Chrome Settings json code

{

"pfm_app_url": "https://enterprise.google.com/chrome/chrome-browser/",

"pfm_description": "Google Chrome Managed Settings",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/",

"pfm_domain": "com.google.Chrome",

"pfm_format_version": 1,

"pfm_interaction": "combined",

"pfm_last_modified": "Thu Dec 23 2021 11:31:31 GMT+1100 (AEDT)",

"pfm_platforms": ["macOS"],

"pfm_subkeys": [

{

"pfm_default": "Configures Google Chrome settings",

"pfm_description": "Description of the payload.",

"pfm_description_reference": "Optional. A human-readable description of this payload. This description is shown on the Detail screen.",

"pfm_name": "PayloadDescription",

"pfm_title": "Payload Description",

"pfm_type": "string"

},

{

"pfm_default": "Google Chrome",

"pfm_description": "Name of the payload.",

"pfm_description_reference": "A human-readable name for the profile payload. This name is displayed on the Detail screen. It does not have to be unique.",

"pfm_name": "PayloadDisplayName",

"pfm_require": "always",

"pfm_title": "Payload Display Name",

"pfm_type": "string"

},

{

"pfm_default": "com.google.Chrome",

"pfm_description": "A unique identifier for the payload, dot-delimited. Usually root PayloadIdentifier+subidentifier.",

"pfm_description_reference": "A reverse-DNS-style identifier for the specific payload. It is usually the same identifier as the root-level PayloadIdentifier value with an additional component appended.",

"pfm_name": "PayloadIdentifier",

"pfm_require": "always",

"pfm_title": "Payload Identifier",

"pfm_type": "string"

},

{

"pfm_default": "com.google.Chrome",

"pfm_description": "The type of the payload, a reverse dns string.",

"pfm_description_reference": "The payload type.",

"pfm_name": "PayloadType",

"pfm_require": "always",

"pfm_title": "Payload Type",

"pfm_type": "string"

},

{

"pfm_default": "",

"pfm_description": "Unique identifier for the payload (format 01234567-89AB-CDEF-0123-456789ABCDEF).",

"pfm_description_reference": "A globally unique identifier for the payload. The actual content is unimportant, but it must be globally unique. In macOS, you can use uuidgen to generate reasonable UUIDs.",

"pfm_format": "^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$",

"pfm_name": "PayloadUUID",

"pfm_require": "always",

"pfm_title": "Payload UUID",

"pfm_type": "string"

},

{

"pfm_default": 1,

"pfm_description": "The version of the whole configuration profile.",

"pfm_description_reference": "The version number of the individual payload. A profile can consist of payloads with different version numbers. For example, changes to the VPN software in iOS might introduce a new payload version to support additional features, but Mail payload versions would not necessarily change in the same release.",

"pfm_name": "PayloadVersion",

"pfm_require": "always",

"pfm_title": "Payload Version",

"pfm_type": "integer"

},

{

"pfm_description": "This value describes the issuing organization of the profile, as displayed to the user.",

"pfm_description_reference": "Optional. A human-readable string containing the name of the organization that provided the profile. The payload organization for a payload need not match the payload organization in the enclosing profile.",

"pfm_name": "PayloadOrganization",

"pfm_title": "Payload Organization",

"pfm_type": "string"

},

{

"pfm_name": "PFC_SegmentedControl_0",

"pfm_range_list_titles": ["Cloud Reporting", "Content Settings", "Default Search Provider", "Extensions", "Google Cast", "HTTP Authentication", "Legacy Browser Support", "Misc.", "Native Messaging", "Password Manager", "Printing", "Proxy Server", "Remote Access", "Safe Browsing Settings", "Startup, Home & New Tab Page"],

"pfm_require": "always",

"pfm_segments":

{

"Cloud Reporting": ["CloudExtensionRequestEnabled", "CloudReportingEnabled", "ReportSafeBrowsingData"],

"Content Settings": ["PFC_SegmentedControl_ContentSettings", "AutoSelectCertificateForUrls", "CookiesAllowedForUrls", "CookiesBlockedForUrls", "CookiesSessionOnlyForUrls", "DefaultCookiesSetting", "DefaultGeolocationSetting", "DefaultImagesSetting", "DefaultInsecureContentSetting", "DefaultJavaScriptSetting", "DefaultMediaStreamSetting", "DefaultNotificationsSetting", "DefaultPluginsSetting", "DefaultPopupsSetting", "DefaultWebBluetoothGuardSetting", "DefaultWebUsbGuardSetting", "ImagesAllowedForUrls", "ImagesBlockedForUrls", "InsecureContentAllowedForUrls", "InsecureContentBlockedForUrls", "JavaScriptAllowedForUrls", "JavaScriptBlockedForUrls", "LegacySameSiteCookieBehaviorEnabled", "LegacySameSiteCookieBehaviorEnabledForDomainList", "NotificationsAllowedForUrls", "NotificationsBlockedForUrls", "PluginsAllowedForUrls", "PluginsBlockedForUrls", "PopupsAllowedForUrls", "PopupsBlockedForUrls", "RegisteredProtocolHandlers", "WebDriverOverridesIncompatiblePolicies", "WebUsbAllowDevicesForUrls", "WebUsbAskForUrls", "WebUsbBlockedForUrls"],

"Default Search Provider": ["DefaultSearchProviderAlternateURLs", "DefaultSearchProviderEnabled", "DefaultSearchProviderEncodings", "DefaultSearchProviderIconURL", "DefaultSearchProviderImageURL", "DefaultSearchProviderImageURLPostParams", "DefaultSearchProviderKeyword", "DefaultSearchProviderName", "DefaultSearchProviderNewTabURL", "DefaultSearchProviderSearchURL", "DefaultSearchProviderSearchURLPostParams", "DefaultSearchProviderSuggestURL", "DefaultSearchProviderSuggestURLPostParams"],

"Extensions": ["BlockExternalExtensions", "ExtensionAllowInsecureUpdates", "ExtensionAllowedTypes", "ExtensionInstallAllowlist", "ExtensionInstallBlacklist", "ExtensionInstallBlocklist", "ExtensionInstallForcelist", "ExtensionInstallSources", "ExtensionInstallWhitelist", "ExtensionSettings"],

"Google Cast": ["EnableMediaRouter", "ShowCastIconInToolbar"],

"HTTP Authentication": ["AllowCrossOriginAuthPrompt", "AuthNegotiateDelegateAllowlist", "AuthNegotiateDelegateByKdcPolicy", "AuthNegotiateDelegateWhitelist", "AuthSchemes", "AuthServerAllowlist", "AuthServerWhitelist", "BasicAuthOverHttpEnabled", "DisableAuthNegotiateCnameLookup", "EnableAuthNegotiatePort", "NtlmV2Enabled"],

"Legacy Browser Support": ["AlternativeBrowserParameters", "AlternativeBrowserPath", "BrowserSwitcherDelay", "BrowserSwitcherEnabled", "BrowserSwitcherExternalGreylistUrl", "BrowserSwitcherExternalSitelistUrl", "BrowserSwitcherKeepLastChromeTab", "BrowserSwitcherUrlGreylist", "BrowserSwitcherUrlList"],

"Misc.": ["AbusiveExperienceInterventionEnforce", "AccessibilityImageLabelsEnabled", "AdsSettingForIntrusiveAdsSites", "AdvancedProtectionAllowed", "AdvancedProtectionDeepScanningEnabled", "AllowDeletingBrowserHistory", "AllowDinosaurEasterEgg", "AllowFileSelectionDialogs", "AllowOutdatedPlugins", "AllowPopupsDuringPageUnload", "AllowSyncXHRInPageDismissal", "AllowedDomainsForApps", "AlternateErrorPagesEnabled", "AlwaysOpenPdfExternally", "AmbientAuthenticationInPrivateModesEnabled", "AppCacheForceEnabled", "AudioCaptureAllowed", "AudioCaptureAllowedUrls", "AudioSandboxEnabled", "AutoFillEnabled", "AutoLaunchProtocolsFromOrigins", "AutoOpenAllowedForURLs", "AutoOpenFileTypes", "AutofillAddressEnabled", "AutofillCreditCardEnabled", "AutoplayAllowed", "AutoplayAllowlist", "AutoplayWhitelist", "BlockThirdPartyCookies", "BookmarkBarEnabled", "BrowserAddPersonEnabled", "BrowserGuestModeEnabled", "BrowserGuestModeEnforced", "BrowserNetworkTimeQueriesEnabled", "BrowserSignin", "BuiltInDnsClientEnabled", "BuiltinCertificateVerifierEnabled", "CertificateTransparencyEnforcementDisabledForCas", "CertificateTransparencyEnforcementDisabledForLegacyCas", "CertificateTransparencyEnforcementDisabledForUrls", "ChromeVariations", "ClickToCallEnabled", "CloudManagementEnrollmentMandatory", "CloudManagementEnrollmentToken", "CloudPolicyOverridesPlatformPolicy", "CommandLineFlagSecurityWarningsEnabled", "ComponentUpdatesEnabled", "CorsLegacyModeEnabled", "CorsMitigationList", "DNSInterceptionChecksEnabled", "DefaultBrowserSettingEnabled", "DefaultDownloadDirectory", "DefaultSearchProviderContextMenuAccessAllowed", "DeveloperToolsAvailability", "DeveloperToolsDisabled", "Disable3DAPIs", "DisableSafeBrowsingProceedAnyway", "DisableScreenshots", "DisabledPlugins", "DisabledPluginsExceptions", "DisabledSchemes", "DiskCacheDir", "DiskCacheSize", "DnsOverHttpsMode", "DnsOverHttpsTemplates", "DownloadDirectory", "DownloadRestrictions", "EditBookmarksEnabled", "EnableDeprecatedWebPlatformFeatures", "EnableExperimentalPolicies", "EnableOnlineRevocationChecks", "EnabledPlugins", "EnterpriseHardwarePlatformAPIEnabled", "EnterpriseRealTimeUrlCheckMode", "ExternalProtocolDialogShowAlwaysOpenCheckbox", "ForceBrowserSignin", "ForceEphemeralProfiles", "ForceGoogleSafeSearch", "ForceLegacyDefaultReferrerPolicy", "ForceSafeSearch", "ForceYouTubeRestrict", "ForceYouTubeSafetyMode", "GloballyScopeHTTPAuthCacheEnabled", "HSTSPolicyBypassList", "HardwareAccelerationModeEnabled", "HideWebStoreIcon", "Http09OnNonDefaultPortsEnabled", "ImportAutofillFormData", "ImportBookmarks", "ImportHistory", "ImportHomepage", "ImportSavedPasswords", "ImportSearchEngine", "IncognitoEnabled", "IncognitoModeAvailability", "IntensiveWakeUpThrottlingEnabled", "IsolateOrigins", "JavascriptEnabled", "LocalDiscoveryEnabled", "LookalikeWarningAllowlistDomains", "MachineLevelUserCloudPolicyEnrollmentToken", "ManagedBookmarks", "MaxConnectionsPerProxy", "MaxInvalidationFetchDelay", "MediaRecommendationsEnabled", "MediaRouterCastAllowAllIPs", "MetricsReportingEnabled", "NTPCardsVisible", "NTPCustomBackgroundEnabled", "NetworkPredictionOptions", "OverrideSecurityRestrictionsOnInsecureOrigin", "PaymentMethodQueryEnabled", "PolicyAtomicGroupsEnabled", "PolicyDictionaryMultipleSourceMergeList", "PolicyListMultipleSourceMergeList", "PolicyRefreshRate", "ProfilePickerOnStartupAvailability", "PromotionalTabsEnabled", "PromptForDownloadLocation", "ProxySettings", "QuicAllowed", "RelaunchNotification", "RelaunchNotificationPeriod", "RestrictSigninToPattern", "RunAllFlashInAllowMode", "SSLErrorOverrideAllowed", "SSLVersionMin", "SafeSitesFilterBehavior", "SavingBrowserHistoryDisabled", "ScreenCaptureAllowed", "ScrollToTextFragmentEnabled", "SearchSuggestEnabled", "SecurityKeyPermitAttestation", "SharedClipboardEnabled", "ShowAppsShortcutInBookmarkBar", "ShowFullUrlsInAddressBar", "SignedHTTPExchangeEnabled", "SigninAllowed", "SigninInterceptionEnabled", "SitePerProcess", "SpellCheckServiceEnabled", "SpellcheckEnabled", "StricterMixedContentTreatmentEnabled", "SuppressUnsupportedOSWarning", "SyncDisabled", "SyncTypesListDisabled", "TLS13HardeningForLocalAnchorsEnabled", "TargetBlankImpliesNoOpener", "TaskManagerEndProcessEnabled", "TotalMemoryLimitMb", "TranslateEnabled", "URLAllowlist", "URLBlacklist", "URLBlocklist", "URLWhitelist", "UnsafelyTreatInsecureOriginAsSecure", "UrlKeyedAnonymizedDataCollectionEnabled", "UserAgentClientHintsEnabled", "UserDataDir", "UserDataSnapshotRetentionLimit", "UserFeedbackAllowed", "VideoCaptureAllowed", "VideoCaptureAllowedUrls", "WPADQuickCheckEnabled", "WebAppInstallForceList", "WebComponentsV0Enabled", "WebDriverOverridesIncompatiblePolicies", "WebRtcAllowLegacyTLSProtocols", "WebRtcEventLogCollectionAllowed", "WebRtcLocalIpsAllowedUrls", "WebRtcUdpPortRange"],

"Native Messaging": ["NativeMessagingAllowlist", "NativeMessagingBlacklist", "NativeMessagingBlocklist", "NativeMessagingUserLevelHosts", "NativeMessagingWhitelist"],

"Password Manager": ["PasswordLeakDetectionEnabled", "PasswordManagerEnabled"],

"Printing": ["CloudPrintProxyEnabled", "CloudPrintSubmitEnabled", "DefaultPrinterSelection", "DisablePrintPreview", "PrintHeaderFooter", "PrintPreviewUseSystemDefaultPrinter", "PrinterTypeDenyList", "PrintingAllowedBackgroundGraphicsModes", "PrintingBackgroundGraphicsDefault", "PrintingEnabled", "PrinterPaperSizeDefault"],

"Proxy Server": ["ProxyBypassList", "ProxyMode", "ProxyPacUrl", "ProxyServer", "ProxyServerMode"],

"Remote Access": ["RemoteAccessHostAllowClientPairing", "RemoteAccessHostAllowFileTransfer", "RemoteAccessHostAllowGnubbyAuth", "RemoteAccessHostAllowRelayedConnection", "RemoteAccessHostClientDomain", "RemoteAccessHostClientDomainList", "RemoteAccessHostDomain", "RemoteAccessHostDomainList", "RemoteAccessHostFirewallTraversal", "RemoteAccessHostMatchUsername", "RemoteAccessHostRequireCurtain", "RemoteAccessHostTalkGadgetPrefix", "RemoteAccessHostTokenUrl", "RemoteAccessHostTokenValidationCertificateIssuer", "RemoteAccessHostTokenValidationUrl", "RemoteAccessHostUdpPortRange"],

"Safe Browsing Settings": ["PasswordProtectionChangePasswordURL", "PasswordProtectionLoginURLs", "PasswordProtectionWarningTrigger", "SafeBrowsingAllowlistDomains", "SafeBrowsingEnabled", "SafeBrowsingExtendedReportingEnabled", "SafeBrowsingExtendedReportingOptInAllowed", "SafeBrowsingProtectionLevel", "SafeBrowsingWhitelistDomains"],

"Startup, Home & New Tab Page": ["HomepageIsNewTabPage", "HomepageLocation", "NewTabPageLocation", "RestoreOnStartup", "RestoreOnStartupURLs", "ShowHomeButton"]

},

"pfm_type": "string"

}, null,

{

"pfm_app_min": "72",

"pfm_description": "Enables Google Chrome cloud reporting. When this policy is left unset or set to False, there is no data collected or uploaded. When this policy is set to True, the data is collected and uploaded to Google Admin console.",

"pfm_description_reference": "This policy controls Google Chrome cloud reporting which uploads information about the browser operation to Google Admin console.\n\nWhen this policy is left unset or set to False, there is no data collected or uploaded. When this policy is set to True, the data is collected and uploaded to Google Admin console.\n\nFor Google Chrome, this policy is only effective when the machine is enrolled with CloudManagementEnrollmentToken. For Google Chrome OS, this policy is always effective.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CloudReportingEnabled",

"pfm_name": "CloudReportingEnabled",

"pfm_note": "For Google Chrome, this policy is only effective when the machine is enrolled with CloudManagementEnrollmentToken.",

"pfm_title": "Enable Cloud Reporting",

"pfm_type": "boolean"

},

{

"pfm_app_min": "85",

"pfm_description": "Enables Google Chrome extension installation requests. When the policy CloudReportingEnabled is left unset or set to disabled, this policy will be ignored, extension installation requests are not created or uploaded. When this policy is left unset or set to disabled, extension installation requests are not created or uploaded. When this policy is set to enabled, extension installation requests are created and uploaded to Google Admin console.",

"pfm_description_reference": "This policy controls Google Chrome extension installation requests which allows users to send the requests to the Google Admin console for approval.\n\nWhen the policy CloudReportingEnabled is left unset or set to disabled, this policy will be ignored, extension installation requests are not created or uploaded. When this policy is left unset or set to disabled, extension installation requests are not created or uploaded. When this policy is set to enabled, extension installation requests are created and uploaded to Google Admin console.\n\nExtension installation requests are created when users try to install an extension that is not whitelisted by ExtesionInstallWhitelist or ExtensionSettings.\n\nThis policy is only effective when the machine is enrolled with CloudManagementEnrollmentToken for Google Chrome. This policy is always effective for Google Chrome OS.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CloudExtensionRequestEnabled",

"pfm_name": "CloudExtensionRequestEnabled",

"pfm_note": "For Google Chrome, this policy is only effective when the machine is enrolled with CloudManagementEnrollmentToken.",

"pfm_title": "Enable Cloud Extension Install Requests",

"pfm_type": "boolean"

},

{

"pfm_app_min": "72",

"pfm_app_deprecated": "84",

"pfm_description": "Report Safe Browsing information.",

"pfm_description_reference": "This policy controls whether to report Safe Browsing information including the number of Safe Browsing warning and the number of safe browsering warning click through.\n\nWhen the policy CloudReportingEnabled is left unset or set to disabled, this policy will be ignored.\n\nWhen this policy is left unset or set to True, Safe Browsing data are gathered. When this policy is set to False, Safe Browsing data are not gathered.\n\nThis policy is only effective when the machine is enrolled with CloudManagementEnrollmentToken for Google Chrome. This policy is always effective for Google Chrome OS.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ReportSafeBrowsingData",

"pfm_name": "ReportSafeBrowsingData",

"pfm_title": "Report Safe Browsing",

"pfm_type": "boolean"

}, null,

{

"pfm_app_min": "10",

"pfm_description": "Allows you to set whether websites are allowed to set local data. Setting local data can be either allowed for all websites or denied for all websites.",

"pfm_description_reference": "1 - Allow all sites to set local data\n2 - Do not allow any site to set local data\n4 - Keep cookies for the duration of the session\nAllows you to set whether websites are allowed to set local data. Setting local data can be either allowed for all websites or denied for all websites.\n\nIf this policy is set to 'Keep cookies for the duration of the session' then cookies will be cleared when the session closes. Note that if Google Chrome is running in 'background mode', the session may not close when the last window is closed. Please see the 'BackgroundModeEnabled' policy for more information about configuring this behavior.\n\nIf this policy is left not set, 'AllowCookies' will be used and the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultCookiesSetting",

"pfm_name": "DefaultCookiesSetting",

"pfm_range_list": [1, 2, 4],

"pfm_range_list_titles": ["Allow all sites to set local data", "Do not allow any site to set local data", "Keep cookies for the duration of the session"],

"pfm_title": "Default cookies setting",

"pfm_type": "integer"

},

{

"pfm_app_min": "10",

"pfm_description": "Enabling this setting prevents cookies from being set by web page elements that are not from the domain that is in the browser's address bar.",

"pfm_description_reference": "Enabling this setting prevents cookies from being set by web page elements that are not from the domain that is in the browser's address bar.\n\nDisabling this setting allows cookies to be set by web page elements that are not from the domain that is in the browser's address bar and prevents users from changing this setting.\n\nIf this policy is left not set, third party cookies will be enabled but the user will be able to change that.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BlockThirdPartyCookies",

"pfm_name": "BlockThirdPartyCookies",

"pfm_title": "Block third party cookies",

"pfm_type": "boolean"

},

{

"pfm_app_min": "11",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are allowed to set cookies.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are allowed to set cookies.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultCookiesSetting' policy if it is set, or the user's personal configuration otherwise.\n\nSee also policies 'CookiesBlockedForUrls' and 'CookiesSessionOnlyForUrls'. Note that there must be no conflicting URL patterns between these three policies - it is unspecified which policy takes precedence.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CookiesAllowedForUrls",

"pfm_name": "CookiesAllowedForUrls",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Allow cookies on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "11",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are not allowed to set cookies.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are not allowed to set cookies.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultCookiesSetting' policy if it is set, or the user's personal configuration otherwise.\n\nSee also policies 'CookiesAllowedForUrls' and 'CookiesSessionOnlyForUrls'. Note that there must be no conflicting URL patterns between these three policies - it is unspecified which policy takes precedence.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CookiesBlockedForUrls",

