 Disabled #edge-omnibox-ui-hide-steady-state-url-scheme (to be able to see the full URL)
 Disabled #edge-omnibox-ui-hide-steady-state-url-trivial-subdomains (to be able to see the full URL)
 Disabled #edge-share-menu
 Disabled #edge-show-feature-recommendations (it asks you to use Bing)
 Disabled #enable-quic (Google spying)
 Disabled #tab-hover-cards (I find it annoying)

 Enabled #block-insecure-private-network-requests
 Enabled #disallow-doc-written-script-loads
 Enabled #edge-automatic-https
 Enabled #edge-enable-super-duper-secure-mode
 Enabled #edge-pc-ui-integration (Windows 11 only)
 Enabled #strict-extension-isolation
 
F

ForgottenSeer 92963

Thread author
I have a bit difficulty in interpreting deterministic in this context, maybe someone with better English understanding could explain

##heavy-ad-privacy-mitigations
Enables privacy mitigations for the heavy ad intervention. Disabling this makes the intervention deterministic. Defaults to enabled.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top