Edit

Share via


HSTSPolicyBypassList

Configure the list of names that will bypass the HSTS policy check

Supported versions

  • On Windows and macOS since 79 or later

Description

Setting the policy specifies a list of hostnames that bypass preloaded HSTS upgrades from http to https.

Only single-label hostnames are allowed in this policy, and this policy only applies to static HSTS-preloaded entries (for example, "app", "new", "search", "play"). This policy does not prevent HSTS upgrades for servers that have dynamically requested HSTS upgrades using a Strict-Transport-Security response header.

Supplied hostnames must be canonicalized: Any IDNs must be converted to their A-label format, and all ASCII letters must be lowercase. This policy only applies to the specific single-label hostnames specified, not to subdomains of those names.

Supported features

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data type

  • List of strings

Windows information and settings

Group Policy (ADMX) info

  • GP unique name: HSTSPolicyBypassList
  • GP name: Configure the list of names that will bypass the HSTS policy check
  • GP path (Mandatory): Administrative Templates/Microsoft Edge
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx

Example value

meet

Registry settings

  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\HSTSPolicyBypassList
  • Path (Recommended): N/A
  • Value name: 1, 2, 3, ...
  • Value type: List of REG_SZ

Example registry value

SOFTWARE\Policies\Microsoft\Edge\HSTSPolicyBypassList\1 =

meet

Mac information and settings

  • Preference Key name: HSTSPolicyBypassList
  • Example value:
<array>
  <string>meet</string>
</array>

See also