"pfm_name": "CookiesBlockedForUrls",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Block cookies on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "11",

"pfm_description": "Cookies set by pages matching these URL patterns will be limited to the current session, i.e. they will be deleted when the browser exits.",

"pfm_description_reference": "Cookies set by pages matching these URL patterns will be limited to the current session, i.e. they will be deleted when the browser exits.\n\nFor URLs not covered by the patterns specified here, or for all URLs if this policy is not set, the global default value will be used either from the 'DefaultCookiesSetting' policy, if it is set, or the user's personal configuration otherwise.\n\nNote that if Google Chrome is running in 'background mode', the session may not be closed when the last browser window is closed, but will instead stay active until the browser exits. Please see the 'BackgroundModeEnabled' policy for more information about configuring this behavior.\n\nSee also policies 'CookiesAllowedForUrls' and 'CookiesBlockedForUrls'. Note that there must be no conflicting URL patterns between these three policies - it is unspecified which policy takes precedence.\n\nIf the \"RestoreOnStartup\" policy is set to restore URLs from previous sessions this policy will not be respected and cookies will be stored permanently for those sites.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CookiesSessionOnlyForUrls",

"pfm_name": "CookiesSessionOnlyForUrls",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Limit cookies from matching URLs to the current session",

"pfm_type": "array"

},

{

"pfm_app_min": "50",

"pfm_description": "Allows you to set whether websites are allowed to get access to nearby Bluetooth devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to nearby Bluetooth devices.",

"pfm_description_reference": "2 - Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API\n3 - Allow sites to ask the user to grant access to a nearby Bluetooth device\nAllows you to set whether websites are allowed to get access to nearby Bluetooth devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to nearby Bluetooth devices.\n\nIf this policy is left not set, '3' will be used, and the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultWebBluetoothGuardSetting",

"pfm_name": "DefaultWebBluetoothGuardSetting",

"pfm_range_list": [2, 3],

"pfm_range_list_titles": ["Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API", "Allow sites to ask the user to grant access to a nearby Bluetooth device"],

"pfm_title": "Control use of the Web Bluetooth API",

"pfm_type": "integer"

},

{

"pfm_app_min": "67",

"pfm_description": "Allows you to set whether websites are allowed to get access to connected USB devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to connected USB devices.",

"pfm_description_reference": "2 - Do not allow any site to request access to USB devices via the WebUSB API\n3 - Allow sites to ask the user to grant access to a connected USB device\nAllows you to set whether websites are allowed to get access to connected USB devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to connected USB devices.\n\nThis policy can be overridden for specific URL patterns using the 'WebUsbAskForUrls' and 'WebUsbBlockedForUrls' policies.\n\nIf this policy is left not set, '3' will be used, and the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultWebUsbGuardSetting",

"pfm_name": "DefaultWebUsbGuardSetting",

"pfm_range_list": [2, 3],

"pfm_range_list_titles": ["Do not allow any site to request access to USB devices via the WebUSB API", "Allow sites to ask the user to grant access to a connected USB device"],

"pfm_title": "Control use of the WebUSB API",

"pfm_type": "integer"

},

{

"pfm_app_min": "10",

"pfm_description": "Allows you to set whether websites are allowed to display images. Displaying images can be either allowed for all websites or denied for all websites.",

"pfm_description_reference": "1 - Allow all sites to show all images\n2 - Do not allow any site to show images\nAllows you to set whether websites are allowed to display images. Displaying images can be either allowed for all websites or denied for all websites.\n\nIf this policy is left not set, 'AllowImages' will be used and the user will be able to change it.\n\nNote that previously this policy was erroneously enabled on Android, but this functionality has never been fully supported on Android.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultImagesSetting",

"pfm_name": "DefaultImagesSetting",

"pfm_range_list": [1, 2],

"pfm_range_list_titles": ["Allow all sites to show all images", "Do not allow any site to show images"],

"pfm_title": "Default images setting",

"pfm_type": "integer"

},

{

"pfm_app_min": "11",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are allowed to display images.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are allowed to display images.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultImagesSetting' policy if it is set, or the user's personal configuration otherwise.\n\nNote that previously this policy was erroneously enabled on Android, but this functionality has never been fully supported on Android.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ImagesAllowedForUrls",

"pfm_name": "ImagesAllowedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Allow images on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "11",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are not allowed to display images.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are not allowed to display images.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultImagesSetting' policy if it is set, or the user's personal configuration otherwise.\n\nNote that previously this policy was erroneously enabled on Android, but this functionality has never been fully supported on Android.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ImagesBlockedForUrls",

"pfm_name": "ImagesBlockedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Block images on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "79",

"pfm_description": "Control use of insecure content exceptions. Allows you to set whether users can add exceptions to allow mixed content for specific sites. If this policy is left not set, users will be allowed to add exceptions to allow blockable mixed content and disable autoupgrades for optionally blockable mixed content.",

"pfm_description_reference": "Allows you to set whether users can add exceptions to allow mixed content for specific sites.\n\nThis policy can be overridden for specific URL patterns using the 'InsecureContentAllowedForUrls' and 'InsecureContentBlockedForUrls' policies.\n\nIf this policy is left not set, users will be allowed to add exceptions to allow blockable mixed content and disable autoupgrades for optionally blockable mixed content.\n\n2 = Do not allow any site to load mixed content\n3 = Allow users to add exceptions to allow mixed content",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultInsecureContentSetting",

"pfm_name": "DefaultInsecureContentSetting",

"pfm_note": "This policy can be overridden for specific URL patterns using the 'InsecureContentAllowedForUrls' and 'InsecureContentBlockedForUrls' policies.",

"pfm_range_list": [2, 3],

"pfm_range_list_titles": ["Do not allow any site to load mixed content", "Allow users to add exceptions to allow mixed content"],

"pfm_title": "Default insecure content setting",

"pfm_type": "integer"

},

{

"pfm_app_min": "79",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are allowed to display blockable (i.e. active) mixed content (i.e. HTTP content on HTTPS sites) and for which optionally blockable mixed content upgrades will be disabled.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are allowed to display blockable (i.e. active) mixed content (i.e. HTTP content on HTTPS sites) and for which optionally blockable mixed content upgrades will be disabled.\n\nIf this policy is left not set blockable mixed content will be blocked and optionally blockable mixed content will be upgraded, and users will be allowed to set exceptions to allow it for specific sites.\n\nFor detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=InsecureContentAllowedForUrls",

"pfm_name": "InsecureContentAllowedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Allow insecure content on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "79",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are not allowed to display blockable (i.e. active) mixed content (i.e. HTTP content on HTTPS sites), and for which optionally blockable (i.e. passive) mixed content will be upgraded.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are not allowed to display blockable (i.e. active) mixed content (i.e. HTTP content on HTTPS sites), and for which optionally blockable (i.e. passive) mixed content will be upgraded.\n\nIf this policy is left not set blockable mixed content will be blocked and optionally blockable mixed content will be upgraded, but users will be allowed to set exceptions to allow it for specific sites.\n\nFor detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=InsecureContentBlockedForUrls",

"pfm_name": "InsecureContentBlockedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Block insecure content on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "10",

"pfm_description": "Allows you to set whether websites are allowed to run JavaScript. Running JavaScript can be either allowed for all websites or denied for all websites.",

"pfm_description_reference": "1 - Allow all sites to run JavaScript\n2 - Do not allow any site to run JavaScript\nAllows you to set whether websites are allowed to run JavaScript. Running JavaScript can be either allowed for all websites or denied for all websites.\n\nIf this policy is left not set, 'AllowJavaScript' will be used and the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultJavaScriptSetting",

"pfm_name": "DefaultJavaScriptSetting",

"pfm_range_list": [1, 2],

"pfm_range_list_titles": ["Allow all sites to run JavaScript", "Do not allow any site to run JavaScript"],

"pfm_title": "Default JavaScript setting",

"pfm_type": "integer"

},

{

"pfm_app_min": "11",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are allowed to run JavaScript.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are allowed to run JavaScript.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultJavaScriptSetting' policy if it is set, or the user's personal configuration otherwise.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=JavaScriptAllowedForUrls",

"pfm_name": "JavaScriptAllowedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Allow JavaScript on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "11",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are not allowed to run JavaScript.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are not allowed to run JavaScript.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultJavaScriptSetting' policy if it is set, or the user's personal configuration otherwise.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=JavaScriptBlockedForUrls",

"pfm_name": "JavaScriptBlockedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Block JavaScript on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "79",

"pfm_description": "Allows you to revert all cookies to legacy SameSite behavior.",

"pfm_description_reference": "Allows you to revert all cookies to legacy SameSite behavior. Reverting to legacy behavior causes cookies that don't specify a SameSite attribute to be treated as if they were \"SameSite=None\", and removes the requirement for \"SameSite=None\" cookies to carry the \"Secure\" attribute. See https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies for full description.\n\nWhen this policy is not set, the default SameSite behavior for cookies that don't specify a SameSite attribute will depend on the user's personal configuration for the SameSite-by-default feature, which may be set by a field trial or by enabling or disabling the flag same-site-by-default-cookies flag.\n\n1 = Revert to legacy SameSite behavior for cookies on all sites\n2 = Use SameSite-by-default behavior for cookies on all sites",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=LegacySameSiteCookieBehaviorEnabled",

"pfm_name": "LegacySameSiteCookieBehaviorEnabled",

"pfm_note": "See https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies for full description",

"pfm_range_list": [1, 2],

"pfm_range_list_titles": ["Revert to legacy SameSite behavior for cookies on all sites", "Use SameSite-by-default behavior for cookies on all sites"],

"pfm_title": "Enable legacy SameSite cookie behavior",

"pfm_type": "integer"

},

{

"pfm_app_min": "79",

"pfm_description": "Cookies set for domains matching these patterns will revert to legacy SameSite behavior. For cookies on domains not covered by the patterns specified here, or for all cookies if this policy is not set, the global default value will be used either from the LegacySameSiteCookieBehaviorEnabled policy, if it is set, or the user's personal configuration otherwise.",

"pfm_description_reference": "Cookies set for domains matching these patterns will revert to legacy SameSite behavior. Reverting to legacy behavior causes cookies that don't specify a SameSite attribute to be treated as if they were \"SameSite=None\", and removes the requirement for \"SameSite=None\" cookies to carry the \"Secure\" attribute. See https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies for full description.\n\nFor cookies on domains not covered by the patterns specified here, or for all cookies if this policy is not set, the global default value will be used either from the LegacySameSiteCookieBehaviorEnabled policy, if it is set, or the user's personal configuration otherwise.\n\nNote that patterns you list here are treated as domains, not URLs, so you should not specify a scheme or port.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=LegacySameSiteCookieBehaviorEnabledForDomainList",

"pfm_name": "LegacySameSiteCookieBehaviorEnabledForDomainList",

"pfm_note": "See https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies for full description.",

"pfm_subkeys": [

{

"pfm_title": "Domains",

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Enable legacy SameSite cookie behavior for list of domains",

"pfm_type": "array"

},

{

"pfm_app_min": "10",

"pfm_description": "Allows you to set whether websites are allowed to automatically run the Flash plugin. Automatically running the Flash plugin can be either allowed for all websites or denied for all websites.",

"pfm_description_reference": "1 - Allow all sites to automatically run the Flash plugin\n2 - Block the Flash plugin\n3 - Click to play\nAllows you to set whether websites are allowed to automatically run the Flash plugin. Automatically running the Flash plugin can be either allowed for all websites or denied for all websites.\n\nClick to play allows the Flash plugin to run but the user must click on the placeholder to start its execution.\n\nAutomatic playback is only allowed for domains explictly listed in the PluginsAllowedForUrls policy. If you want to enabled automatic playback for all sites consider adding http://* and https://* to this list.\n\nIf this policy is left not set, the user will be able to change this setting manually.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultPluginsSetting",

"pfm_name": "DefaultPluginsSetting",

"pfm_range_list": [1, 2, 3],

"pfm_range_list_titles": ["Allow all sites to automatically run the Flash plugin", "Block the Flash plugin", "Click to play"],

"pfm_title": "Default Flash setting",

"pfm_type": "integer"

},

{

"pfm_app_min": "11",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are allowed to run the Flash plugin.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are allowed to run the Flash plugin.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultPluginsSetting' policy if it is set, or the user's personal configuration otherwise.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PluginsAllowedForUrls",

"pfm_name": "PluginsAllowedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Allow the Flash plugin on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "10",

"pfm_description": "Allows you to set whether websites are allowed to display desktop notifications. Displaying desktop notifications can be allowed by default, denied by default or the user can be asked every time a website wants to show desktop notifications.",

"pfm_description_reference": "1 - Allow sites to show desktop notifications\n2 - Do not allow any site to show desktop notifications\n3 - Ask every time a site wants to show desktop notifications\nAllows you to set whether websites are allowed to display desktop notifications. Displaying desktop notifications can be allowed by default, denied by default or the user can be asked every time a website wants to show desktop notifications.\n\nIf this policy is left not set, 'AskNotifications' will be used and the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultNotificationsSetting",

"pfm_name": "DefaultNotificationsSetting",

"pfm_range_list": [1, 2, 3],

"pfm_range_list_titles": ["Allow sites to show desktop notifications", "Do not allow any site to show desktop notifications", "Ask every time a site wants to show desktop notifications"],

"pfm_title": "Default notification setting",

"pfm_type": "integer"

},

{

"pfm_app_min": "16",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are allowed to display notifications.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are allowed to display notifications.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultNotificationsSetting' policy if it is set, or the user's personal configuration otherwise.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NotificationsAllowedForUrls",

"pfm_name": "NotificationsAllowedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Allow notifications on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "16",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are not allowed to display notifications.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are not allowed to display notifications.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultNotificationsSetting' policy if it is set, or the user's personal configuration otherwise.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NotificationsBlockedForUrls",

"pfm_name": "NotificationsBlockedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Block notifications on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "11",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are not allowed to run the Flash plugin.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are not allowed to run the Flash plugin.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultPluginsSetting' policy if it is set, or the user's personal configuration otherwise.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PluginsBlockedForUrls",

"pfm_name": "PluginsBlockedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Block the Flash plugin on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "10",

"pfm_description": "Allows you to set whether websites are allowed to show pop-ups. Showing popups can be either allowed for all websites or denied for all websites.",

"pfm_description_reference": "1 - Allow all sites to show pop-ups\n2 - Do not allow any site to show popups\nAllows you to set whether websites are allowed to show pop-ups. Showing popups can be either allowed for all websites or denied for all websites.\n\nIf this policy is left not set, 'BlockPopups' will be used and the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultPopupsSetting",

"pfm_name": "DefaultPopupsSetting",

"pfm_range_list": [1, 2],

"pfm_range_list_titles": ["Allow all sites to show pop-ups", "Do not allow any site to show popups"],

"pfm_title": "Default popups setting",

"pfm_type": "integer"

},

{

"pfm_app_min": "11",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are allowed to open popups.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are allowed to open popups.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultPopupsSetting' policy if it is set, or the user's personal configuration otherwise.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PopupsAllowedForUrls",

"pfm_name": "PopupsAllowedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Allow popups on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "11",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are not allowed to open popups.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are not allowed to open popups.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultPopupsSetting' policy if it is set, or the user's personal configuration otherwise.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PopupsBlockedForUrls",

"pfm_name": "PopupsBlockedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Block popups on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "15",

"pfm_description": "Allows you to specify a list of url patterns that specify sites for which Google Chrome should automatically select a client certificate, if the site requests a certificate.",

"pfm_description_reference": "Allows you to specify a list of url patterns that specify sites for which Google Chrome should automatically select a client certificate, if the site requests a certificate.\n\nThe value must be an array of stringified JSON dictionaries. Each dictionary must have the form { \"pattern\": \"$URL_PATTERN\", \"filter\" : $FILTER }, where $URL_PATTERN is a content setting pattern. $FILTER restricts from which client certificates the browser will automatically select. Independent of the filter, only certificates will be selected that match the server's certificate request. If $FILTER has the form { \"ISSUER\": { \"CN\": \"$ISSUER_CN\" } }, additionally only client certificates are selected that are issued by a certificate with the CommonName $ISSUER_CN. If $FILTER is the empty dictionary {}, the selection of client certificates is not additionally restricted.\n\nIf this policy is left not set, no auto-selection will be done for any site.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoSelectCertificateForUrls",

"pfm_name": "AutoSelectCertificateForUrls",

"pfm_note": "The value must be an array of stringified JSON dictionaries. Each dictionary must have the form { \"pattern\": \"$URL_PATTERN\", \"filter\" : $FILTER }, where $URL_PATTERN is a content setting pattern. $FILTER restricts from which client certificates the browser will automatically select. Independent of the filter, only certificates will be selected that match the server's certificate request. If $FILTER has the form { \"ISSUER\": { \"CN\": \"$ISSUER_CN\" } }, additionally only client certificates are selected that are issued by a certificate with the CommonName $ISSUER_CN. If $FILTER is the empty dictionary {}, the selection of client certificates is not additionally restricted.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "{\"pattern\":\"https://www.example.com\",\"filter\":{\"ISSUER\":{\"CN\":\"certificate issuer name\", \"L\": \"certificate issuer location\", \"O\": \"certificate issuer org\", \"OU\": \"certificate issuer org unit\"}, \"SUBJECT\":{\"CN\":\"certificate subject name\", \"L\": \"certificate subject location\", \"O\": \"certificate subject org\", \"OU\": \"certificate subject org unit\"}}}"

}],

"pfm_title": "Automatically select client certificates for these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "10",

"pfm_description": "Allows you to set whether websites are allowed to track the users' physical location. Tracking the users' physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location.",

"pfm_description_reference": "1 - Allow sites to track the users' physical location\n2 - Do not allow any site to track the users' physical location\n3 - Ask whenever a site wants to track the users' physical location\nAllows you to set whether websites are allowed to track the users' physical location. Tracking the users' physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location.\n\nIf this policy is left not set, 'AskGeolocation' will be used and the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultGeolocationSetting",

"pfm_name": "DefaultGeolocationSetting",

"pfm_range_list": [1, 2, 3],

"pfm_range_list_titles": ["Allow sites to track the users' physical location", "Do not allow any site to track the users' physical location", "Ask whenever a site wants to track the users' physical location"],

"pfm_title": "Default geolocation setting",

"pfm_type": "integer"

},

{

"pfm_app_deprecated": "25",

"pfm_app_min": "22",

"pfm_description": "Allows you to set whether websites are allowed to get access to media capture devices. Access to media capture devices can be allowed by default, or the user can be asked every time a website wants to get access to media capture devices. - Documentation doesn't indicate when this was deprecated, but AudioCaptureAllowed was added in M25, so making an assumption.",

"pfm_description_reference": "Allows you to set whether websites are allowed to get access to media capture devices. Access to media capture devices can be allowed by default, or the user can be asked every time a website wants to get access to media capture devices.\n\n\t\tIf this policy is left not set, 'PromptOnAccess' will be used and the user will be able to change it.\n\n\t\t2 = Do not allow any site to access the camera and microphone\n\t\t3 = Ask every time a site wants to access the camera and/or microphone",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultMediaStreamSetting",

"pfm_name": "DefaultMediaStreamSetting",

"pfm_range_list": [2, 3],

"pfm_range_list_titles": ["Do not allow any site to access the camera and microphone", "Ask every time a site wants to access the camera and/or microphone"],

"pfm_title": "Default mediastream setting",

"pfm_type": "integer"

},

{

"pfm_app_min": "37",

"pfm_description": "Allows you to register a list of protocol handlers. This can only be a recommended policy. The property |protocol| should be set to the scheme such as 'mailto' and the property |url| should be set to the URL pattern of the application that handles the scheme. The pattern can include a '%s', which if present will be replaced by the handled URL.",

"pfm_description_reference": "Allows you to register a list of protocol handlers. This can only be a recommended policy. The property |protocol| should be set to the scheme such as 'mailto' and the property |url| should be set to the URL pattern of the application that handles the scheme. The pattern can include a '%s', which if present will be replaced by the handled URL.\n\nThe protocol handlers registered by policy are merged with the ones registered by the user and both are available for use. The user can override the protocol handlers installed by policy by installing a new default handler, but cannot remove a protocol handler registered by policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RegisteredProtocolHandlers",

"pfm_name": "RegisteredProtocolHandlers",

"pfm_subkeys": [

{

"pfm_name": "RegisteredProtocolDictionary",

"pfm_subkeys": [

{

"pfm_default": true,

"pfm_name": "default",

"pfm_type": "boolean"

},

{

"pfm_name": "protocol",

"pfm_type": "string",

"pfm_value_placeholder": "ex. mailto"

},

{

"pfm_name": "url",

"pfm_type": "string",

"pfm_value_placeholder": "ex. https://mail.google.com/mail/?extsrc=mailto&url=%s"

}],

"pfm_type": "dictionary"

}],

"pfm_title": "Register protocol handlers",

"pfm_type": "array"

