Advice Request The best experimental flags for Microsoft Edge (edge://flags)

[ForgottenSeer 85179]

turn-off-streaming-media-caching
cors-for-content-scripts
are gone.

block-insecure-private-network-requests

Block insecure private network requests.

Prevents non-secure contexts from making sub-resource requests to more-private IP addresses. An IP address IP1 is more private than IP2 if 1) IP1 is localhost and IP2 is not, or 2) IP1 is private and IP2 is public. This is a first step towards full enforcement of CORS-RFC1918: CORS and RFC1918 – Mac, Windows

is new

You can bring them back with this flag:

#temporary-unexpire-flags-m86

The description already warns:

These flags will be removed soon.

 

[shukla44]

Here are my current flags in edge 89.0.774.50 stable.

Anonymize local IPs exposed by WebRTC - enabled
Smooth Scrolling - enabled
Block scripts loaded via document.write - enabled
Parallel downloading - enabled
Enable sharing page via QR Code - enabled
Strict-Origin-Isolation - enabled
SameSite by default cookies - enabled
Cookies without SameSite must be secure - enabled
Global Media Controls - enabled
Global Media Controls Picture-in-Picture - enabled

 

[TairikuOkami]

You do not really need parallel downloading, it can cause problems sometimes. Like one webpage allows only 2 downloads per IP, so I got banned for hours because of it (Cloudflare).

Heavy AD flag is obvious, but you might want to disable privacy mitigations to avoid an extra overhead, just a simple block for heavy ADs will do.

Disabled #heavy-ad-privacy-mitigations
Enabled #enable-heavy-ad-intervention

To show full URL. But it only shows https, http link can be copied/pasted then it reveals itself.

Disabled #edge-omnibox-ui-hide-steady-state-url-scheme
Disabled #edge-omnibox-ui-hide-steady-state-url-trivial-subdomains

Not sure, why hardly anyone mentions QUIC, it exists since 2015, but it sure seems to make some services run better, like YouTube.

Enabled #enable-quic

 

[HarborFront]

You do not really need parallel downloading, it can cause problems sometimes. Like one webpage allows only 2 downloads per IP, so I got banned for hours because of it (Cloudflare).

Heavy AD flag is obvious, but you might want to disable privacy mitigations to avoid an extra overhead, just a simple block for heavy ADs will do.

Disabled #heavy-ad-privacy-mitigations
Enabled #enable-heavy-ad-intervention

To show full URL. But it only shows https, http link can be copied/pasted then it reveals itself.

Disabled #edge-omnibox-ui-hide-steady-state-url-scheme
Disabled #edge-omnibox-ui-hide-steady-state-url-trivial-subdomains

Not sure, why hardly anyone mentions QUIC, it exists since 2015, but it sure seems to make some services run better, like YouTube.

Enabled #enable-quic

Yes, QUIC speeds up your browser. However, if you value your privacy keep the QUIC flag disabled

Read post #124 below

List of Interesting Experimental Flags for Google Chrome to Try Out

FI, those using the Eloston Ungoogled Chromium v81.xxxxxx the "Extensions Toolbar Menu" flag is already there. Just enable it.

malwaretips.com

 

[TairikuOkami]

Yes, QUIC speeds up your browser. However, if you value your privacy keep the QUIC flag disabled

Thanks. Disabled it is then. This paper nicely explains in.

The boffins claim that the maximum attack accuracy on QUIC is about 57 per cent, which is 73 per cent higher than on HTTPS. By using "early traffic" – the initial packets being exchanged – they claim QUIC attack accuracy can reach about 95 per cent with only 40 packets and Simple features, compared to about 60 per cent attack accuracy for HTTPS.

Google QUIC-ly left privacy behind in its quest for a speedier internet, boffins find

Promising protocol much easier to fingerprint than HTTPS

www.theregister.com

 

[Lenny_Fox]

@TairikuOkami

As I read the explanation as a non-English language speaker, you need the mitigation to prevent privacy loss when blocking heavy ads

Could a native English speaking member please comment on this?

 

[ForgottenSeer 85179]

Thanks. Disabled it is then. This paper nicely explains in.

Google QUIC-ly left privacy behind in its quest for a speedier internet, boffins find

Promising protocol much easier to fingerprint than HTTPS

www.theregister.com

HTTPS/3 is better anyway

 

[TairikuOkami]

Heavy Ad Intervention ⚖️ demo

you need the mitigation to prevent privacy loss when blocking heavy ads

I want heavy ADs blocked, I use uBlock to block tracking, it sounds like privacy mitigations are for devs, basically overthinking the process and they send reports about blocked ADs.

应对过度消耗资源的广告的干预 | Blog | Chrome for Developers

应对过度消耗资源的广告的干预

developers.google.cn

 

[shukla44]

Here are my current flags in edge 89.0.774.50 stable.

