Control where security restrictions on insecure origins apply
Supported on: Microsoft Edge version 77, Windows 7 or later
Registry
Software\Policies\Microsoft\Edge Software\Policies\Microsoft\Edge Options
Software\Policies\Microsoft\Edge\OverrideSecurityRestrictionsOnInsecureOrigin Description
Specifies a list of origins (URLs) or hostname patterns (like "*.contoso.com") for which security restrictions on insecure origins don't apply. This policy allows you to specify permitted origins for legacy applications that can't deploy TLS or for internal web development staging servers. It enables developers to test features requiring secure contexts without the need to configure TLS on the staging server. Patterns are only accepted for hostnames; URLs or origins with schemes must be exact matches. This policy also prevents the origin from being labeled "Not Secure" in the omnibox. Setting a list of URLs in this policy has the same effect as setting the command-line flag '--unsafely-treat-insecure-origin-as-secure' to a comma-separated list of the same URLs. If you enable this policy, it overrides the command-line flag. For more information on secure contexts, see https://www.w3.org/TR/secure-contexts/. Example value: http://testserver.contoso.com/ *.contoso.com