}, null,

{

"pfm_app_min": "66",

"pfm_description": "Allows you to control if videos can play automatically (without user consent) with audio content in Google Chrome.",

"pfm_description_reference": "Allows you to control if videos can play automatically (without user consent) with audio content in Google Chrome.\n\nIf the policy is set to True, Google Chrome is allowed to autoplay media.\nIf the policy is set to False, Google Chrome is not allowed to autoplay media. The AutoplayAllowlist policy can be used to override this for certain URL patterns.\nBy default, Google Chrome is not allowed to autoplay media. The AutoplayAllowlist policy can be used to override this for certain URL patterns.\n\nNote that if Google Chrome is running and this policy changes, it will be applied only to new opened tabs. Therefore some tabs might still observe the previous behavior.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoplayAllowed",

"pfm_name": "AutoplayAllowed",

"pfm_title": "Allow media autoplay",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "86",

"pfm_app_min": "66",

"pfm_description": "Controls the whitelist of URL patterns that autoplay will always be enabled on.",

"pfm_description_reference": "Controls the whitelist of URL patterns that autoplay will always be enabled on.\n\nIf autoplay is enabled then videos can play automatically (without user consent) with audio content in Google Chrome.\n\nA URL pattern has to be formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.\n\nIf the AutoplayAllowed policy is set to True then this policy will have no effect.\n\nIf the AutoplayAllowed policy is set to False then any URL patterns set in this policy will still be allowed to play.\n\nNote that if Google Chrome is running and this policy changes, it will be applied only to new opened tabs. Therefore some tabs might still observe the previous behavior.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoplayWhitelist",

"pfm_name": "AutoplayWhitelist",

"pfm_note": "Use AutoplayAllowlist instead.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Allow media autoplay on a whitelist of URL patterns",

"pfm_type": "array"

},

{

"pfm_app_min": "86",

"pfm_description": "Controls the allow list of URL patterns that autoplay will always be enabled on.",

"pfm_description_reference": "Controls the allow list of URL patterns that autoplay will always be enabled on.\n\nIf autoplay is enabled then videos can play automatically (without user consent) with audio content in Google Chrome.\n\nA URL pattern has to be formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.\n\nIf the AutoplayAllowed policy is set to True then this policy will have no effect.\n\nIf the AutoplayAllowed policy is set to False then any URL patterns set in this policy will still be allowed to play.\n\nNote that if Google Chrome is running and this policy changes, it will be applied only to new opened tabs. Therefore some tabs might still observe the previous behavior.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoplayAllowlist",

"pfm_name": "AutoplayAllowlist",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "Allow media autoplay on an allow list of URL patterns",

"pfm_type": "array"

}, null,

{

"pfm_app_min": "24",

"pfm_description": "Specifies a list of alternate URLs that can be used to extract search terms from the search engine. The URLs should contain the string '{searchTerms}', which will be used to extract the search terms.",

"pfm_description_reference": "Specifies a list of alternate URLs that can be used to extract search terms from the search engine. The URLs should contain the string '{searchTerms}', which will be used to extract the search terms.\n\nThis policy is optional. If not set, no alternate urls will be used to extract search terms.\n\nThis policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderAlternateURLs",

"pfm_name": "DefaultSearchProviderAlternateURLs",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "https://search.my.company/suggest/search#q={searchTerms}"

}],

"pfm_title": "List of alternate URLs for the default search provider",

"pfm_type": "array"

},

{

"pfm_app_min": "8",

"pfm_description": "Enables the use of a default search provider.",

"pfm_description_reference": "Enables the use of a default search provider.\n\nIf you enable this setting, a default search is performed when the user types text in the omnibox that is not a URL.\n\nYou can specify the default search provider to be used by setting the rest of the default search policies. If these are left empty, the user can choose the default provider.\n\nIf you disable this setting, no search is performed when the user enters non-URL text in the omnibox.\n\nIf you enable or disable this setting, users cannot change or override this setting in Google Chrome.\n\nIf this policy is left not set, the default search provider is enabled, and the user will be able to set the search provider list.\n\nThis policy is not available on Windows instances that are not joined\nto a Microsoft® Active Directory® domain.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderEnabled",

"pfm_name": "DefaultSearchProviderEnabled",

"pfm_title": "Enable the default search provider",

"pfm_type": "boolean"

},

{

"pfm_app_min": "8",

"pfm_description": "Specifies the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the order provided.",

"pfm_description_reference": "Specifies the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the order provided.\n\nThis policy is optional. If not set, the default will be used which is UTF-8.\n\nThis policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderEncodings",

"pfm_name": "DefaultSearchProviderEncodings",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "ex. UTF-8"

}],

"pfm_title": "Default search provider encodings",

"pfm_type": "array"

},

{

"pfm_app_min": "8",

"pfm_description": "Specifies the favorite icon URL of the default search provider.",

"pfm_description_reference": "Specifies the favorite icon URL of the default search provider.\n\nThis policy is optional. If not set, no icon will be present for the search provider.\n\nThis policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderIconURL",

"pfm_name": "DefaultSearchProviderIconURL",

"pfm_title": "Default search provider icon",

"pfm_type": "string",

"pfm_value_placeholder": "https://search.my.company/favicon.ico"

},

{

"pfm_app_min": "29",

"pfm_description": "Specifies the URL of the search engine used to provide image search. Search requests will be sent using the GET method. If the DefaultSearchProviderImageURLPostParams policy is set then image search requests will use the POST method instead.",

"pfm_description_reference": "Specifies the URL of the search engine used to provide image search. Search requests will be sent using the GET method. If the DefaultSearchProviderImageURLPostParams policy is set then image search requests will use the POST method instead.\n\nThis policy is optional. If not set, no image search will be used.\n\nThis policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderImageURL",

"pfm_name": "DefaultSearchProviderImageURL",

"pfm_title": "Parameter providing search-by-image feature for the default search provider",

"pfm_type": "string",

"pfm_value_placeholder": "https://search.my.company/searchbyimage/upload"

},

{

"pfm_app_min": "29",

"pfm_description": "Specifies the parameters used when doing image search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {imageThumbnail} in above example, it will be replaced with real image thumbnail data.",

"pfm_description_reference": "Specifies the parameters used when doing image search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {imageThumbnail} in above example, it will be replaced with real image thumbnail data.\n\nThis policy is optional. If not set, image search request will be sent using the GET method.\n\nThis policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderImageURLPostParams",

"pfm_name": "DefaultSearchProviderImageURLPostParams",

"pfm_title": "Parameters for image URL which uses POST",

"pfm_type": "string",

"pfm_value_placeholder": "content={imageThumbnail},url={imageURL},sbisrc={SearchSource}"

},

{

"pfm_app_min": "8",

"pfm_description": "Specifies the keyword, which is the shortcut used in the omnibox to trigger the search for this provider.",

"pfm_description_reference": "Specifies the keyword, which is the shortcut used in the omnibox to trigger the search for this provider.\n\nThis policy is optional. If not set, no keyword will activate the search provider.\n\nThis policy is only considered if the 'DefaultSearchProviderEnabled' policy is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderKeyword",

"pfm_name": "DefaultSearchProviderKeyword",

"pfm_title": "Default search provider keyword",

"pfm_type": "string",

"pfm_value_placeholder": "mis"

},

{

"pfm_app_min": "8",

"pfm_description": "Specifies the name of the default search provider. If left empty or not set, the host name specified by the search URL will be used.",

"pfm_description_reference": "Specifies the name of the default search provider. If left empty or not set, the host name specified by the search URL will be used.\n\nThis policy is only considered if the 'DefaultSearchProviderEnabled' policy is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderName",

"pfm_name": "DefaultSearchProviderName",

"pfm_title": "Default search provider name",

"pfm_type": "string",

"pfm_value_placeholder": "Google"

},

{

"pfm_app_min": "30",

"pfm_description": "Specifies the URL that a search engine uses to provide a new tab page.",

"pfm_description_reference": "Specifies the URL that a search engine uses to provide a new tab page.\n\nThis policy is optional. If not set, no new tab page will be provided.\n\nThis policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderNewTabURL",

"pfm_name": "DefaultSearchProviderNewTabURL",

"pfm_title": "Default search provider new tab page URL",

"pfm_type": "string",

"pfm_value_placeholder": "https://search.my.company/newtab"

},

{

"pfm_app_min": "8",

"pfm_description": "Specifies the URL of the search engine used when doing a default search. The URL should contain the string '{searchTerms}', which will be replaced at query time by the terms the user is searching for.",

"pfm_description_reference": "Specifies the URL of the search engine used when doing a default search. The URL should contain the string '{searchTerms}', which will be replaced at query time by the terms the user is searching for.\n\nGoogle's search URL can be specified as: '{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}ie={inputEncoding}'.\n\nThis option must be set when the 'DefaultSearchProviderEnabled' policy is enabled and will only be respected if this is the case.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderSearchURL",

"pfm_name": "DefaultSearchProviderSearchURL",

"pfm_title": "Default search provider search URL",

"pfm_type": "string",

"pfm_value_placeholder": "https://search.my.company/search?q={searchTerms}"

},

{

"pfm_app_min": "29",

"pfm_description": "Specifies the parameters used when searching a URL with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.",

"pfm_description_reference": "Specifies the parameters used when searching a URL with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.\n\nThis policy is optional. If not set, search request will be sent using the GET method.\n\nThis policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderSearchURLPostParams",

"pfm_name": "DefaultSearchProviderSearchURLPostParams",

"pfm_title": "Parameters for search URL which uses POST",

"pfm_type": "string",

"pfm_value_placeholder": "q={searchTerms},ie=utf-8,oe=utf-8"

},

{

"pfm_app_min": "8",

"pfm_description": "Specifies the URL of the search engine used to provide search suggestions. The URL should contain the string '{searchTerms}', which will be replaced at query time by the text the user has entered so far.",

"pfm_description_reference": "Specifies the URL of the search engine used to provide search suggestions. The URL should contain the string '{searchTerms}', which will be replaced at query time by the text the user has entered so far.\n\nThis policy is optional. If not set, no suggest URL will be used.\n\nGoogle's suggest URL can be specified as: '{google:baseURL}complete/search?output=chrome&q={searchTerms}'.\n\nThis policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderSuggestURL",

"pfm_name": "DefaultSearchProviderSuggestURL",

"pfm_title": "Default search provider suggest URL",

"pfm_type": "string",

"pfm_value_placeholder": "https://search.my.company/suggest?q={searchTerms}"

},

{

"pfm_app_min": "29",

"pfm_description": "Specifies the parameters used when doing suggestion search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.",

"pfm_description_reference": "Specifies the parameters used when doing suggestion search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.\n\nThis policy is optional. If not set, suggest search request will be sent using the GET method.\n\nThis policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderSuggestURLPostParams",

"pfm_name": "DefaultSearchProviderSuggestURLPostParams",

"pfm_title": "Parameters for suggest URL which uses POST",

"pfm_type": "string",

"pfm_value_placeholder": "q={searchTerms},ie=utf-8,oe=utf-8"

}, null, null,

{

"pfm_app_min": "25",

"pfm_description": "Controls which app/extension types are allowed to be installed and limits runtime access.",

"pfm_description_reference": "Controls which app/extension types are allowed to be installed and limits runtime access.\n\nThis setting white-lists the allowed types of extension/apps that can be installed in Google Chrome and which hosts they can interact with. The value is a list of strings, each of which should be one of the following: \"extension\", \"theme\", \"user_script\", \"hosted_app\", \"legacy_packaged_app\", \"platform_app\". See the Google Chrome extensions documentation for more information on these types.\n\nNote that this policy also affects extensions and apps to be force-installed via ExtensionInstallForcelist.\n\nIf this setting is configured, extensions/apps which have a type that is not on the list will not be installed.\n\nIf this settings is left not-configured, no restrictions on the acceptable extension/app types are enforced.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionAllowedTypes",

"pfm_name": "ExtensionAllowedTypes",

"pfm_note": "Note that this policy also affects extensions and apps to be force-installed via ExtensionInstallForcelist.\n\nIf this setting is configured, extensions/apps which have a type that is not on the list will not be installed.\n\nIf this settings is left not-configured, no restrictions on the acceptable extension/app types are enforced.",

"pfm_subkeys": [

{

"pfm_range_list": ["extension", "hosted_app", "legacy_packaged_app", "platform_app", "theme", "user_script"],

"pfm_range_list_titles": ["Extension", "Hosted App", "Legacy Packaged App", "Platform App", "Theme", "User Script"],

"pfm_type": "string",

"pfm_value_unique": true

}],

"pfm_title": "Types of extensions/apps that are allowed to be installed",

"pfm_type": "array"

},

{

"pfm_app_min": "21",

"pfm_description": "Allows you to specify which URLs are allowed to install extensions, apps, and themes.",

"pfm_description_reference": "Allows you to specify which URLs are allowed to install extensions, apps, and themes.\n\nStarting in Google Chrome 21, it is more difficult to install extensions, apps, and user scripts from outside the Chrome Web Store. Previously, users could click on a link to a *.crx file, and Google Chrome would offer to install the file after a few warnings. After Google Chrome 21, such files must be downloaded and dragged onto the Google Chrome settings page. This setting allows specific URLs to have the old, easier installation flow.\n\nEach item in this list is an extension-style match pattern (see https://developer.chrome.com/extensions/match_patterns). Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.crx file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns.\n\nExtensionInstallBlocklist takes precedence over this policy. That is, an extension on the blacklist won't be installed, even if it happens from a site on this list.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallSources",

"pfm_name": "ExtensionInstallSources",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "https://corp.mycompany.com/*"

}],

"pfm_title": "URL patterns to allow extension, app, and user script installs from",

"pfm_type": "array"

},

{

"pfm_app_deprecated": "86",

"pfm_app_min": "8",

"pfm_description": "Allows you to specify which extensions the users can NOT install. Extensions already installed will be disabled if denied, without a way for the user to enable them. Once an extension is disabled due to the blacklist being removed, it will automatically get re-enabled. Enter * to deny all extensions.",

"pfm_description_reference": "Allows you to specify which extensions the users can NOT install. Extensions already installed will be disabled if blacklisted, without a way for the user to enable them. Once an extension disabled due to the blacklist is removed from it, it will automatically get re-enabled.\n\nA blacklist value of '*' means all extensions are blacklisted unless they are explicitly listed in the whitelist.\n\nIf this policy is left not set the user can install any extension in Google Chrome.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallBlacklist",

"pfm_name": "ExtensionInstallBlacklist",

"pfm_note": "Use ExtensionInstallBlocklist instead.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "extension_id"

}],

"pfm_title": "Extension ID Blacklist",

"pfm_type": "array"

},

{

"pfm_app_min": "86",

"pfm_description": "Allows you to specify which extensions the users can NOT install. Extensions already installed will be disabled if denied, without a way for the user to enable them. Once an extension is disabled due to the blocklist being removed, it will automatically get re-enabled. Enter * to deny all extensions.",

"pfm_description_reference": "Allows you to specify which extensions the users can NOT install. Extensions already installed will be disabled if blacklisted, without a way for the user to enable them. Once an extension disabled due to the blacklist is removed from it, it will automatically get re-enabled.\n\nA blacklist value of '*' means all extensions are blacklisted unless they are explicitly listed in the whitelist.\n\nIf this policy is left not set the user can install any extension in Google Chrome.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallBlocklist",

"pfm_name": "ExtensionInstallBlocklist",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "extension_id"

}],

"pfm_title": "Extension ID Blocklist",

"pfm_type": "array"

},

{

"pfm_app_deprecated": "86",

"pfm_app_min": "8",

"pfm_description": "Allows you to specify which extensions are not subject to the blacklist.",

"pfm_description_reference": "Allows you to specify which extensions are not subject to the blacklist.\n\nA blacklist value of * means all extensions are blacklisted and users can only install extensions listed in the whitelist.\n\nBy default, all extensions are whitelisted, but if all extensions have been blacklisted by policy, the whitelist can be used to override that policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallWhitelist",

"pfm_name": "ExtensionInstallWhitelist",

"pfm_note": "Use ExtensionInstallAllowlist instead. By default, all extensions are allowed, but if all extensions have been denied by policy, the allowlist can be used to override that policy.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "extension_id"

}],

"pfm_title": "Extension ID Whitelist",

"pfm_type": "array"

},

{

"pfm_app_min": "86",

"pfm_description": "Allows you to specify which extensions are not subject to the blocklist.",

"pfm_description_reference": "Allows you to specify which extensions are not subject to the blocklist.\n\nA blacklist value of * means all extensions are blacklisted and users can only install extensions listed in the allow list.\n\nBy default, all extensions are allowed. But, if you prohibited extensions by policy, use the list of allowed extensions to change that policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallAllowlist",

"pfm_name": "ExtensionInstallAllowlist",

"pfm_note": "By default, all extensions are allowed, but if all extensions have been denied by policy, the allow list can be used to override that policy.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "extension_id"

}],

"pfm_title": "Extension ID Allowlist",

"pfm_type": "array"

},

{

"pfm_app_min": "9",

"pfm_description": "Specifies a list of apps and extensions that are installed silently, without user interaction, and which cannot be uninstalled nor disabled by the user. All permissions requested by the apps/extensions are granted implicitly, without user interaction, including any additional permissions requested by future versions of the app/extension. Furthermore, permissions are granted for the enterprise.deviceAttributes and enterprise.platformKeys extension APIs. (These two APIs are not available to apps/extensions that are not force-installed.)",

"pfm_description_reference": "Specifies a list of apps and extensions that are installed silently, without user interaction, and which cannot be uninstalled nor disabled by the user. All permissions requested by the apps/extensions are granted implicitly, without user interaction, including any additional permissions requested by future versions of the app/extension. Furthermore, permissions are granted for the enterprise.deviceAttributes and enterprise.platformKeys extension APIs. (These two APIs are not available to apps/extensions that are not force-installed.)\n\nThis policy takes precedence over a potentially conflicting ExtensionInstallBlacklist policy. If an app or extension that previously had been force-installed is removed from this list, it is automatically uninstalled by Google Chrome.\n\nFor Windows instances that are not joined to a Microsoft® Active Directory® domain, forced installation is limited to apps and extensions listed in the Chrome Web Store.\n\nNote that the source code of any extension may be altered by users via Developer Tools (potentially rendering the extension dysfunctional). If this is a concern, the DeveloperToolsDisabled policy should be set.\n\nEach list item of the policy is a string that contains an extension ID and, optionally, an \"update\" URL separated by a semicolon (;). The extension ID is the 32-letter string found e.g. on chrome://extensions when in developer mode. The \"update\" URL, if specified, should point to an Update Manifest XML document as described at https://developer.chrome.com/extensions/autoupdate. By default, the Chrome Web Store's update URL is used (which currently is \"https://clients2.google.com/service/update2/crx\"). Note that the \"update\" URL set in this policy is only used for the initial installation; subsequent updates of the extension employ the update URL indicated in the extension's manifest. Note also that specifying the \"update\" URL explicitly was mandatory in Google Chrome versions up to and including 67.\n\nFor example, gbchcmhmhahfdphkhkmpfmihenigjmpp;https://clients2.google.com/service/update2/crx installs the Chrome Remote Desktop app from the standard Chrome Web Store \"update\" URL. For more information about hosting extensions, see: https://developer.chrome.com/extensions/hosting.\n\nIf this policy is left not set, no apps or extensions are installed automatically and the user can uninstall any app or extension in Google Chrome.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallForcelist",

"pfm_name": "ExtensionInstallForcelist",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "extension_id"

}],

"pfm_title": "Extension/App IDs and update URLs to be silently installed",

"pfm_type": "array"

},

{

"pfm_app_min": "62",

"pfm_description": "Configures extension management settings for Google Chrome. A default configuration can be set for the special ID \"*\"",

"pfm_description_reference": "Configures extension management settings for Google Chrome.\n\nThis policy controls multiple settings, including settings controlled by any existing extension-related policies. This policy will override any legacy policies if both are set.\n\nThis policy maps an extension ID or an update URL to its configuration. With an extension ID, configuration will be applied to the specified extension only. A default configuration can be set for the special ID \"*\", which will apply to all extensions that don't have a custom configuration set in this policy. With an update URL, configuration will be applied to all extensions with the exact update URL stated in manifest of this extension, as described at https://developer.chrome.com/extensions/autoupdate.\n\nFor a full description of possible settings and structure of this policy please visit https://www.chromium.org/administrators/policy-list-3/extension-settings-full",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionSettings",

"pfm_name": "ExtensionSettings",

"pfm_subkeys": [

{

"pfm_description": "",

"pfm_description_reference": "",

"pfm_name": "{{key}}",

"pfm_title": "Extension ID",

"pfm_type": "string"

},

{

"pfm_description": "",

"pfm_description_reference": "",

"pfm_name": "{{value}}",

"pfm_hidden": "container",

"pfm_subkeys": [

{

"pfm_description": "Maps to a string indicating the installation mode for the extension.",

"pfm_description_reference": "",

"pfm_name": "installation_mode",

"pfm_range_list": ["allowed", "blocked", "force_installed", "normal_installed"],

"pfm_range_list_titles": ["Allowed", "Blocked", "Force Installed", "Normal Installed"],

"pfm_type": "string"