Anonymize local IPs exposed by WebRTC - enabled
Smooth Scrolling - enabled
Block scripts loaded via document.write - enabled
Parallel downloading - enabled
Enable sharing page via QR Code - enabled
Strict-Origin-Isolation - enabled
SameSite by default cookies - enabled
Cookies without SameSite must be secure - enabled
Global Media Controls - enabled
Global Media Controls Picture-in-Picture - enabled

Changes in Edge 91.0.864.37

Anonymize local IPs exposed by WebRTC - enabled
Smooth Scrolling - enabled
Block scripts loaded via document.write - enabled
Parallel downloading - enabled
Vertical tabs hide title bar - enabled
Enable sharing page via QR Code - enabled
Strict-Origin-Isolation - enabled
SameSite by default cookies - enabled
Cookies without SameSite must be secure - enabled
Global Media Controls - enabled
Global Media Controls Picture-in-Picture - enabled

 

[ForgottenSeer 85179]

Thanks to Gandalf_The_Grey i re-join the experimental flag team and disable edge-show-feature-recommendations

 

[shukla44]

Thanks to Gandalf_The_Grey i re-join the experimental flag team and disable edge-show-feature-recommendations

Does this disable the prompt to use 'recommended settings' at the start of edge?

Microsoft Edge nagging users with recommended browser settings alert

In a bid to make Microsoft Edge your default browser and Bing default search engine, it looks like Microsoft made things worse. A bug in Microsoft Edge 91 is displaying alerts for “use recommended browser settings” when users launch the updated Chromium browser on Windows 10. The “use...

www.windowslatest.com

Thanks! i disabled it too.

 

[oldschool]

Anyone using this flag? --> "Enable experimental cookie features"

My search found that it refers to features that are now default since Chrome v91, but this doesn't explain why the flag is still there.

Tips for testing and debugging SameSite-by-default and “SameSite=None; Secure” cookies

Maybe related to changes envisioned by Google? Privacy Sandbox Timeline

 

[Gandalf_The_Grey]

Love this feature:

Microsoft Edge 92 won't autoplay all media anymore by default​

Microsoft released a new stable version of its Edge web browser, Microsoft Edge 92, earlier this week. Edge 92 is a big update that introduces lots of new features for home users and Enterprise customers.

One of the changes of Edge 92 impacts autoplay content on the web. Microsoft Edge, up until now, allowed all sites to autoplay content by default. Starting in Edge 92, that is no longer the case.

Microsoft flipped the media autoplay setting to limited instead. Limited allows some content to be played automatically, but it requires that users have interacted with the site previously. If you are a regular on YouTube, YouTube videos continue to autoplay. If you visit a site for the first time, content won't autoplay as you never interacted with the site before.

Microsoft Edge 92 won't autoplay all media anymore by default - gHacks Tech News

Microsoft changed the media autoplay behavior of its Edge browser in version 92. Edge limits autoplay to sites users interacted with in the past by default now.

www.ghacks.net

 

[silversurfer]

Love this feature:

Microsoft Edge 92 won't autoplay all media anymore by default​

Microsoft Edge 92 won't autoplay all media anymore by default - gHacks Tech News

Microsoft changed the media autoplay behavior of its Edge browser in version 92. Edge limits autoplay to sites users interacted with in the past by default now.

www.ghacks.net

Maybe even interesting for other users. I have been always chosen "block", it's the 3rd option for media autoplay, but need to be enabled manually as "flag"

edge://flags/#edge-autoplay-user-setting-block-option

 

[qua3k]

Yes, QUIC speeds up your browser. However, if you value your privacy keep the QUIC flag disabled

Read post #124 below

List of Interesting Experimental Flags for Google Chrome to Try Out

FI, those using the Eloston Ungoogled Chromium v81.xxxxxx the "Extensions Toolbar Menu" flag is already there. Just enable it.

malwaretips.com

Suggest not disabling HTTP/3(QUIC). It’s enabled by default in every major browser except Safari, and while it does present tracking opportunities(HTTP/2 also presents some concerns; you shouldn’t disable it either), disabling it only serves to make you more unique as one of the only users on the latest browser version but w/o QUIC enabled.

 

[Zorro]

What flags do you recommend to enable / disable in the latest current version of the browser (version 95)?

 

[ForgottenSeer 92963]

I have set the flags below and did not encounter website breakage (until now), but as always mileage may vary, so use at your own risk!

Spoiler: Edge flags

 

[oldschool]

What flags do you recommend to enable / disable in the latest current version of the browser (version 95)?

Same as @Kees1958 plus

Show block option in autoplay settings
If enabled, block will appear as an option in media autoplay settings.

Experimental Tracking Prevention Features
Enables upcoming and experimental improvements to Tracking Prevention.

 

[TairikuOkami]

What flags do you recommend to enable / disable in the latest current version of the browser (version 95)?

 Disabled #heavy-ad-privacy-mitigations
 Disabled #edge-omnibox-ui-hide-steady-state-url-scheme (to be able to see the full URL)
 Disabled #edge-omnibox-ui-hide-steady-state-url-trivial-subdomains (to be able to see the full URL)
 Disabled #edge-share-menu
 Disabled #edge-show-feature-recommendations (it asks you to use Bing)
 Disabled #enable-quic (Google spying)
 Disabled #tab-hover-cards (I find it annoying)

 Enabled #block-insecure-private-network-requests
 Enabled #disallow-doc-written-script-loads
 Enabled #edge-automatic-https
 Enabled #edge-enable-super-duper-secure-mode
 Enabled #edge-pc-ui-integration (Windows 11 only)
 Enabled #strict-extension-isolation

 

[ForgottenSeer 92963]

I have a bit difficulty in interpreting deterministic in this context, maybe someone with better English understanding could explain

##heavy-ad-privacy-mitigations
Enables privacy mitigations for the heavy ad intervention. Disabling this makes the intervention deterministic. Defaults to enabled.