},

{

"pfm_description": "Maps to a string indicating where Chrome can download a force_installed or normal_installed extension.",

"pfm_description_reference": "",

"pfm_name": "update_url",

"pfm_type": "string"

},

{

"pfm_description": "Maps to a list of strings indicating the blocked API permissions for the extension.",

"pfm_description_reference": "",

"pfm_name": "blocked_permissions",

"pfm_subkeys": [

{

"pfm_documentation_url": "https://developer.chrome.com/extensions/declare_permissions",

"pfm_range_list": ["activeTab", "alarms", "background", "bookmarks", "browsingData", "certificateProvider", "clipboardRead", "clipboardWrite", "contentSettings", "contextMenus", "cookies", "debugger", "declarativeContent", "declarativeNetRequest", "declarativeWebRequest", "desktopCapture", "displaySource", "dns", "documentScan", "downloads", "enterprise.deviceAttributes", "enterprise.hardwarePlatform", "enterprise.platformKeys", "experimental", "fileBrowserHandler", "fileSystemProvider", "fontSettings", "gcm", "geolocation", "history", "identity", "idle", "idltest", "management", "nativeMessaging", "networking.config", "notifications", "pageCapture", "platformKeys", "power", "printerProvider", "privacy", "processes", "proxy", "sessions", "signedInDevices", "storage", "system.cpu", "system.display", "system.memory", "system.storage", "tabCapture", "tabs", "topSites", "tts", "ttsEngine", "unlimitedStorage", "vpnProvider", "wallpaper", "webNavigation", "webRequest", "webRequestBlocking"],

"pfm_type": "string",

"pfm_value_unique": true

}],

"pfm_type": "array"

},

{

"pfm_description": "Maps to a version string.",

"pfm_description_reference": "",

"pfm_name": "minimum_version_required",

"pfm_type": "string"

},

{

"pfm_description": "Each item in this list is an extension-style match pattern.",

"pfm_description_reference": "",

"pfm_name": "install_sources",

"pfm_subkeys": [

{

"pfm_type": "string"

}],

"pfm_type": "array"

},

{

"pfm_description": "This setting whitelists the allowed types of extension/apps that can be installed in Google Chrome.",

"pfm_description_reference": "",

"pfm_name": "allowed_types",

"pfm_subkeys": [

{

"pfm_range_list": ["extension", "theme", "user_script", "hosted_app", "legacy_packaged_app", "platform_app"],

"pfm_type": "string"

}],

"pfm_type": "array"

},

{

"pfm_description": "This maps to a string specifying the error message to display to users if they're blocked from installing an extension.",

"pfm_description_reference": "",

"pfm_name": "blocked_install_message",

"pfm_type": "string"

},

{

"pfm_description": "Maps to a list of strings representing hosts whose webpages the extension will be blocked from modifying.",

"pfm_description_reference": "",

"pfm_name": "runtime_blocked_hosts",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "*://*.example.com"

}],

"pfm_type": "array"

},

{

"pfm_description": "Maps to a list of strings representing hosts that an extension can interact with regardless of whether they are listed in \"runtime_blocked_hosts\".",

"pfm_description_reference": "",

"pfm_name": "runtime_allowed_hosts",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "*://*.example.com"

}],

"pfm_type": "array"

}],

"pfm_type": "dictionary"

}],

"pfm_title": "Extension management settings",

"pfm_type": "dictionary"

},

{

"pfm_app_min": "80",

"pfm_default": false,

"pfm_description": "Blocks external extensions from being installed.",

"pfm_description_reference": "Controls external extensions installation.\n\nEnabling this setting blocks external extensions from being installed.\n\nDisabling this setting or leaving it unset allows external extensions to be installed.\n\nExternal extensions and their installation are documented at https://developer.chrome.com/apps/external_extensions.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BlockExternalExtensions",

"pfm_name": "BlockExternalExtensions",

"pfm_title": "Block external extensions",

"pfm_type": "boolean"

},

{

"pfm_default": false,

"pfm_app_deprecated": "78",

"pfm_app_min": "73",

"pfm_description": "Allow insecure algorithms in integrity checks on extension updates and installs.",

"pfm_description_reference": "Google Chrome provides for the secure update and installation of extensions. However, the content of some extensions hosted outside of the Chrome Web Store may only be protected by insecure signing or hashing algorithms such as SHA1. When this policy is disabled, fresh installation of and updates to such extensions will not be permitted by Chrome (until the extension developers rebuild the extension with stronger algorithms). When this policy is enabled, installation and updates for such extensions will be permitted.\n\nThis will default to the enabled behavior when unset. Starting in Google Chrome 76, this will default to the disabled behavior when unset.\n\nStarting in Google Chrome 78, this policy will be ignored and treated as disabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionAllowInsecureUpdates",

"pfm_name": "ExtensionAllowInsecureUpdates",

"pfm_note": "This will default to the enabled behavior when unset. Starting in Google Chrome 76, this will default to the disabled behavior when unset. Starting in Google Chrome 78, this policy will be ignored and treated as disabled.",

"pfm_title": "Allow insecure extension updates",

"pfm_type": "boolean"

}, null, null,

{

"pfm_app_min": "52",

"pfm_default": true,

"pfm_description": "If this policy is set to true or is not set, Google Cast will be enabled, and users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites, and (if shown) the Cast toolbar icon.",

"pfm_description_reference": "If this policy is set to true or is not set, Google Cast will be enabled, and users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites, and (if shown) the Cast toolbar icon.\n\nIf this policy set to false, Google Cast will be disabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnableMediaRouter",

"pfm_name": "EnableMediaRouter",

"pfm_title": "Enable Google Cast",

"pfm_type": "boolean"

},

{

"pfm_app_min": "58",

"pfm_default": false,

"pfm_description": "If this policy is set to true, the Cast toolbar icon will always be shown on the toolbar or the overflow menu, and users will not be able to remove it.",

"pfm_description_reference": "If this policy is set to true, the Cast toolbar icon will always be shown on the toolbar or the overflow menu, and users will not be able to remove it.\n\nIf this policy is set to false or is not set, users will be able to pin or remove the icon via its contextual menu.\n\nIf the policy \"EnableMediaRouter\" is set to false, then this policy's value would have no effect, and the toolbar icon would not be shown.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ShowCastIconInToolbar",

"pfm_name": "ShowCastIconInToolbar",

"pfm_title": "Show the Google Cast toolbar icon",

"pfm_type": "boolean"

}, null, null,

{

"pfm_app_min": "13",

"pfm_default": false,

"pfm_description": "Controls whether third-party sub-content on a page is allowed to pop-up an HTTP Basic Auth dialog box.",

"pfm_description_reference": "Controls whether third-party sub-content on a page is allowed to pop-up an HTTP Basic Auth dialog box.\n\nTypically this is disabled as a phishing defense. If this policy is not set, this is disabled and third-party sub-content will not be allowed to pop up a HTTP Basic Auth dialog box.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowCrossOriginAuthPrompt",

"pfm_name": "AllowCrossOriginAuthPrompt",

"pfm_title": "Cross-origin HTTP Basic Auth prompts",

"pfm_type": "boolean"

},

{

"pfm_app_min": "74",

"pfm_default": false,

"pfm_description": "Use KDC policy to delegate credentials. Controls whether approval by KDC policy is respected to decide whether to delegate Kerberos tickets.",

"pfm_description_reference": "Controls whether approval by KDC policy is respected to decide whether to delegate Kerberos tickets.\n\nIf this policy is true, HTTP authentication respects approval by KDC policy, i.e. Chrome only delegates credentials if the KDC sets OK-AS-DELEGATE on a service ticket. Please see https://tools.ietf.org/html/rfc5896.html for more information. Service should also match 'AuthNegotiateDelegateAllowlist' policy.\n\nIf this policy is not set or set to false, KDC policy is ignored on supported platforms and 'AuthNegotiateDelegateAllowlist' policy only is respected.\n\nOn Windows KDC policy is always respected.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AuthNegotiateDelegateByKdcPolicy",

"pfm_name": "AuthNegotiateDelegateByKdcPolicy",

"pfm_note": "Please see https://tools.ietf.org/html/rfc5896.html for more information. Service should also match 'AuthNegotiateDelegateAllowlist' policy.",

"pfm_title": "Kerberos delegation KDC policy",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "86",

"pfm_app_min": "9",

"pfm_description": "Servers that Google Chrome may delegate to.",

"pfm_description_reference": "Servers that Google Chrome may delegate to.\n\nSeparate multiple server names with commas. Wildcards (*) are allowed.\n\nIf you leave this policy not set Google Chrome will not delegate user credentials even if a server is detected as Intranet.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AuthNegotiateDelegateWhitelist",

"pfm_name": "AuthNegotiateDelegateWhitelist",

"pfm_note": "Use AuthNegotiateDelegateAllowlist instead.",

"pfm_title": "Kerberos delegation server whitelist",

"pfm_type": "string",

"pfm_value_placeholder": "foobar.example.com"

},

{

"pfm_app_min": "86",

"pfm_description": "Servers that Google Chrome may delegate to.",

"pfm_description_reference": "Servers that Google Chrome may delegate to.\n\nSeparate multiple server names with commas. Wildcards (*) are allowed.\n\nIf you leave this policy not set Google Chrome will not delegate user credentials even if a server is detected as Intranet.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AuthNegotiateDelegateAllowlist",

"pfm_name": "AuthNegotiateDelegateAllowlist",

"pfm_note": "Use AuthNegotiateDelegateAllowlist instead.",

"pfm_title": "Kerberos delegation server allowlist",

"pfm_type": "string",

"pfm_value_placeholder": "foobar.example.com"

},

{

"pfm_app_min": "9",

"pfm_description": "Specifies which HTTP authentication schemes are supported by Google Chrome. Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas.",

"pfm_description_reference": "Specifies which HTTP authentication schemes are supported by Google Chrome.\n\nPossible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas.\n\nIf this policy is left not set, all four schemes will be used.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AuthSchemes",

"pfm_name": "AuthSchemes",

"pfm_title": "Supported authentication schemes",

"pfm_type": "string",

"pfm_value_placeholder": "basic,digest,ntlm,negotiate"

},

{

"pfm_app_deprecated": "86",

"pfm_app_min": "9",

"pfm_description": "Specifies which servers should be whitelisted for integrated authentication. Integrated authentication is only enabled when Google Chrome receives an authentication challenge from a proxy or from a server which is in this permitted list.",

"pfm_description_reference": "Specifies which servers should be whitelisted for integrated authentication. Integrated authentication is only enabled when Google Chrome receives an authentication challenge from a proxy or from a server which is in this permitted list.\n\nSeparate multiple server names with commas. Wildcards (*) are allowed.\n\nIf you leave this policy not set Google Chrome will try to detect if a server is on the Intranet and only then will it respond to IWA requests. If a server is detected as Internet then IWA requests from it will be ignored by Google Chrome.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AuthServerWhitelist",

"pfm_name": "AuthServerWhitelist",

"pfm_note": "Use AuthServerAllowlist instead.",

"pfm_title": "Authentication server whitelist",

"pfm_type": "string",

"pfm_value_placeholder": "*example.com,foobar.com,*baz"

},

{

"pfm_app_min": "88",

"pfm_description": "Setting the policy to Enabled or leaving it unset will allow Basic authentication challenges received over non-secure HTTP. Setting the policy to Disabled forbids non-secure HTTP requests from using the Basic authentication scheme; only secure HTTPS is allowed.",

"pfm_description_reference": "Setting the policy to Enabled or leaving it unset will allow Basic authentication challenges received over non-secure HTTP.\n\nSetting the policy to Disabled forbids non-secure HTTP requests from using the Basic authentication scheme; only secure HTTPS is allowed.\n\ntrue = Basic authentication is allowed on HTTP connections\nfalse = Non-secure HTTP connections are not permitted to use Basic authentication; HTTPS is required",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AuthServerWhitelist",

"pfm_name": "BasicAuthOverHttpEnabled",

"pfm_title": "Allow Basic authentication for HTTP",

"pfm_type": "boolean"

},

{

"pfm_app_min": "86",

"pfm_description": "Specifies which servers should be allowed for integrated authentication. Integrated authentication is only enabled when Google Chrome receives an authentication challenge from a proxy or from a server which is in this permitted list.",

"pfm_description_reference": "Specifies which servers should be allowed for integrated authentication. Integrated authentication is only enabled when Google Chrome receives an authentication challenge from a proxy or from a server which is in this permitted list.\n\nSeparate multiple server names with commas. Wildcards (*) are allowed.\n\nIf you leave this policy not set Google Chrome will try to detect if a server is on the Intranet and only then will it respond to IWA requests. If a server is detected as Internet then IWA requests from it will be ignored by Google Chrome.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AuthServerAllowlist",

"pfm_name": "AuthServerAllowlist",

"pfm_title": "Authentication server allowlist",

"pfm_type": "string",

"pfm_value_placeholder": "*example.com,foobar.com,*baz"

},

{

"pfm_app_min": "9",

"pfm_default": false,

"pfm_description": "Specifies whether the generated Kerberos SPN is based on the canonical DNS name or the original name entered.",

"pfm_description_reference": "Specifies whether the generated Kerberos SPN is based on the canonical DNS name or the original name entered.\n\nIf you enable this setting, CNAME lookup will be skipped and the server name will be used as entered.\n\nIf you disable this setting or leave it not set, the canonical name of the server will be determined via CNAME lookup.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DisableAuthNegotiateCnameLookup",

"pfm_name": "DisableAuthNegotiateCnameLookup",

"pfm_title": "Disable CNAME lookup when negotiating Kerberos authentication",

"pfm_type": "boolean"

},

{

"pfm_app_min": "9",

"pfm_default": false,

"pfm_description": "Specifies whether the generated Kerberos SPN should include a non-standard port.",

"pfm_description_reference": "Specifies whether the generated Kerberos SPN should include a non-standard port.\n\nIf you enable this setting, and a non-standard port (i.e., a port other than 80 or 443) is entered, it will be included in the generated Kerberos SPN.\n\nIf you disable this setting or leave it not set, the generated Kerberos SPN will not include a port in any case.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnableAuthNegotiatePort",

"pfm_name": "EnableAuthNegotiatePort",

"pfm_title": "Include non-standard port in Kerberos SPN",

"pfm_type": "boolean"

},

{

"pfm_app_min": "63",

"pfm_default": true,

"pfm_description": "Controls whether NTLMv2 is enabled.",

"pfm_description_reference": "Controls whether NTLMv2 is enabled.\n\nAll recent versions of Samba and Windows servers support NTLMv2. This should only be disabled for backwards compatibility and reduces the security of authentication.\n\nIf this policy is not set, the default is true and NTLMv2 is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NtlmV2Enabled",

"pfm_name": "NtlmV2Enabled",

"pfm_note": "This should only be disabled for backwards compatibility and reduces the security of authentication.",

"pfm_title": "Enable NTLMv2 authentication",

"pfm_type": "boolean"

}, null, null,

{

"pfm_app_min": "73",

"pfm_default": false,

"pfm_description": "This policy controls whether to enable Legacy Browser Support. When this policy is set to true, Chrome will attempt to launch some URLs in an alternate browser.",

"pfm_description_reference": "This policy controls whether to enable Legacy Browser Support.\n\nWhen this policy is left unset, or is set to false, Chrome will not attempt to launch designated URLs in an alternate browser.\n\nWhen this policy is set to true, Chrome will attempt to launch some URLs in an alternate browser (such as Internet Explorer). This feature is configured using the policies in the Legacy Browser support group.\n\nThis feature is a replacement for the 'Legacy Browser Support' extension. Configuration from the extension will carry over to this feature, but it is strongly advised to use the Chrome policies instead. This ensures better compatibility in the future.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherEnabled",

"pfm_name": "BrowserSwitcherEnabled",

"pfm_title": "Browser Switcher Enabled",

"pfm_type": "boolean"

},

{

"pfm_app_min": "71",

"pfm_description": "This policy controls command-line parameters to launch to the alternative browser.",

"pfm_description_reference": "This policy controls command-line parameters to launch to the alternative browser.\n\nWhen this policy is left unset, only the URL is passed as a command-line parameters.\n\nWhen this policy is set to a list of strings, each string is passed to the alternative browser as a separate command-line parameters. On Windows, the parameters are joined with spaces. On Mac OS X and Linux, a parameter may contain spaces, and still be treated as a single parameter.\n\nIf an element contains ${url}, it gets replaced with the URL of the page to open.\n\nIf no element contains ${url}, the URL is appended at the end of the command line.\n\nEnvironment variables are expanded. On Windows, %ABC% is replaced with the value of the ABC environment variable. On Mac OS X and Linux, ${ABC} is replaced with the value of the ABC environment variable.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AlternativeBrowserParameters",

"pfm_name": "AlternativeBrowserParameters",

"pfm_note": "If an element contains ${url}, it gets replaced with the URL of the page to open. On Mac OS X and Linux, ${ABC} is replaced with the value of the ABC environment variable.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": ""

}],

"pfm_title": "Alternative Browser Parameters",

"pfm_type": "array"

},

{

"pfm_app_min": "71",

"pfm_description": "This policy controls which command to use to open URLs in an alternative browser.",

"pfm_description_reference": "This policy controls which command to use to open URLs in an alternative browser.\n\nWhen this policy is left unset, a platform-specific default is used: Internet Explorer for Windows, or Safari for Mac OS X. On Linux, launching an alternative browser will fail when this is unset.\n\nWhen this policy is set to one of ${ie}, ${firefox}, ${safari} or ${opera}, that browser will launch if it is installed. ${ie} is only available on Windows, and ${safari} is only available on Windows and Mac OS X.\n\nWhen this policy is set to a file path, that file is used as an executable file.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AlternativeBrowserPath",

"pfm_name": "AlternativeBrowserPath",

"pfm_note": "When this policy is set to one of ${ie}, ${firefox}, ${safari} or ${opera}, that browser will launch if it is installed. When this policy is set to a file path, that file is used as an executable file.",

"pfm_range_list": ["${safari}", "${firefox}", "${opera}", "${ie}"],

"pfm_range_list_allow_custom_value": true,

"pfm_title": "Alternative Browser Path",

"pfm_type": "string"

},

{

"pfm_app_min": "74",

"pfm_description": "This policy controls how long to wait before launching an alternative browser, in milliseconds. When this policy is set to a number, Chrome shows a message for that many milliseconds, and then opens the alternative browser.",

"pfm_description_reference": "This policy controls how long to wait before launching an alternative browser, in milliseconds.\n\nWhen this policy is left unset, or set to 0, navigating to a designated URL immediately opens it in an alternative browser.\n\nWhen this policy is set to a number, Chrome shows a message for that many milliseconds, and then opens the alternative browser.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherDelay",

"pfm_name": "BrowserSwitcherDelay",

"pfm_title": "Browser Switcher Delay",

"pfm_type": "integer",

"pfm_value_unit": "milliseconds"

},

{

"pfm_app_min": "74",

"pfm_default": true,

"pfm_description": "This policy controls whether to close Chrome completely when the last tab would switch to another browser.",

"pfm_description_reference": "This policy controls whether to close Chrome completely when the last tab would switch to another browser.\n\nWhen this policy is left unset, or is set to true, Chrome will keep at least one tab open, after switching to an alternate browser.\n\nWhen this policy is set to false, Chrome will close the tab after switching to an alternate browser, even if it was the last tab. This will cause Chrome to exit completely.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherKeepLastChromeTab",

"pfm_name": "BrowserSwitcherKeepLastChromeTab",

"pfm_note": "When this policy is left unset, or is set to true, Chrome will keep at least one tab open, after switching to an alternate browser. When this policy is set to false, Chrome will close the tab after switching to an alternate browser, even if it was the last tab. This will cause Chrome to exit completely.",

"pfm_title": "Keep Chrome open when the last tab switches to another browser",

"pfm_type": "boolean"

},

{

"pfm_app_min": "71",

"pfm_description": "This policy controls the list of websites to open in an alternative browser.",

"pfm_description_reference": "This policy controls the list of websites to open in an alternative browser.\n\nNote that elements can also be added to this list through the BrowserSwitcherUseIeSitelist and BrowserSwitcherExternalSitelistUrl policies.\n\nWhen this policy is left unset, no websites are added to the list.\n\nWhen this policy is set, each item is treated as a rule for something to open in an alternative browser. Google Chrome uses those rules when choosing if a URL should open in an alternative browser.\n\nWhen the Internet Explorer add-in is present and enabled, Internet Explorer switches back to Google Chrome when the rules do not match.\n\nIf rules contradict eachother, Google Chrome uses the most specific rule.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherUrlGreylist",

"pfm_name": "BrowserSwitcherUrlList",

"pfm_note": "When the Internet Explorer add-in is present and enabled, Internet Explorer switches back to Google Chrome when the rules do not match.",

"pfm_subkeys": [

{

"pfm_format": "^https?://.*$",

"pfm_type": "string",

"pfm_value_placeholder": "http://google.com"

}],

"pfm_title": "Browser Switcher URL List",

"pfm_type": "array"

},

{

"pfm_app_min": "71",

"pfm_description": "This policy controls the list of websites that will never cause a browser switch.",

"pfm_description_reference": "This policy controls the list of websites that will never cause a browser switch.\n\nNote that elements can also be added to this list through the BrowserSwitcherExternalGreylistUrl policy.\n\nWhen this policy is left unset, no websites are added to the list.\n\nWhen this policy is set, each item is treated as a rule, similar to the BrowserSwitcherUrlList policy. However, the logic is reversed: rules that match will not open an alternative browser.\n\nUnlike BrowserSwitcherUrlList, rules apply to both directions. That is, when the Internet Explorer add-in is present and enabled, it also controls whether Internet Explorer should open these URLs in Google Chrome.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherUrlGreylist",

"pfm_name": "BrowserSwitcherUrlGreylist",

"pfm_note": "Unlike BrowserSwitcherUrlList, rules apply to both directions. That is, when the Internet Explorer add-in is present and enabled, it also controls whether Internet Explorer should open these URLs in Google Chrome.",

"pfm_subkeys": [

{

"pfm_format": "^https?://.*$",

"pfm_type": "string",

"pfm_value_placeholder": "http://google.com"

}],

"pfm_title": "Browser Switcher URL Greylist",

"pfm_type": "array"

},

{

"pfm_app_min": "77",

"pfm_description": "This policy is a URL, that points to an XML file in the same format as Internet Explorer's SiteList policy. This loads rules from an XML file, without sharing those rules with Internet Explorer.",

"pfm_description_reference": "This policy is a URL, that points to an XML file in the same format as Internet Explorer's SiteList policy. This loads rules from an XML file, without sharing those rules with Internet Explorer.\n\nThe rules in this XML file apply in the same way as BrowserSwitcherUrlGreylist. That is, these rules prevent Google Chrome from opening the alternative browser, and also prevent the alternative browser from opening Google Chrome.\n\nWhen this policy is left unset, or not set to a valid URL, Google Chrome does not use it as a source of rules that don't trigger a browser switch.\n\nWhen this policy is set to a valid URL, Google Chrome downloads the site list from that URL, and applies the rules as if they had been configured with the BrowserSwitcherUrlGreylist policy.\n\nFor more information on Internet Explorer's SiteList policy: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherExternalGreylistUrl",

"pfm_format": "^https?://.*.xml$",

"pfm_name": "BrowserSwitcherExternalGreylistUrl",

"pfm_note": "When this policy is set to a valid URL, Google Chrome downloads the grey list from that URL, and applies the rules as if they had been configured with the BrowserSwitcherUrlGreylist policy.\n\nFor more information on Internet Explorer's SiteList policy: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode",

"pfm_title": "Browser Switcher External Greylist URL",

"pfm_type": "string",

"pfm_value_placeholder": "http://example.com/greylist.xml"

},

{

"pfm_app_min": "72",

"pfm_description": "This policy is a URL, that points to an XML file in the same format as Internet Explorer's SiteList policy. This loads rules from an XML file, without sharing those rules with Internet Explorer.",

"pfm_description_reference": "This policy is a URL, that points to an XML file in the same format as Internet Explorer's SiteList policy. This loads rules from an XML file, without sharing those rules with Internet Explorer.\n\nWhen this policy is left unset, or not set to a valid URL, Google Chrome does not use it as a source of rules for switching browsers.\n\nWhen this policy is set to a valid URL, Google Chrome downloads the site list from that URL, and applies the rules as if they had been configured with the BrowserSwitcherUrlList policy.\n\nFor more information on Internet Explorer's SiteList policy: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherExternalSitelistUrl",

"pfm_format": "^https?://.*.xml$",

"pfm_name": "BrowserSwitcherExternalSitelistUrl",

"pfm_note": "When this policy is set to a valid URL, Google Chrome downloads the site list from that URL, and applies the rules as if they had been configured with the BrowserSwitcherUrlGreylist policy.\n\nFor more information on Internet Explorer's SiteList policy: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode",

"pfm_title": "Browser Switcher External Sitelist URL",

"pfm_type": "string",

"pfm_value_placeholder": "http://example.com/sitelist.xml"

}, null, null,

{

"pfm_app_min": "65",

"pfm_default": true,

"pfm_description": "Allows you to set whether sites with abusive experiences should be prevented from opening new windows or tabs.",

"pfm_description_reference": "Allows you to set whether sites with abusive experiences should be prevented from opening new windows or tabs.\n\nIf this policy is set to True, sites with abusive experiences will be prevented from opening new windows or tabs.\nHowever this behavior will not trigger if SafeBrowsingEnabled policy is set to False.\nIf this policy is set to False, sites with abusive experiences will be allowed to open new windows or tabs.\nIf this policy is left not set, True will be used.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AbusiveExperienceInterventionEnforce",

"pfm_name": "AbusiveExperienceInterventionEnforce",

"pfm_title": "Abusive Experience Intervention Enforce",

"pfm_type": "boolean"

},

{

"pfm_app_min": "84",

"pfm_description": "Enable Get Image Descriptions from Google. Enables visually-impaired screen reader users to get descriptions of unlabeled images on the web.",

"pfm_description_reference": "The Get Image Descriptions from Google accessibility feature enables visually-impaired screen reader users to get descriptions of unlabeled images on the web. Users who choose to enable it will have the option of using an anonymous Google service to provide automatic descriptions for unlabeled images they encounter on the web.\n\nIf this feature is enabled, the content of images will be sent to Google servers in order to generate a description. No cookies or other user data is sent, and Google does not save or log any image content.\n\nIf this policy is set to true, the Get Image Descriptions from Google feature will be enabled, though it will only affect users who are using a screen reader or other similar assistive technology.\n\nIf this policy is set to false, users will not have the option of enabling the feature.\n\nIf you set this policy, users cannot change or override it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AccessibilityImageLabelsEnabled",

"pfm_name": "AccessibilityImageLabelsEnabled",

"pfm_title": "Allow accessibility descriptions for Google images",

"pfm_type": "boolean"

},

{

"pfm_app_min": "65",

"pfm_description": "Allows you to set whether ads should be blocked on sites with intrusive ads.",

"pfm_description_reference": "1 - Allow ads on all sites\n2 - Do not allow ads on sites with intrusive ads\nAllows you to set whether ads should be blocked on sites with intrusive ads.\n\nIf this policy is set to 2, ads will be blocked on sites with intrusive ads.\nHowever this behavior will not trigger if SafeBrowsingEnabled policy is set to False.\nIf this policy is set to 1, ads will not be blocked on sites with intrusive ads.\nIf this policy is left not set, 2 will be used.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AdsSettingForIntrusiveAdsSites",

"pfm_name": "AdsSettingForIntrusiveAdsSites",

"pfm_range_list": [1, 2],

"pfm_range_list_titles": ["Allow ads on all sites", "Do not allow ads on sites with intrusive ads"],

"pfm_title": "Ads setting for sites with intrusive ads",

"pfm_type": "integer"

},

{

"pfm_app_min": "83",

"pfm_default": true,

"pfm_description": "Enable additional protections for users enrolled in the Advanced Protection program.",

"pfm_description_reference": "This policy controls whether users enrolled in the Advanced Protection program receive extra protections. Some of these features may involve the sharing of data with Google (for example, Advanced Protection users will be able to send their downloads to Google for malware scanning). If set to True or not set, enrolled users will receive extra protections. If set to False, Advanced Protection users will receive only the standard consumer features.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AdvancedProtectionAllowed",

"pfm_name": "AdvancedProtectionAllowed",

"pfm_title": "Enable Advanced Protection",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "82",

"pfm_app_min": "81",

"pfm_default": true,

"pfm_description": "This policy controls whether users enrolled in the Advanced Protection program are allowed to send their downloads to Google for malware scanning. If set to True or not set, enrolled users will be be prompted to send their files to Google for deep scanning. If the user selects 'Scan', their download will be sent to Google. If set to False, users will not be prompted and their downloads will not be sent to Google.",

"pfm_description_reference": "This policy is deprecated, and has been replaced with AdvancedProtectionAllowed.\n\nThis policy controls whether users enrolled in the Advanced Protection program are allowed to send their downloads to Google for malware scanning. If set to True or not set, enrolled users will be be prompted to send their files to Google for deep scanning. If the user selects 'Scan', their download will be sent to Google. If set to False, users will not be prompted and their downloads will not be sent to Google.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AdvancedProtectionDeepScanningEnabled",

"pfm_name": "AdvancedProtectionDeepScanningEnabled",

"pfm_note": "This policy is deprecated, and has been replaced with AdvancedProtectionAllowed.",

"pfm_title": "Advanced Protection Deep Scanning",

"pfm_type": "boolean"

},

{

"pfm_app_min": "57",

"pfm_default": true,

"pfm_description": "Enables deleting browser history and download history in Google Chrome and prevents users from changing this setting.",

"pfm_description_reference": "Enables deleting browser history and download history in Google Chrome and prevents users from changing this setting.\n\nNote that even with this policy disabled, the browsing and download history are not guaranteed to be retained: users may be able to edit or delete the history database files directly, and the browser itself may expire or archive any or all history items at any time.\n\nIf this setting is enabled or not set, browsing and download history can be deleted.\n\nIf this setting is disabled, browsing and download history cannot be deleted.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowDeletingBrowserHistory",

"pfm_name": "AllowDeletingBrowserHistory",

"pfm_title": "Enable deleting browser and download history",

"pfm_type": "boolean"

},

{

"pfm_app_min": "48",

"pfm_description": "Allow users to play dinosaur easter egg game when device is offline.",

"pfm_description_reference": "Allow users to play dinosaur easter egg game when device is offline.\n\nIf this policy is set to False, users will not be able to play the dinosaur easter egg game when device is offline. If this setting is set to True, users are allowed to play the dinosaur game. If this policy is not set, users are not allowed to play the dinosaur easter egg game on enrolled Chrome OS, but are allowed to play it under other circumstances.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowDinosaurEasterEgg",

"pfm_name": "AllowDinosaurEasterEgg",

"pfm_title": "Allow Dinosaur Easter Egg Game",

"pfm_type": "boolean"

},

{

"pfm_app_min": "12",

"pfm_default": true,

"pfm_description": "Allows access to local files on the machine by allowing Google Chrome to display file selection dialogs.",

"pfm_description_reference": "Allows access to local files on the machine by allowing Google Chrome to display file selection dialogs.\n\nIf you enable this setting, users can open file selection dialogs as normal.\n\nIf you disable this setting, whenever the user performs an action which would provoke a file selection dialog (like importing bookmarks, uploading files, saving links, etc.) a message is displayed instead and the user is assumed to have clicked Cancel on the file selection dialog.\n\nIf this setting is not set, users can open file selection dialogs as normal.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowFileSelectionDialogs",

"pfm_name": "AllowFileSelectionDialogs",

"pfm_title": "Allow invocation of file selection dialogs",

"pfm_type": "boolean"

},

{

"pfm_app_min": "12",

"pfm_description": "If you enable this setting, outdated plugins are used as normal plugins.",

"pfm_description_reference": "If you enable this setting, outdated plugins are used as normal plugins.\n\nIf you disable this setting, outdated plugins will not be used and users will not be asked for permission to run them.\n\nIf this setting is not set, users will be asked for permission to run outdated plugins.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowOutdatedPlugins",

"pfm_name": "AllowOutdatedPlugins",

"pfm_title": "Allow running plugins that are outdated",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "88",

"pfm_app_min": "74",

"pfm_default": false,

"pfm_description": "This policy allows an admin to specify that a page may show popups during its unloading.",

"pfm_description_reference": "This policy allows an admin to specify that a page may show popups during its unloading.\n\nWhen the policy is set to enabled, pages are allowed to show popups while they are being unloaded.\n\nWhen the policy is set to disabled or not set, pages are not allowed to show popups while they are being unloaded, as per the spec (https://html.spec.whatwg.org/#apis-for-creating-and-navigating-browsing-contexts-by-name).\n\nThis policy will be removed in Chrome 88.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowPopupsDuringPageUnload",

"pfm_name": "AllowPopupsDuringPageUnload",

"pfm_title": "Allow a page to show popups during its unloading",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "88",

"pfm_app_min": "78",

"pfm_default": false,

"pfm_description": "This policy allows an admin to specify that a page may send synchronous XHR requests during page dismissal.",

"pfm_description_reference": "This policy allows an admin to specify that a page may send synchronous XHR requests during page dismissal.\n\nWhen the policy is set to enabled, pages are allowed to send synchronous XHR requests during page dismissal.\n\nWhen the policy is set to disabled or not set, pages are not allowed to send synchronous XHR requests during page dismissal.\n\nThis policy will be removed in Chrome 88.\n\nSee https://www.chromestatus.com/feature/4664843055398912 .",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowSyncXHRInPageDismissal",

"pfm_name": "AllowSyncXHRInPageDismissal",

"pfm_title": "Allows a page to perform synchronous XHR requests during page dismissal.",

"pfm_type": "boolean"

},

{

"pfm_app_min": "51",

"pfm_description": "Enables Google Chrome's restricted log in feature in G Suite and prevents users from changing this setting.",

"pfm_description_reference": "Enables Google Chrome's restricted log in feature in G Suite and prevents users from changing this setting.\n\nIf you define this setting, the user will only be able to access Google\nApps using accounts from the specified domains (note that this does not\nwork for gmail.com/googlemail.com).\n\nThis setting will NOT prevent the user from loging in on a managed device\nthat requires Google authentication. The user will still be allowed to\nsign in to accounts from other domains, but they will receive an error\nwhen trying to use G Suite with those accounts.\n\nIf you leave this setting empty/not-configured, the user will be able to\naccess G Suite with any account.\n\nThis policy causes the X-GoogApps-Allowed-Domains header to be appended to\nall HTTP and HTTPS requests to all google.com domains, as described in\nhttps://support.google.com/a/answer/1668854.\n\nUsers cannot change or override this setting.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowedDomainsForApps",

"pfm_name": "AllowedDomainsForApps",

"pfm_title": "Define domains allowed to access G Suite",

"pfm_type": "string",

"pfm_value_placeholder": "managedchrome.com,example.com"

},

{

"pfm_app_min": "8",

"pfm_description": "Enables the use of alternate error pages that are built into Google Chrome (such as 'page not found') and prevents users from changing this setting.",

"pfm_description_reference": "Enables the use of alternate error pages that are built into Google Chrome (such as 'page not found') and prevents users from changing this setting.\n\nIf you enable this setting, alternate error pages are used.\n\nIf you disable this setting, alternate error pages are never used.\n\nIf you enable or disable this setting, users cannot change or override this setting in Google Chrome.\n\nIf this policy is left not set, this will be enabled but the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AlternateErrorPagesEnabled",

"pfm_name": "AlternateErrorPagesEnabled",

"pfm_title": "Enable alternate error pages",

"pfm_type": "boolean"

},

{

"pfm_app_min": "55",

"pfm_default": false,

"pfm_description": "Disables the internal PDF viewer in Google Chrome. Instead it treats it as download and allows the user to open PDF files with the default application.",

"pfm_description_reference": "Disables the internal PDF viewer in Google Chrome. Instead it treats it as download and allows the user to open PDF files with the default application.\n\nIf this policy is left not set or disabled the PDF plugin will be used to open PDF files unless the user disables it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AlwaysOpenPdfExternally",

"pfm_name": "AlwaysOpenPdfExternally",

"pfm_title": "Always Open PDF files externally",

"pfm_type": "boolean"

},

{

"pfm_app_min": "80",

"pfm_description": "Configuring this policy will allow/disallow ambient authenticaiton for Incognito and Guest profiles in Google Chrome.",

"pfm_description_reference": "Configuring this policy will allow/disallow ambient authenticaiton for Incognito and Guest profiles in Google Chrome.\n\nAmbient Authentication is http authentication with default credentials if explicit credentials are not provided via NTLM/Kerberos/Negotiate challenge/response schemes.\n\nSetting the RegularOnly (value 0), allows ambient authentication for Regular sessions only. Incognito and Guest sessions wouldn't be allowed to ambiently authenticate.\n\nSetting the IncognitoAndRegular (value 1), allows ambient authentication for Incognito and Regular sessions. Guest sessions wouldn't be allowed to ambiently authenticate.\n\nSetting the GuestAndRegular (value 2), allows ambient authentication for Guest and Regular sessions. Incognito sessions wouldn't be allowed to ambiently authenticate.\n\nSetting the All (value 3), allows ambient authentication for all sessions.\n\nNote that, ambient authentication is always allowed on regular profiles.\n\nIf the policy is left not set, then the Incognito and Guest sessions will not be able to ambiently authenticate in the future releases of Google Chrome, as they will be disallowed.\n\n0 = Enable ambient authentication in regular sessions only.\n1 = Enable ambient authentication in incognito and regular sessions.\n2 = Enable ambient authentication in guest and regular sessions.\n3 = Enable ambient authentication in regular, incognito and guest sessions.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AmbientAuthenticationInPrivateModesEnabled",

"pfm_name": "AmbientAuthenticationInPrivateModesEnabled",

"pfm_range_list": [0, 1, 2, 3],

"pfm_range_list_titles": ["Enable in regular sessions only", "Enable in incognito and regular sessions", "Enable in guest and regular sessions", "Enable in regular, incognito and guest sessions"],

"pfm_title": "Ambient Authentication",

"pfm_type": "integer"

},

{

"pfm_app_min": "84",

"pfm_description": "Allows the AppCache feature to be re-enabled even if it is off by default.",

"pfm_description_reference": "If set to true, this will force AppCache to be enabled, even when AppCache in Chrome is not available by default.\n\nIf unset or set to false, AppCache will follow Chrome's defaults.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AppCacheForceEnabled",

"pfm_name": "AppCacheForceEnabled",

"pfm_title": "Force Enable App Cache",

"pfm_type": "boolean"

},

{

"pfm_app_min": "25",

"pfm_default": true,

"pfm_description": "If enabled or not configured (default), the user will be prompted for audio capture access except for URLs configured in the AudioCaptureAllowedUrls list which will be granted access without prompting.",

"pfm_description_reference": "If enabled or not configured (default), the user will be prompted for audio capture access except for URLs configured in the AudioCaptureAllowedUrls list which will be granted access without prompting.\n\nWhen this policy is disabled, the user will never be prompted and audio capture only be available to URLs configured in AudioCaptureAllowedUrls.\n\nThis policy affects all types of audio inputs and not only the built-in microphone.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AudioCaptureAllowed",

"pfm_name": "AudioCaptureAllowed",

"pfm_title": "Allow or deny audio capture",

"pfm_type": "boolean"

},

{

"pfm_app_min": "79",

"pfm_description": "Allow the audio sandbox to run. If this policy is enabled, the audio process will run sandboxed. If this policy is disabled, the audio process will run unsandboxed and the WebRTC audio-processing module will run in the renderer process. This leaves users open to security risks related to running the audio subsystem unsandboxed.",

"pfm_description_reference": "This policy controls the audio process sandbox. If this policy is enabled, the audio process will run sandboxed. If this policy is disabled, the audio process will run unsandboxed and the WebRTC audio-processing module will run in the renderer process. This leaves users open to security risks related to running the audio subsystem unsandboxed. If this policy is not set, the default configuration for the audio sandbox will be used, which may differ per platform. This policy is intended to give enterprises flexibility to disable the audio sandbox if they use security software setups that interfere with the sandbox.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AudioSandboxEnabled",

"pfm_name": "AudioSandboxEnabled",

"pfm_note": "This policy is intended to give enterprises flexibility to disable the audio sandbox if they use security software setups that interfere with the sandbox.",

"pfm_title": "Enable the audio sandbox",

"pfm_type": "boolean"

},

{

"pfm_app_min": "29",

"pfm_description": "Patterns in this list will be matched against the security\norigin of the requesting URL. If a match is found, access to audio\ncapture devices will be granted without prompt.",

"pfm_description_reference": "Patterns in this list will be matched against the security\norigin of the requesting URL. If a match is found, access to audio\ncapture devices will be granted without prompt.\n\nNOTE: Until version 45, this policy was only supported in Kiosk mode.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AudioCaptureAllowedUrls",

"pfm_name": "AudioCaptureAllowedUrls",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "https://[*.]example.edu/"

}],

"pfm_title": "URLs that will be granted access to audio capture devices without prompt",

"pfm_type": "array"

},

{

"pfm_default": true,

"pfm_app_deprecated": "70",

"pfm_app_min": "8",

"pfm_description": "Enable AutoFill. This policy is deprecated in M70, please use AutofillAddressEnabled and AutofillCreditCardEnabled instead.",

"pfm_description_reference": "This policy is deprecated in M70, please use AutofillAddressEnabled and AutofillCreditCardEnabled instead.\n\nEnables Google Chrome's AutoFill feature and allows users to auto complete web forms using previously stored information such as address or credit card information.\n\nIf you disable this setting, AutoFill will be inaccessible to users.\n\nIf you enable this setting or do not set a value, AutoFill will remain under the control of the user. This will allow them to configure AutoFill profiles and to switch AutoFill on or off at their own discretion.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoFillEnabled",

"pfm_name": "AutoFillEnabled",

"pfm_title": "Enable AutoFill",

"pfm_type": "boolean"

},

{

"pfm_app_min": "85",

"pfm_description": "Define a list of protocols that can launch an external application from listed origins without prompting the user. If this policy is set, a protocol will only be permitted to launch an external application without prompting by policy if the protocol is listed, and the origin of the site trying to launch the protocol matches one of the origin patterns in that protocol's allowed_origins list.",

"pfm_description_reference": "Allows you to set a list of protocols, and for each protocol an associated list of allowed origin patterns, that can launch an external application without prompting the user. The trailing separator should not be included when listing the protocol, so list \"skype\" instead of \"skype:\" or \"skype://\".\n\nIf this policy is set, a protocol will only be permitted to launch an external application without prompting by policy if the protocol is listed, and the origin of the site trying to launch the protocol matches one of the origin patterns in that protocol's allowed_origins list. If either condition is false the external protocol launch prompt will not be omitted by policy.\n\nIf this policy is not set, no protocols can launch without a prompt by default. Users may opt out of prompts on a per-protocol/per-site basis unless the ExternalProtocolDialogShowAlwaysOpenCheckbox policy is set to Disabled. This policy has no impact on per-protocol/per-site prompt exemptions set by users.\n\nThe origin matching patterns use a similar format to those for the 'URLBlacklist' policy, which are documented at http://www.chromium.org/administrators/url-blacklist-filter-format.\n\nHowever, origin matching patterns for this policy cannot contain \"/path\" or \"@query\" elements. Any pattern that does contain a \"/path\" or \"@query\" element will be ignored.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins",

"pfm_name": "AutoLaunchProtocolsFromOrigins",

"pfm_note": "The origin matching patterns use a similar format to those for the 'URLBlacklist' policy, which are documented at http://www.chromium.org/administrators/url-blacklist-filter-format.",

"pfm_subkeys": [

{

"pfm_hidden": "container",

"pfm_subkeys": [

{

"pfm_app_min": "85",

"pfm_description": "A list of allowed origin patterns for the specified protocol.",

"pfm_name": "allowed_origins",

"pfm_note": "The origin matching patterns use a similar format to those for the 'URLBlocklist' policy, which are documented at http://www.chromium.org/administrators/url-blacklist-filter-format.",

"pfm_title": "Allowed Origins",

"pfm_type": "array"

},

{

"pfm_app_min": "85",

"pfm_format": "^((?!\\:).)*$",

"pfm_name": "protocol",

"pfm_note": "The trailing separator should not be included when listing the protocol.",

"pfm_title": "Protocol",

"pfm_type": "string",

"pfm_value_placeholder": "spotify"

}],

"pfm_type": "dictionary"

}],

"pfm_title": "Allow protocols to auto launch external applications",

"pfm_type": "array"

},

{

"pfm_app_min": "84",

"pfm_description": "URLs where AutoOpenFileTypes can apply. List of URLs specifying which urls AutoOpenFileTypes will apply to. This policy has no impact on automatically open values set by users.",

"pfm_description_reference": "List of URLs specifying which urls AutoOpenFileTypes will apply to. This policy has no impact on automatically open values set by users.\n\nIf this policy is set, files will only automatically open by policy if the url is part of this set and the file type is listed in AutoOpenFileTypes. If either condition is false the download won't automatically open by policy.\n\nIf this policy isn't set, all downloads where the file type is in AutoOpenFileTypes will automatically open.\n\nA URL pattern has to be formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoOpenAllowedForURLs",

"pfm_name": "AutoOpenAllowedForURLs",

"pfm_note": "If this policy isn't set, all downloads where the file type is in AutoOpenFileTypes will automatically open. A URL pattern has to be formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.",

"pfm_subkeys": [

{

"pfm_title": "URL",

"pfm_type": "string",

"pfm_value_placeholder": "example.com"

}],

"pfm_title": "Allowed URLs for auto open filetypes",

"pfm_type": "array"

},

{

"pfm_app_min": "84",

"pfm_description": "List of file types that should be automatically opened on download.",

"pfm_description_reference": "List of file types that should be automatically opened on download. The leading separator should not be included when listing the file type, so list \"txt\" instead of \".txt\".\n\nFiles with types that should be automatically opened will still be subject to the enabled safe browsing checks and won't be opened if they fail those checks.\n\nIf this policy isn't set, only file types that a user has already specified to automatically be opened will do so when downloaded.\n\nThis policy is available only on Windows instances that are joined to a Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise instances that enrolled for device management and macOS instances that are that are managed via MDM or joined to a domain via MCX.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoOpenFileTypes",

"pfm_name": "AutoOpenFileTypes",

"pfm_note": "The leading separator should not be included when listing the file type, so list \"txt\" instead of \".txt\"",

"pfm_subkeys": [

{

"pfm_format": "^((?!\\.).)*$",

"pfm_title": "File Extension",

"pfm_type": "string",

"pfm_value_placeholder": "pdf"

}],

"pfm_title": "Allow file extensions to auto open",

"pfm_type": "array"

},

{

"pfm_app_min": "69",

"pfm_default": true,

"pfm_description": "Enables Google Chrome's AutoFill feature and allows users to auto complete address information in web forms using previously stored information.",

"pfm_description_reference": "Enables Google Chrome's AutoFill feature and allows users to auto complete address information in web forms using previously stored information.\n\nIf this setting is disabled, Autofill will never suggest, or fill address information, nor will it save additional address information that the user might submit while browsing the web.\n\nIf this setting is enabled or has no value, the user will be able to control Autofill for addresses in the UI.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutofillAddressEnabled",

"pfm_name": "AutofillAddressEnabled",

"pfm_title": "Enable AutoFill for addresses",

"pfm_type": "boolean"

},

{

"pfm_app_min": "63",

"pfm_default": true,

"pfm_description": "Enables Google Chrome's AutoFill feature and allows users to auto complete credit card information in web forms using previously stored information.",

"pfm_description_reference": "Enables Google Chrome's AutoFill feature and allows users to auto complete credit card information in web forms using previously stored information.\n\nIf this setting is disabled, Autofill will never suggest, or fill credit card information, nor will it save additional credit card information that the user might submit while browsing the web.\n\nIf this setting is enabled or has no value, the user will be able to control Autofill for credit cards in the UI.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutofillCreditCardEnabled",

"pfm_name": "AutofillCreditCardEnabled",

"pfm_title": "Enable AutoFill for credit cards",

"pfm_type": "boolean"

},

{

"pfm_app_min": "12",

"pfm_description": "If you enable this setting, Google Chrome will show a bookmark bar.",

"pfm_description_reference": "If you enable this setting, Google Chrome will show a bookmark bar.\n\nIf you disable this setting, users will never see the bookmark bar.\n\nIf you enable or disable this setting, users cannot change or override it in Google Chrome.\n\nIf this setting is left not set the user can decide to use this function or not.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BookmarkBarEnabled",

"pfm_name": "BookmarkBarEnabled",

"pfm_title": "Enable Bookmark Bar",

"pfm_type": "boolean"

},

{

"pfm_app_min": "39",

"pfm_default": true,

"pfm_description": "If this policy is set to true or not configured, Google Chrome will allow Add Person from the user manager.",

"pfm_description_reference": "If this policy is set to true or not configured, Google Chrome will allow Add Person from the user manager.\n\nIf this policy is set to false, Google Chrome will not allow creation of new profiles from the user manager.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserAddPersonEnabled",

"pfm_name": "BrowserAddPersonEnabled",

"pfm_title": "Enable add person in user manager",

"pfm_type": "boolean"

},

{

"pfm_app_min": "38",

"pfm_default": true,

"pfm_description": "If this policy is set to true or not configured, Google Chrome will enable guest logins. Guest logins are Google Chrome profiles where all windows are in incognito mode.",

"pfm_description_reference": "If this policy is set to true or not configured, Google Chrome will enable guest logins. Guest logins are Google Chrome profiles where all windows are in incognito mode.\n\nIf this policy is set to false, Google Chrome will not allow guest profiles to be started.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserGuestModeEnabled",

"pfm_name": "BrowserGuestModeEnabled",

"pfm_title": "Enable guest mode in browser",

"pfm_type": "boolean"

},

{

"pfm_app_min": "77",

"pfm_default": false,

"pfm_description": "If this policy is set to enabled, Google Chrome will enforce guest sessions and prevents profile logins. Guest logins are Google Chrome profiles where all windows are in incognito mode.",

"pfm_description_reference": "If this policy is set to enabled, Google Chrome will enforce guest sessions and prevents profile logins. Guest logins are Google Chrome profiles where all windows are in incognito mode.\n\nIf this policy is set to disabled or not set or browser guest mode is disabled by BrowserGuestModeEnabled policy, Google Chrome will allow using new and existing profiles.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserGuestModeEnforced",

"pfm_name": "BrowserGuestModeEnforced",

"pfm_title": "Force guest mode in browser",

"pfm_type": "boolean"

},

{

"pfm_app_min": "60",

"pfm_default": true,

"pfm_description": "Setting this policy to false stops Google Chrome from occasionally sending queries to a Google server to retrieve an accurate timestamp. These queries will be enabled if this policy is set to True or is not set.",

"pfm_description_reference": "Setting this policy to false stops Google Chrome from occasionally sending queries to a Google server to retrieve an accurate timestamp. These queries will be enabled if this policy is set to True or is not set.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserNetworkTimeQueriesEnabled",

"pfm_name": "BrowserNetworkTimeQueriesEnabled",

"pfm_title": "Allow queries to a Google time service",

"pfm_type": "boolean"

},

{

"pfm_app_min": "70",

"pfm_description": "This policy controls the sign-in behavior of the browser. It allows you to specify if the user can sign in to Google Chrome with their account and use account related services like Chrome sync.",

"pfm_description_reference": "This policy controls the sign-in behavior of the browser. It allows you to specify if the user can sign in to Google Chrome with their account and use account related services like Chrome sync.\n\nIf the policy is set to \"Disable browser sign-in\" then the user can not sign in to the browser and use account based services. In this case browser level features like Chrome sync can not be used and will be unavailable. If the user was signed in and the policy is set \"Disabled\" they will be signed out the next time they run Chrome but their local profile data like bookmarks, passwords etc. will stay preserved. The user will still be able to sign into and use Google web services like Gmail.\n\nIf the policy is set to \"Enable browser sign-in,\" then the user is allowed to sign in to the browser and is automatically signed in to the browser when signed in to Google web services like Gmail. Being signed in to the browser means the user's account information will be kept by the browser. However, it does not mean that Chrome sync will be turned on per default; the user must separately opt-in to use this feature. Enabling this policy will prevent the user from turning off the setting that allows browser sign-in. To control the availability of Chrome sync, use the \"SyncDisabled\" policy.\n\nIf the policy is set to \"Force browser sign-in\" the user is presented with an account selection dialog and has to choose and sign in to an account to use the browser. This ensures that for managed accounts the policies associated with the account are applied and enforced. By default this turns on Chrome sync for the account, except for the case when sync was disabled by the domain admin or via the \"SyncDisabled\" policy. The default value of BrowserGuestModeEnabled will be set to false. Note that existing unsigned profiles will be locked and inaccessible after enabling this policy. For more information, see help center article: https://support.google.com/chrome/a/answer/7572556.\n\nIf this policy is not set then the user can decide if they want to enable the browser sign in option and use it as they see fit.\n\n0 = Disable browser sign-in\n1 = Enable browser sign-in\n2 = Force users to sign-in to use the browser",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSignin",

"pfm_name": "BrowserSignin",

"pfm_range_list": [0, 1, 2],

"pfm_range_list_titles": ["Disable browser sign-in", "Enable browser sign-in", "Force users to sign-in to use the browser"],

"pfm_title": "Browser Signin",

"pfm_type": "integer"

},

{

"pfm_app_min": "25",

"pfm_description": "Controls whether the built-in DNS client is used in Google Chrome.",

"pfm_description_reference": "Controls whether the built-in DNS client is used in Google Chrome.\n\nIf this policy is set to true, the built-in DNS client will be used, if available.\n\nIf this policy is set to false, the built-in DNS client will never be used.\n\nIf this policy is left not set, the users will be able to change whether the built-in DNS client is used by editing chrome://flags or specifying a command-line flag.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BuiltInDnsClientEnabled",

"pfm_name": "BuiltInDnsClientEnabled",

"pfm_title": "Use built-in DNS client",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "87",

"pfm_app_min": "83",

"pfm_description": "Determines whether the built-in certificate verifier will be used to verify server certificates. When this setting is enabled, Google Chrome will perform verification of server certificates using the built-in certificate verifier. When this setting is disabled, Google Chrome will perform verification of server certificates using the legacy certificate verifier provided by the platform. When this setting is not set, the built-in or the legacy certificate verifier may be used.",

"pfm_description_reference": "When this setting is enabled, Google Chrome will perform verification of server certificates using the built-in certificate verifier. When this setting is disabled, Google Chrome will perform verification of server certificates using the legacy certificate verifier provided by the platform. When this setting is not set, the built-in or the legacy certificate verifier may be used.\n\nThis policy is planned to be removed in Google Chrome OS version 81, when support for the legacy certificate verifier on Google Chrome OS is planned to be removed.\n\nThis policy is planned to be removed in Google Chrome for Linux version 83, when support for the legacy certificate verifier on Linux is planned to be removed.\n\nThis policy is planned to be removed in Google Chrome for Mac OS X version 87, when support for the legacy certificate verifier on Mac OS X is planned to be removed.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BuiltinCertificateVerifierEnabled",

"pfm_name": "BuiltinCertificateVerifierEnabled",

"pfm_note": "This policy is planned to be removed in Google Chrome for Mac OS X version 87, when support for the legacy certificate verifier on Mac OS X is planned to be removed.",

"pfm_title": "Use built-in certificate verifier",

"pfm_type": "boolean"

},

{

"pfm_app_min": "67",

"pfm_description": "Disables enforcing Certificate Transparency requirements for a list of subjectPublicKeyInfo hashes.",

"pfm_description_reference": "Disables enforcing Certificate Transparency requirements for a list of subjectPublicKeyInfo hashes.\n\nThis policy allows disabling Certificate Transparency disclosure requirements for certificate chains that contain certificates with one of the specified subjectPublicKeyInfo hashes. This allows certificates that would otherwise be untrusted, because they were not properly publicly disclosed, to continue to be used for Enterprise hosts.\n\nIn order for Certificate Transparency enforcement to be disabled when this policy is set, one of the following conditions must be met:\n1. The hash is of the server certificate's subjectPublicKeyInfo.\n2. The hash is of a subjectPublicKeyInfo that appears in a CA certificate in the certificate chain, that CA certificate is constrained via the X.509v3 nameConstraints extension, one or more directoryName nameConstraints are present in the permittedSubtrees, and the directoryName contains an organizationName attribute.\n3. The hash is of a subjectPublicKeyInfo that appears in a CA certificate in the certificate chain, the CA certificate has one or more organizationName attributes in the certificate Subject, and the server's certificate contains the same number of organizationName attributes, in the same order, and with byte-for-byte identical values.\n\nA subjectPublicKeyInfo hash is specified by concatenating the hash algorithm name, the \"/\" character, and the Base64 encoding of that hash algorithm applied to the DER-encoded subjectPublicKeyInfo of the specified certificate. This Base64 encoding is the same format as an SPKI Fingerprint, as defined in RFC 7469, Section 2.4. Unrecognized hash algorithms are ignored. The only supported hash algorithm at this time is \"sha256\".\n\nIf this policy is not set, any certificate that is required to be disclosed via Certificate Transparency will be treated as untrusted if it is not disclosed according to the Certificate Transparency policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CertificateTransparencyEnforcementDisabledForCas",

"pfm_name": "CertificateTransparencyEnforcementDisabledForCas",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "sha256/AAAAAAAAAAAAAAAAAAAAAA=="

}],

"pfm_title": "Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes",

"pfm_type": "array"

},

{

"pfm_app_min": "67",

"pfm_description": "Disables enforcing Certificate Transparency requirements for a list of Legacy Certificate Authorities.",

"pfm_description_reference": "Disables enforcing Certificate Transparency requirements for a list of Legacy Certificate Authorities.\n\nThis policy allows disabling Certificate Transparency disclosure requirements for certificate chains that contain certificates with one of the specified subjectPublicKeyInfo hashes. This allows certificates that would otherwise be untrusted, because they were not properly publicly disclosed, to continue to be used for Enterprise hosts.\n\nIn order for Certificate Transparency enforcement to be disabled when this policy is set, the hash must be of a subjectPublicKeyInfo appearing in a CA certificate that is recognized as a Legacy Certificate Authority (CA). A Legacy CA is a CA that has been publicly trusted by default one or more operating systems supported by Google Chrome, but is not trusted by the Android Open Source Project or Google Chrome OS.\n\nA subjectPublicKeyInfo hash is specified by concatenating the hash algorithm name, the \"/\" character, and the Base64 encoding of that hash algorithm applied to the DER-encoded subjectPublicKeyInfo of the specified certificate. This Base64 encoding is the same format as an SPKI Fingerprint, as defined in RFC 7469, Section 2.4. Unrecognized hash algorithms are ignored. The only supported hash algorithm at this time is \"sha256\".\n\nIf this policy is not set, any certificate that is required to be disclosed via Certificate Transparency will be treated as untrusted if it is not disclosed according to the Certificate Transparency policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CertificateTransparencyEnforcementDisabledForLegacyCas",

"pfm_name": "CertificateTransparencyEnforcementDisabledForLegacyCas",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "sha256/AAAAAAAAAAAAAAAAAAAAAA=="

}],

"pfm_title": "Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities",

"pfm_type": "array"

},

{

"pfm_app_min": "53",

"pfm_description": "Disables enforcing Certificate Transparency requirements to the listed URLs. A URL pattern is formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.",

"pfm_description_reference": "Disables enforcing Certificate Transparency requirements to the listed URLs.\n\nThis policy allows certificates for the hostnames in the specified URLs to not be disclosed via Certificate Transparency. This allows certificates that would otherwise be untrusted, because they were not properly publicly disclosed, to continue to be used, but makes it harder to detect misissued certificates for those hosts.\n\nA URL pattern is formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format. However, because certificates are valid for a given hostname independent of the scheme, port, or path, only the hostname portion of the URL is considered. Wildcard hosts are not supported.\n\nIf this policy is not set, any certificate that is required to be disclosed via Certificate Transparency will be treated as untrusted if it is not disclosed according to the Certificate Transparency policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CertificateTransparencyEnforcementDisabledForUrls",

"pfm_name": "CertificateTransparencyEnforcementDisabledForUrls",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "example.com"

}],

"pfm_title": "Disable Certificate Transparency enforcement for a list of URLs",

"pfm_type": "array"

},

{

"pfm_app_min": "83",

"pfm_default": 0,

"pfm_description": "Determine the availability of variations.",

"pfm_description_reference": "Configuring this policy allows to specify which variations are allowed to be applied in Google Chrome.\n\nVariations provide a means for offering modifications to Google Chrome without shipping a new version of the browser by selectively enabling or disabling already existing features. See https://support.google.com/chrome/a?p=Manage_the_Chrome_variations_framework for more information.\n\nSetting the VariationsEnabled (value 0), or leaving the policy not set allows all variations to be applied to the browser.\n\nSetting the CriticalFixesOnly (value 1), allows only variations considered critical security or stability fixes to be applied to Google Chrome.\n\nSetting the VariationsDisabled (value 2), prevent all variations from being applied to the browser. Please note that this mode can potentially prevent the Google Chrome developers from providing critical security fixes in a timely manner and is thus not recommended.\n\n0 = Enable all variations\n1 = Enable variations concerning critical fixes only\n2 = Disable all variations",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ChromeVariations",

"pfm_name": "ChromeVariations",

"pfm_note": "Variations provide a means for offering modifications to Google Chrome without shipping a new version of the browser by selectively enabling or disabling already existing features. See https://support.google.com/chrome/a?p=Manage_the_Chrome_variations_framework for more information.",

"pfm_range_list": [0, 1, 2],

"pfm_range_list_titles": ["Enable all variations", "Enable variations concerning critical fixes only", "Disable all variations"],

"pfm_title": "Google Chrome Variations",

"pfm_type": "integer"

},

{

"pfm_app_min": "79",

"pfm_default": true,

"pfm_description": "Enable the Click to Call Feature.",

"pfm_description_reference": "Enable the Click to Call feature which allows users to send phone numbers from Chrome Desktops to an Android device when the user is Signed-in. For more information, see help center article: https://support.google.com/chrome/answer/9430554?hl=en.\n\nIf this policy is set to enabled, the capability of sending phone numbers to Android devices will be enabled for the Chrome user.\n\nIf this policy is set to disabled, the capability of sending phone numbers to Android devices will be disabled for the Chrome user.\n\nIf you set this policy, users cannot change or override it.\n\nIf this policy is left unset, the Click to Call feature is enabled by default.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ClickToCallEnabled",

"pfm_name": "ClickToCallEnabled",

"pfm_note": "For more information, see help center article: https://support.google.com/chrome/answer/9430554?hl=en.",

"pfm_title": "Enable Click to Call",

"pfm_type": "boolean"

},

{

"pfm_app_min": "72",

"pfm_description": "If this policy is set, Google Chrome will try to register itself and apply associated cloud policy for all profiles.",

"pfm_description_reference": "If this policy is set, Google Chrome will try to register itself and apply associated cloud policy for all profiles.\n\nThe value of this policy is an Enrollment token that can be retrieved from the Google Admin console.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CloudManagementEnrollmentToken",

"pfm_name": "CloudManagementEnrollmentToken",

"pfm_note": "The value of this policy is an Enrollment token that can be retrieved from the Google Admin console.",

"pfm_title": "Cloud Management Enrollment Token",

"pfm_type": "string"

},

{

"pfm_app_min": "72",

"pfm_default": false,

"pfm_description": "If this policy is set to True, cloud management enrollment is mandatory and blocks Chrome launch process if failed.",

"pfm_description_reference": "If this policy is set to True, cloud management enrollment is mandatory and blocks Chrome launch process if failed.\n\nIf this policy is left unset or set to False, cloud management enrollment is optional and does not blocks Chrome launch process if failed.\n\nThis policy is used by machine scope cloud policy enrollment on desktop and can be set by Registry or GPO on Windows, plist on Mac and JSON policy file on Linux.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CloudManagementEnrollmentMandatory",

"pfm_name": "CloudManagementEnrollmentMandatory",

"pfm_title": "Make cloud managment enrollment mandatory",

"pfm_type": "boolean"

},

{

"pfm_app_min": "75",

"pfm_default": false,

"pfm_description": "If the policy is set to true, cloud policy takes precedence if it conflicts with platform policy. If the policy is set to false or not configured, platform policy takes precedence if it conflicts with cloud policy.",

"pfm_description_reference": "If the policy is set to true, cloud policy takes precedence if it conflicts with platform policy. If the policy is set to false or not configured, platform policy takes precedence if it conflicts with cloud policy.\n\nThis policy is only available as a mandatory machine platform policy and it only affects machine scope cloud policies.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CloudPolicyOverridesPlatformPolicy",

"pfm_name": "CloudPolicyOverridesPlatformPolicy",

"pfm_note": "This policy is only available as a mandatory machine platform policy and it only affects machine scope cloud policies.",

"pfm_title": "Cloud Policy Overrides Platform Policy",

"pfm_type": "boolean"

},

{

"pfm_app_min": "76",

"pfm_default": true,

"pfm_description": "If disabled, prevents security warnings from appearing when Chrome is launched with some potentially dangerous command-line flags.",

"pfm_description_reference": "If disabled, prevents security warnings from appearing when Chrome is launched with some potentially dangerous command-line flags.\n\nIf enabled or unset, security warnings are displayed when some command-line flags are used to launch Chrome.\n\nOn Windows, this policy is only available on instances that are joined to a Microsoft® Active Directory® domain or Windows 10 Pro or Enterprise instances that are enrolled for device management..",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CommandLineFlagSecurityWarningsEnabled",

"pfm_name": "CommandLineFlagSecurityWarningsEnabled",

"pfm_note": "This policy is only available as a mandatory machine platform policy and it only affects machine scope cloud policies.",

"pfm_title": "Command Line Flag Security Warnings Enabled",

"pfm_type": "boolean"

},

{

"pfm_app_min": "54",

"pfm_default": true,

"pfm_description": "Enables component updates for all components in Google Chrome when not set or set to True.",

"pfm_description_reference": "Enables component updates for all components in Google Chrome when not set or set to True.\n\nIf set to False, updates to components are disabled. However, some components are exempt from this policy: updates to any component that does not contain executable code, or does not significantly alter the behavior of the browser, or is critical for its security will not be disabled.\nExamples of such components include the certificate revocation lists and Safe Browsing data.\nSee https://developers.google.com/safe-browsing for more info on Safe Browsing.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ComponentUpdatesEnabled",

"pfm_name": "ComponentUpdatesEnabled",

"pfm_title": "Enable component updates in Google Chrome",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "84",

"pfm_app_min": "79",

"pfm_default": true,

"pfm_description": "Use the legacy CORS implementation rather than new CORS.",

"pfm_description_reference": "Use the legacy CORS implementation rather than new CORS.\n\nIf this setting is set to True, the legacy implementation is used that should be compatible with previous versions.\n\nIf this setting is set to False, or is not set, the new implementation is used that might cause enterprise specific compatibility issues potentially.\n\nThis policy will be removed after a couple of milestones.\n\nFor details on CORS, visit: https://www.chromestatus.com/feature/5768642492891136.\n\nNote that this policy was announced to be removed in Google Chrome version 82, but the plan was changed to be removed in version 84.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CorsLegacyModeEnabled",

"pfm_name": "CorsLegacyModeEnabled",

"pfm_note": "For details on CORS, visit: https://www.chromestatus.com/feature/5768642492891136.",

"pfm_title": "Enable Cross-Origin Resource Sharing legacy mode",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "84",

"pfm_app_min": "79",

"pfm_description": "Enable CORS check mitigations in the new CORS implementation, allowing Extensions to keep compatible behavior, and allowing Google Chrome to send specified headers without CORS checks.",

"pfm_description_reference": "Enable CORS check mitigations in the new CORS implementation, allowing Extensions to keep compatible behavior, and allowing Google Chrome to send specified headers without CORS checks.\n\nIf this list is set to empty, Google Chrome tries to run Extensions in compatible manners, and does not introduce API changes for Google Chrome 79 as explained at https://developer.chrome.com/extensions/webRequest.\n\nIf this list is set to have HTTP request header names, CORS inspection will ignore the listed headers in addition to enable the mitigation for Extensions.\n\nIf this list is not set, both mitigations explained above are not applied.\n\nFor details on CORS, visit: https://www.chromestatus.com/feature/5768642492891136.\n\nNote that this policy was announced to be removed in Google Chrome version 82, but the plan was changed to be removed in version 84.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CorsMitigationList",

"pfm_name": "CorsMitigationList",

"pfm_note": "For details on CORS, visit: https://www.chromestatus.com/feature/5768642492891136.",

"pfm_subkeys": [

{

"pfm_type": "string"

}],

"pfm_title": "Cross-Origin Resource Sharing mitigation list",

"pfm_type": "array"

},

{

"pfm_app_min": "80",

"pfm_default": true,

"pfm_description": "This policy configures a local switch that can be used to disable DNS interception checks. The checks attempt to discover whether the browser is behind a proxy that redirects unknown host names.",

"pfm_description_reference": "This policy configures a local switch that can be used to disable DNS interception checks. The checks attempt to discover whether the browser is behind a proxy that redirects unknown host names.\n\nThis detection may not be necessary in an enterprise environment where the network configuration is known, since it causes some amount of DNS and HTTP traffic on start-up and each DNS configuration change.\n\nWhen this policy is not set, or is enabled, the DNS interception checks are performed. When explicitly disabled, they're not.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DNSInterceptionChecksEnabled",

"pfm_name": "DNSInterceptionChecksEnabled",

"pfm_title": "DNS Interception Checks",

"pfm_type": "boolean"

},

{

"pfm_app_min": "11",

"pfm_description": "Configures the default browser checks in Google Chrome and prevents users from changing them.",

"pfm_description_reference": "Configures the default browser checks in Google Chrome and prevents users from changing them.\n\nIf you enable this setting, Google Chrome will always check on startup whether it is the default browser and automatically register itself if possible.\n\nIf this setting is disabled, Google Chrome will never check if it is the default browser and will disable user controls for setting this option.\n\nIf this setting is not set, Google Chrome will allow the user to control whether it is the default browser and whether user notifications should be shown when it isn't.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultBrowserSettingEnabled",

"pfm_name": "DefaultBrowserSettingEnabled",

"pfm_title": "Set Google Chrome as Default Browser",

"pfm_type": "boolean"

},

{

"pfm_app_min": "64",

"pfm_description": "Configures the default directory that Google Chrome will use for downloading files. This policy is not mandatory, so the user will be able to change the directory.\n\nSee https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.",

"pfm_description_reference": "Configures the default directory that Google Chrome will use for downloading files.\n\nIf you set this policy, it will change the default directory that Google Chrome downloads files to. This policy is not mandatory, so the user will be able to change the directory.\n\nIf you do not set this policy, Google Chrome will use its usual default directory (platform-specific).\n\nSee https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultDownloadDirectory",

"pfm_name": "DefaultDownloadDirectory",

"pfm_title": "Set default download directory",

"pfm_type": "string",

"pfm_value_placeholder": "/Users/${user_name}/Downloads"

},

{

"pfm_app_min": "85",

"pfm_default": true,

"pfm_description": "Allow default search provider context menu search access.",

"pfm_description_reference": "Enables the use of a default search provider on the context menu.\n\nIf you set this policy to disabled the search context menu item that relies on your default search provider will not be available.\n\nIf this policy is set to enabled or not set, the context menu item for your default search provider will be available.\n\nThe policy value is only appled when the DefaultSearchProviderEnabled policy is enabled, and is not applicable otherwise.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderContextMenuAccessAllowed",

"pfm_name": "DefaultSearchProviderContextMenuAccessAllowed",

"pfm_title": "Enable default search provider on context menu",

"pfm_type": "boolean"

},

{

"pfm_app_min": "68",

"pfm_description": "Allows you to control where Developer Tools can be used.",

"pfm_description_reference": "0 - Disallow usage of the Developer Tools on extensions installed by enterprise policy, allow usage of the Developer Tools in other contexts\n1 - Allow usage of the Developer Tools\n2 - Disallow usage of the Developer Tools\nAllows you to control where Developer Tools can be used.\n\nIf this policy is set to 'DeveloperToolsDisallowedForForceInstalledExtensions' (value 0, which is the default value), the Developer Tools and the JavaScript console can be accessed in general, but they can not be accessed in the context of extensions installed by enterprise policy.\nIf this policy is set to 'DeveloperToolsAllowed' (value 1), the Developer Tools and the JavaScript console can be accessed and used in all contexts, including the context of extensions installed by enterprise policy.\nIf this policy is set to 'DeveloperToolsDisallowed' (value 2), the Developer Tools can not be accessed and web-site elements can not be inspected anymore. Any keyboard shortcuts and any menu or context menu entries to open the Developer Tools or the JavaScript Console will be disabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DeveloperToolsAvailability",

"pfm_name": "DeveloperToolsAvailability",

"pfm_range_list": [0, 1, 2],

"pfm_range_list_titles": ["Disallow usage of the Developer Tools on extensions installed by enterprise policy, allow usage of the Developer Tools in other contexts", "Allow usage of the Developer Tools", "Disallow usage of the Developer Tools"],

"pfm_title": "Control where Developer Tools can be used",

"pfm_type": "integer"

},

{

"pfm_app_min": "9",

"pfm_default": false,

"pfm_description": "Enabling this setting prevents web pages from accessing the graphics processing unit (GPU). Specifically, web pages can not access the WebGL API and plugins can not use the Pepper 3D API.",

"pfm_description_reference": "Enabling this setting prevents web pages from accessing the graphics processing unit (GPU). Specifically, web pages can not access the WebGL API and plugins can not use the Pepper 3D API.\n\nDisabling this setting or leaving it not set potentially allows web pages to use the WebGL API and plugins to use the Pepper 3D API. The default settings of the browser may still require command line arguments to be passed in order to use these APIs.\n\nIf HardwareAccelerationModeEnabled is set to false, Disable3DAPIs is ignored and it is equivalent to Disable3DAPIs being set to true.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=Disable3DAPIs",

"pfm_name": "Disable3DAPIs",

"pfm_title": "Disable support for 3D graphics APIs",

"pfm_type": "boolean"

},

{

"pfm_app_min": "22",

"pfm_default": false,

"pfm_description": "The Safe Browsing service shows a warning page when users navigate to sites that are flagged as potentially malicious. Enabling this setting prevents users from proceeding anyway from the warning page to the malicious site.",

"pfm_description_reference": "The Safe Browsing service shows a warning page when users navigate to sites that are flagged as potentially malicious. Enabling this setting prevents users from proceeding anyway from the warning page to the malicious site.\n\nIf this setting is disabled or not configured then users can choose to proceed to the flagged site after being shown the warning.\n\nSee https://developers.google.com/safe-browsing for more info on Safe Browsing.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DisableSafeBrowsingProceedAnyway",

"pfm_name": "DisableSafeBrowsingProceedAnyway",

"pfm_title": "Disable proceeding from the Safe Browsing warning page",

"pfm_type": "boolean"

},

{

"pfm_app_min": "22",

"pfm_default": false,

"pfm_description": "If enabled, screenshots cannot be taken using keyboard shortcuts or extension APIs.",

"pfm_description_reference": "If enabled, screenshots cannot be taken using keyboard shortcuts or extension APIs.\n\nIf disabled or not specified, taking screenshots is allowed.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DisableScreenshots",

"pfm_name": "DisableScreenshots",

"pfm_title": "Disable taking screenshots",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "10",

"pfm_app_min": "8",

"pfm_description": "This policy is deprecated. Please use the DefaultPluginsSetting to control the avalability of the Flash plugin and AlwaysOpenPdfExternally to control whether the integrated PDF viewer should be used for opening PDF files.\n\nSpecifies a list of plugins that are disabled in Google Chrome and prevents users from changing this setting.",

"pfm_description_reference": "This policy is deprecated. Please use the DefaultPluginsSetting to control the avalability of the Flash plugin and AlwaysOpenPdfExternally to control whether the integrated PDF viewer should be used for opening PDF files.\n\nSpecifies a list of plugins that are disabled in Google Chrome and prevents users from changing this setting.\n\nThe wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\\', so to match actual '*', '?', or '\\' characters, you can put a '\\' in front of them.\n\nIf you enable this setting, the specified list of plugins is never used in Google Chrome. The plugins are marked as disabled in 'about:plugins' and users cannot enable them.\n\nNote that this policy can be overridden by EnabledPlugins and DisabledPluginsExceptions.\n\nIf this policy is left not set the user can use any plugin installed on the system except for hard-coded incompatible, outdated or dangerous plugins.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DisabledPlugins",

"pfm_name": "DisabledPlugins",

"pfm_subkeys": [

{

"pfm_type": "string"

}],

"pfm_title": "Disabled Plugins",

"pfm_type": "array"

},

{

"pfm_app_deprecated": "12",

"pfm_app_min": "11",

"pfm_description": "This policy is deprecated. Please use the DefaultPluginsSetting to control the avalability of the Flash plugin and AlwaysOpenPdfExternally to control whether the integrated PDF viewer should be used for opening PDF files.\n\nSpecifies a list of plugins that user can enable or disable in Google Chrome.",

"pfm_description_reference": "This policy is deprecated. Please use the DefaultPluginsSetting to control the avalability of the Flash plugin and AlwaysOpenPdfExternally to control whether the integrated PDF viewer should be used for opening PDF files.\n\nSpecifies a list of plugins that user can enable or disable in Google Chrome.\n\nThe wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\\', so to match actual '*', '?', or '\\' characters, you can put a '\\' in front of them.\n\nIf you enable this setting, the specified list of plugins can be used in Google Chrome. Users can enable or disable them in 'about:plugins', even if the plugin also matches a pattern in DisabledPlugins. Users can also enable and disable plugins that don't match any patterns in DisabledPlugins, DisabledPluginsExceptions and EnabledPlugins.\n\nThis policy is meant to allow for strict plugin blacklisting where the 'DisabledPlugins' list contains wildcarded entries like disable all plugins '*' or disable all Java plugins '*Java*' but the administrator wishes to enable some particular version like 'IcedTea Java 2.3'. This particular versions can be specified in this policy.\n\nNote that both the plugin name and the plugin's group name have to be exempted. Each plugin group is shown in a separate section in about:plugins; each section may have one or more plugins. For example, the \"Shockwave Flash\" plugin belongs to the \"Adobe Flash Player\" group, and both names have to have a match in the exceptions list if that plugin is to be exempted from the blacklist.\n\nIf this policy is left not set any plugin that matches the patterns in the 'DisabledPlugins' will be locked disabled and the user won't be able to enable them.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DisabledPluginsExceptions",

"pfm_name": "DisabledPluginsExceptions",

"pfm_subkeys": [

{

"pfm_type": "string"

}],

"pfm_title": "Disabled Plugins Exceptions",

"pfm_type": "array"

},

{

"pfm_app_deprecated": "13",

"pfm_app_min": "12",

"pfm_description": "This policy is deprecated, please use URLBlocklist instead.\n\nDisables the listed protocol schemes in Google Chrome.",

"pfm_description_reference": "This policy is deprecated, please use URLBlacklist instead.\n\nDisables the listed protocol schemes in Google Chrome.\n\nURLs using a scheme from this list will not load and can not be navigated to.\n\nIf this policy is left not set or the list is empty all schemes will be accessible in Google Chrome.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DisabledSchemes",

"pfm_name": "DisabledSchemes",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "ex. file, http, https, etc."

}],

"pfm_title": "Disabled URL Protocol Schemes",

"pfm_type": "array"

},

{

"pfm_app_min": "13",

"pfm_description": "Configures the directory that Google Chrome will use for storing cached files on the disk. See https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used. To avoid data loss or other unexpected errors this policy should not be set to a volume's root directory or to a directory used for other purposes, because Google Chrome manages its contents",

"pfm_description_reference": "Configures the directory that Google Chrome will use for storing cached files on the disk.\n\nIf you set this policy, Google Chrome will use the provided directory regardless whether the user has specified the '--disk-cache-dir' flag or not. To avoid data loss or other unexpected errors this policy should not be set to a volume's root directory or to a directory used for other purposes, because Google Chrome manages its contents.\n\nSee https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.\n\nIf this policy is left not set the default cache directory will be used and the user will be able to override it with the '--disk-cache-dir' command line flag.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DiskCacheDir",

"pfm_name": "DiskCacheDir",

"pfm_title": "Set disk cache directory",

"pfm_type": "string",

"pfm_value_placeholder": "${user_home}/Chrome_cache"

},

{

"pfm_app_min": "17",

"pfm_description": "Configures the cache size that Google Chrome will use for storing cached files on the disk. The value specified in this policy is not a hard boundary but rather a suggestion to the caching system, any value below a few megabytes is too small and will be rounded up to a sane minimum. If the value of this policy is 0, the default cache size will be used but the user will not be able to change it.",

"pfm_description_reference": "Configures the cache size that Google Chrome will use for storing cached files on the disk.\n\nIf you set this policy, Google Chrome will use the provided cache size regardless whether the user has specified the '--disk-cache-size' flag or not. The value specified in this policy is not a hard boundary but rather a suggestion to the caching system, any value below a few megabytes is too small and will be rounded up to a sane minimum.\n\nIf the value of this policy is 0, the default cache size will be used but the user will not be able to change it.\n\nIf this policy is not set the default size will be used and the user will be able to override it with the --disk-cache-size flag.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DiskCacheSize",

"pfm_name": "DiskCacheSize",

"pfm_title": "Set disk cache size",

"pfm_type": "integer",

"pfm_value_placeholder": "104857600",

"pfm_value_unit": "bytes"

},

{

"pfm_app_min": "68",

"pfm_description": "Controls the mode of DNS-over-HTTPS",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are allowed to ask the user to grant them access to a USB device.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultWebUsbGuardSetting' policy if it is set, or the user's personal configuration otherwise.\n\nURL patterns in this policy should not clash with ones configured via WebUsbBlockedForUrls. It is unspecified which of the two policies takes precedence if a URL matches with both.\n\nFor detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DnsOverHttpsMode",

"pfm_name": "DnsOverHttpsMode",

"pfm_range_list": ["off", "automatic", "secure"],

"pfm_range_list_titles": ["Disable DNS-over-HTTPS", "Enable DNS-over-HTTPS with insecure fallback", "Enable DNS-over-HTTPS without insecure fallback"],

"pfm_title": "DNS-over-HTTPS mode",

"pfm_type": "string"

},

{

"pfm_app_min": "68",

"pfm_description": "Specify URI template of desired DNS-over-HTTPS resolver. To specify multiple DNS-over-HTTPS resolvers, separate the corresponding URI templates with spaces.",

"pfm_description_reference": "The URI template of the desired DNS-over-HTTPS resolver. To specify multiple DNS-over-HTTPS resolvers, separate the corresponding URI templates with spaces.\n\nIf the DnsOverHttpsMode is set to \"secure\" then this policy must be set and not empty.\n\nIf the DnsOverHttpsMode is set to \"automatic\" and this policy is set then the URI templates specified will be used; if this policy is unset then hardcoded mappings will be used to attempt to upgrade the user's current DNS resolver to a DoH resolver operated by the same provider.\n\nIf the URI template contains a dns variable, requests to the resolver will use GET; otherwise requests will use POST.\n\nIncorrectly formatted templates will be ignored.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DnsOverHttpsTemplates",

"pfm_name": "DnsOverHttpsTemplates",

"pfm_note": "Incorrectly formatted templates will be ignored.",

"pfm_title": "DNS-over-HTTPS mode",

"pfm_type": "string"

},

{

"pfm_app_min": "11",

"pfm_description": "Configures the directory that Google Chrome will use for downloading files. If you set this policy, Google Chrome will use the provided directory regardless whether the user has specified one or enabled the flag to be prompted for download location every time. If this policy is left not set the default download directory will be used and the user will be able to change it.\n\nSee https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.",

"pfm_description_reference": "Configures the directory that Google Chrome will use for downloading files.\n\nIf you set this policy, Google Chrome will use the provided directory regardless whether the user has specified one or enabled the flag to be prompted for download location every time.\n\nSee https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.\n\nIf this policy is left not set the default download directory will be used and the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DownloadDirectory",

"pfm_name": "DownloadDirectory",

"pfm_title": "Set download directory",

"pfm_type": "string",

"pfm_value_placeholder": "${users}/${user_name}/Downloads"

},

{

"pfm_app_min": "61",

"pfm_description": "Configures the type of downloads that Google Chrome will completely block, without letting users override the security decision.",

"pfm_description_reference": "0 - No special restrictions\n1 - Block dangerous downloads\n2 - Block potentially dangerous downloads\n3 - Block all downloads\nConfigures the type of downloads that Google Chrome will completely block, without letting users override the security decision.\n\nIf you set this policy, Google Chrome will prevent certain types of downloads, and won't let user bypass the security warnings.\n\nWhen the 'Block dangerous downloads' option is chosen, all downloads are allowed, except for those that carry Safe Browsing warnings.\n\nWhen the 'Block potentially dangerous downloads' option is chosen, all downloads allowed, except for those that carry Safe Browsing warnings of potentially dangerous downloads.\n\nWhen the 'Block all downloads' option is chosen, all downloads are blocked.\n\nWhen this policy is not set, (or the 'No special restrictions' option is chosen), the downloads will go through the usual security restrictions based on Safe Browsing analysis results.\n\nNote that these restrictions apply to downloads triggered from web page content, as well as the 'download link...' context menu option. These restrictions do not apply to the save / download of the currently displayed page, nor does it apply to saving as PDF from the printing options.\n\nSee https://developers.google.com/safe-browsing for more info on Safe Browsing.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DownloadRestrictions",

"pfm_name": "DownloadRestrictions",

"pfm_range_list": [0, 1, 2, 3],

"pfm_range_list_titles": ["No special restrictions", "Block dangerous downloads", "Block potentially dangerous downloads", "Block all downloads"],

"pfm_title": "Download restrictions",

"pfm_type": "integer"

},

{

"pfm_app_min": "12",

"pfm_default": true,

"pfm_description": "If you enable this setting, bookmarks can be added, removed or modified. This is the default also when this policy is not set.",

"pfm_description_reference": "If you enable this setting, bookmarks can be added, removed or modified. This is the default also when this policy is not set.\n\nIf you disable this setting, bookmarks can not be added, removed or modified. Existing bookmarks are still available.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EditBookmarksEnabled",

"pfm_name": "EditBookmarksEnabled",

"pfm_title": "Enable or disable bookmark editing",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "88",

"pfm_app_min": "37",

"pfm_description": "ExampleDeprecatedFeature_EffectiveUntil20080902 - Enable ExampleDeprecatedFeature API through 2008/09/02\nSpecify a list of deprecated web platform features to re-enable temporarily.",

"pfm_description_reference": "ExampleDeprecatedFeature_EffectiveUntil20080902 - Enable ExampleDeprecatedFeature API through 2008/09/02\nSpecify a list of deprecated web platform features to re-enable temporarily.\n\nThis policy gives administrators the ability to re-enable deprecated web platform features for a limited time. Features are identified by a string tag and the features corresponding to the tags included in the list specified by this policy will get re-enabled.\n\nIf this policy is left not set, or the list is empty or does not match one of the supported string tags, all deprecated web platform features will remain disabled.\n\nWhile the policy itself is supported on the above platforms, the feature it is enabling may be available on fewer platforms. Not all deprecated Web Platform features can be re-enabled. Only the ones explicitly listed below can be for a limited period of time, which is different per feature. The general format of the string tag will be [DeprecatedFeatureName]_EffectiveUntil[yyyymmdd]. As reference, you can find the intent behind the Web Platform feature changes at https://bit.ly/blinkintents.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnableDeprecatedWebPlatformFeatures",

"pfm_name": "EnableDeprecatedWebPlatformFeatures",

"pfm_subkeys": [

{

"pfm_type": "string"

}],

"pfm_title": "Enable deprecated web platform features for a limited time",

"pfm_type": "array"

},

{

"pfm_app_min": "85",

"pfm_description": "Allows Google Chrome to load experimental policies.",

"pfm_description_reference": "Allows Google Chrome to load experimental policies.\n\nWARNING: Experimental policies are unsupported and subject to change or be removed without notice in future version of the browser!\n\nAn experimental policy may not be finished or still have known or unknown defects. It may be changed or even removed without any notification. By enabling experimental policies, you could lose browser data or compromise your security or privacy.\n\nIf a policy is not in the list and it's not officially released, its value will be ignored on Beta and Stable channel.\n\nIf a policy is in the list and it's not officially released, its value will be applied.\n\nThis policy has no effect on already released policies.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnableExperimentalPolicies",

"pfm_name": "EnableExperimentalPolicies",

"pfm_note": "WARNING: Experimental policies are unsupported and subject to change or be removed without notice in future version of the browser! If a policy is in the list and it's not officially released, its value will be applied. This policy has no effect on already released policies.",

"pfm_subkeys": [

{

"pfm_title": "Preference Key Name",

"pfm_type": "string"

}],

"pfm_title": "Enable experimental policies",

"pfm_type": "array"

},

{

"pfm_app_min": "19",

"pfm_default": false,

"pfm_description": "In light of the fact that soft-fail, online revocation checks provide no effective security benefit, they are disabled by default in Google Chrome version 19 and later. By setting this policy to true, the previous behavior is restored and online OCSP/CRL checks will be performed.",

"pfm_description_reference": "In light of the fact that soft-fail, online revocation checks provide no effective security benefit, they are disabled by default in Google Chrome version 19 and later. By setting this policy to true, the previous behavior is restored and online OCSP/CRL checks will be performed.\n\nIf the policy is not set, or is set to false, then Google Chrome will not perform online revocation checks in Google Chrome 19 and later.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnableOnlineRevocationChecks",

"pfm_name": "EnableOnlineRevocationChecks",

"pfm_title": "Whether online OCSP/CRL checks are performed",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "15",

"pfm_app_min": "11",

"pfm_description": "This policy is deprecated. Please use the DefaultPluginsSetting to control the avalability of the Flash plugin and AlwaysOpenPdfExternally to control whether the integrated PDF viewer should be used for opening PDF files.\n\nSpecifies a list of plugins that are enabled in Google Chrome and prevents users from changing this setting.",

"pfm_description_reference": "This policy is deprecated. Please use the DefaultPluginsSetting to control the avalability of the Flash plugin and AlwaysOpenPdfExternally to control whether the integrated PDF viewer should be used for opening PDF files.\n\nSpecifies a list of plugins that are enabled in Google Chrome and prevents users from changing this setting.\n\nThe wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\\', so to match actual '*', '?', or '\\' characters, you can put a '\\' in front of them.\n\nThe specified list of plugins is always used in Google Chrome if they are installed. The plugins are marked as enabled in 'about:plugins' and users cannot disable them.\n\nNote that this policy overrides both DisabledPlugins and DisabledPluginsExceptions.\n\nIf this policy is left not set the user can disable any plugin installed on the system.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnabledPlugins",

"pfm_name": "EnabledPlugins",

"pfm_title": "Enabled Plugins",

"pfm_type": "array",

"pfm_subkeys": [

{

"pfm_type": "string"

}]

},

{

"pfm_app_min": "71",

"pfm_default": false,

"pfm_description": "When this policy is set to enabled, extensions installed by enterprise policy are allowed to use the Enterprise Hardware Platform API.",

"pfm_description_reference": "When this policy is set to enabled, extensions installed by enterprise policy are allowed to use the Enterprise Hardware Platform API. When this policy is set to disabled or not set, no extensions are allowed to use the Enterprise Hardware Platform API. This policy also applies to component extensions such as the Hangout Services extension.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnterpriseHardwarePlatformAPIEnabled",

"pfm_name": "EnterpriseHardwarePlatformAPIEnabled",

"pfm_note": "This policy also applies to component extensions such as the Hangout Services extension.",

"pfm_title": "Enable Managed Extensions to use the Enterprise Hardware API",

"pfm_type": "boolean"

},

{

"pfm_app_min": "86",

"pfm_description": "This policy controls checking URLs in real time to identify unsafe URLs. If this policy is left not set or set to ‘Disabled', the consumer Safe Browsing checks will be applied. If this policy is set to ‘Enabled', URLs will be sent to be scanned in real time under enterprise ToS. It will result in Chrome sending URLs to Google Cloud or third parties of your choosing to check them in real time. The consumer version of Safe Browsing real time lookup will be switched off.",

"pfm_description_reference": "This policy controls checking URLs in real time to identify unsafe URLs.\n\nIf this policy is left not set or set to ‘Disabled', the consumer Safe Browsing checks will be applied. Consumer Safe Browsing checks can still include real time lookups, depending on the value of the \"Make searches and browsing better\" setting and the value of the UrlKeyedAnonymizedDataCollectionEnabled policy.\n\nIf this policy is set to ‘Enabled', URLs will be sent to be scanned in real time under enterprise ToS. It will result in Chrome sending URLs to Google Cloud or third parties of your choosing to check them in real time. The consumer version of Safe Browsing real time lookup will be switched off.\n\nThis policy can only be set from the Google Admin console.\n\n0 = Real time URL check is disabled.\n1 = Real time check for main frame URLs is enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnterpriseRealTimeUrlCheckMode",

"pfm_name": "EnterpriseRealTimeUrlCheckMode",

"pfm_note": "This policy can only be set from the Google Admin console.",

"pfm_range_list": [0, 1],

"pfm_range_list_titles": ["Disabled", "Enabled"],

"pfm_title": "Check Safe Browsing status of URLs in real time",

"pfm_type": "integer"

},

{

"pfm_app_min": "79",

"pfm_default": true,

"pfm_description": "Show an \"Always open\" checkbox in external protocol dialog.",

"pfm_description_reference": "This policy controls whether or not the \"Always open\" checkbox is shown on external protocol launch confirmation prompts.\n\nIf this policy is set to True or not set, when an external protocol confirmation is shown, the user can select \"Always allow\" to skip all future confirmation prompts for the protocol on this site.\n\nIf this policy is set to False, the \"Always allow\" checkbox is not displayed and the user will be prompted each time an external protocol is invoked.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExternalProtocolDialogShowAlwaysOpenCheckbox",

"pfm_name": "ExternalProtocolDialogShowAlwaysOpenCheckbox",

"pfm_title": "Display \"Always open\" checkbox in external protocol dialog",

"pfm_type": "boolean"

},

{

"pfm_default": false,

"pfm_app_deprecated": "70",

"pfm_app_min": "66",

"pfm_description": "If this policy is set to true, user has to sign in to Google Chrome with their profile before using the browser. And the default value of BrowserGuestModeEnabled will be set to false. Note that existing unsigned profiles will be locked and inaccessible after enabling this policy. For more information, see help center article. This policy is deprecated, consider using BrowserSignin instead.",

"pfm_description_reference": "This policy is deprecated, consider using BrowserSignin instead.\n\nIf this policy is set to true, user has to sign in to Google Chrome with their profile before using the browser. And the default value of BrowserGuestModeEnabled will be set to false. Note that existing unsigned profiles will be locked and inaccessible after enabling this policy. For more information, see help center article.\n\nIf this policy is set to false or not configured, user can use the browser without sign in to Google Chrome.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ForceBrowserSignin",

"pfm_name": "ForceBrowserSignin",

"pfm_title": "Enable force sign in for Google Chrome",

"pfm_type": "boolean"

},

{

"pfm_app_min": "32",

"pfm_default": false,

"pfm_description": "If set to enabled this policy forces the profile to be switched to ephemeral mode. If this policy is specified as an OS policy (e.g. GPO on Windows) it will apply to every profile on the system; if the policy is set as a Cloud policy it will apply only to a profile signed in with a managed account.",

"pfm_description_reference": "If set to enabled this policy forces the profile to be switched to ephemeral mode. If this policy is specified as an OS policy (e.g. GPO on Windows) it will apply to every profile on the system; if the policy is set as a Cloud policy it will apply only to a profile signed in with a managed account.\n\nIn this mode the profile data is persisted on disk only for the length of the user session. Features like browser history, extensions and their data, web data like cookies and web databases are not preserved after the browser is closed. However this does not prevent the user from downloading any data to disk manually, save pages or print them.\n\nIf the user has enabled sync all this data is preserved in their sync profile just like with regular profiles. Incognito mode is also available if not explicitly disabled by policy.\n\nIf the policy is set to disabled or left not set signing in leads to regular profiles.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ForceEphemeralProfiles",

"pfm_name": "ForceEphemeralProfiles",

"pfm_title": "Ephemeral profile",

"pfm_type": "boolean"

},

{

"pfm_app_min": "41",

"pfm_default": false,

"pfm_description": "Forces queries in Google Web Search to be done with SafeSearch set to active and prevents users from changing this setting.",

"pfm_description_reference": "Forces queries in Google Web Search to be done with SafeSearch set to active and prevents users from changing this setting.\n\nIf you enable this setting, SafeSearch in Google Search is always active.\n\nIf you disable this setting or do not set a value, SafeSearch in Google Search is not enforced.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ForceGoogleSafeSearch",

"pfm_name": "ForceGoogleSafeSearch",

"pfm_title": "Force Google SafeSearch",

"pfm_type": "boolean"

},

{

"pfm_default": false,

"pfm_app_deprecated": "30",

"pfm_app_min": "25",

"pfm_description": "This policy is deprecated, please use ForceGoogleSafeSearch and ForceYouTubeRestrict instead. This policy is ignored if either the ForceGoogleSafeSearch, the ForceYouTubeRestrict or the (deprecated) ForceYouTubeSafetyMode policies are set.",

"pfm_description_reference": "This policy is deprecated, please use ForceGoogleSafeSearch and ForceYouTubeRestrict instead. This policy is ignored if either the ForceGoogleSafeSearch, the ForceYouTubeRestrict or the (deprecated) ForceYouTubeSafetyMode policies are set.\n\nForces queries in Google Web Search to be done with SafeSearch set to active and prevents users from changing this setting. This setting also forces Moderate Restricted Mode on YouTube.\n\nIf you enable this setting, SafeSearch in Google Search and Moderate Restricted Mode YouTube is always active.\n\nIf you disable this setting or do not set a value, SafeSearch in Google Search and Restricted Mode in YouTube is not enforced.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ForceSafeSearch",

"pfm_name": "ForceSafeSearch",

"pfm_title": "Force SafeSearch",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "82",

"pfm_app_min": "80",

"pfm_default": false,

"pfm_description": "This enterprise policy is for short-term adaptation and will be removed in M82.",

"pfm_description_reference": "This enterprise policy is for short-term adaptation and will be removed in M82.\n\nChrome's default referrer policy is being strengthened from its current value of no-referrer-when-downgrade to the more secure strict-origin-when-cross-origin through a gradual rollout targeting M80 stable.\n\nBefore the rollout, this enterprise policy will have no effect. After the rollout, when this enterprise policy is enabled, Chrome's default referrer policy will be set to its pre-M80 value of no-referrer-when-downgrade.\n\nThis enterprise policy is disabled by default.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ForceLegacyDefaultReferrerPolicy",

"pfm_name": "ForceLegacyDefaultReferrerPolicy",

"pfm_title": "Force Legacy Default Referrer",

"pfm_type": "boolean"

},

{

"pfm_app_min": "80",

"pfm_default": false,

"pfm_description": "This policy configures a single global per profile cache with HTTP server authentication credentials.",

"pfm_description_reference": "This policy configures a single global per profile cache with HTTP server authentication credentials.\n\nIf this policy is unset or disabled, the browser will use the default behavior of cross-site auth, which as of version 80, will be to scope HTTP server authentication credentials by top-level site, so if two sites use resources from the same authenticating domain, credentials will need to be provided independently in the context of both sites. Cached proxy credentials will be reused across sites.\n\nIf the policy is enabled, HTTP auth credentials entered in the context of one site will automatically be used in the context of another.\n\nEnabling this policy leaves sites open to some types of cross-site attacks, and allows users to be tracked across sites even without cookies by adding entries to the HTTP auth cache using credentials embedded in URLs.\n\nThis policy is intended to give enterprises depending on the legacy behavior a chance to update their login procedures, and will be removed in the future.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=GloballyScopeHTTPAuthCacheEnabled",

"pfm_name": "GloballyScopeHTTPAuthCacheEnabled",

"pfm_title": "Enable globally scoped HTTP auth cache",

"pfm_type": "boolean"

},

{

"pfm_app_min": "79",

"pfm_description": "List of names that will bypass the HSTS policy check. Hostnames specified in this list will be exempt from the HSTS policy check that could potentially upgrade requests from http to https.",

"pfm_description_reference": "Hostnames specified in this list will be exempt from the HSTS policy check that could potentially upgrade requests from http to https. Only single-label hostnames are allowed in this policy. Hostnames must be canonicalized: any IDNs must be converted to their A-label format, and all ASCII letters must be lowercase. This policy only applies to the specific hostnames specified; it does not apply to subdomains of the names specified.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=HSTSPolicyBypassList",

"pfm_name": "HSTSPolicyBypassList",

"pfm_note": "Only single-label hostnames are allowed in this policy. Hostnames must be canonicalized: any IDNs must be converted to their A-label format, and all ASCII letters must be lowercase. This policy only applies to the specific hostnames specified; it does not apply to subdomains of the names specified.",

"pfm_subkeys": [

{

"pfm_title": "Hostname",

"pfm_type": "string"

}],

"pfm_title": "HSTS Policy Bypass List",

"pfm_type": "array"

},

{

"pfm_app_min": "55",

"pfm_description": "Enforces a minimum Restricted Mode on YouTube and prevents users from picking a less restricted mode.",

"pfm_description_reference": "0 - Do not enforce Restricted Mode on YouTube\n1 - Enforce at least Moderate Restricted Mode on YouTube\n2 - Enforce Strict Restricted Mode for YouTube\nEnforces a minimum Restricted Mode on YouTube and prevents users from picking a less restricted mode.\n\nIf this setting is set to Strict, Strict Restricted Mode on YouTube is always active.\n\nIf this setting is set to Moderate, the user may only pick Moderate Restricted Mode and Strict Restricted Mode on YouTube, but cannot disable Restricted Mode.\n\nIf this setting is set to Off or no value is set, Restricted Mode on YouTube is not enforced by Google Chrome. External policies such as YouTube policies might still enforce Restricted Mode, though.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ForceYouTubeRestrict",

"pfm_name": "ForceYouTubeRestrict",

"pfm_range_list": [0, 1, 2],

"pfm_range_list_titles": ["Do not enforce Restricted Mode on YouTube", "Enforce at least Moderate Restricted Mode on YouTube", "Enforce Strict Restricted Mode for YouTube"],

"pfm_title": "Force minimum YouTube Restricted Mode",

"pfm_type": "integer"

},

{

"pfm_default": false,

"pfm_app_deprecated": "45",

"pfm_app_min": "41",

"pfm_description": "This policy is deprecated. Consider using ForceYouTubeRestrict, which overrides this policy and allows more fine-grained tuning.\n\nForces YouTube Moderate Restricted Mode and prevents users from changing this setting.",

"pfm_description_reference": "This policy is deprecated. Consider using ForceYouTubeRestrict, which overrides this policy and allows more fine-grained tuning.\n\nForces YouTube Moderate Restricted Mode and prevents users from changing this setting.\n\nIf this setting is enabled, Restricted Mode on YouTube is always enforced to be at least Moderate.\n\nIf this setting is disabled or no value is set, Restricted Mode on YouTube is not enforced by Google Chrome. External policies such as YouTube policies might still enforce Restricted Mode, though.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ForceYouTubeSafetyMode",

"pfm_name": "ForceYouTubeSafetyMode",

"pfm_title": "Force YouTube Safety Mode",

"pfm_type": "boolean"

},

{

"pfm_app_min": "46",

"pfm_default": true,

"pfm_description": "If this policy is set to true or left unset, hardware acceleration will be enabled unless a certain GPU feature is blacklisted.",

"pfm_description_reference": "If this policy is set to true or left unset, hardware acceleration will be enabled unless a certain GPU feature is blacklisted.\n\nIf this policy is set to false, hardware acceleration will be disabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=HardwareAccelerationModeEnabled",

"pfm_name": "HardwareAccelerationModeEnabled",

"pfm_title": "Use hardware acceleration when available",

"pfm_type": "boolean"

},

{

"pfm_app_min": "26",

"pfm_default": false,

"pfm_description": "Hide the Chrome Web Store app and footer link from the New Tab Page and Google Chrome OS app launcher.",

"pfm_description_reference": "Hide the Chrome Web Store app and footer link from the New Tab Page and Google Chrome OS app launcher.\n\nWhen this policy is set to true, the icons are hidden.\n\nWhen this policy is set to false or is not configured, the icons are visible.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=HideWebStoreIcon",

"pfm_name": "HideWebStoreIcon",

"pfm_title": "Hide the web store from the New Tab Page and app launcher",

"pfm_type": "boolean"

},

{

"pfm_default": false,

"pfm_app_deprecated": "78",

"pfm_app_min": "54",

"pfm_description": "This policy enables HTTP/0.9 on ports other than 80 for HTTP and 443 for HTTPS.",

"pfm_description_reference": "This policy enables HTTP/0.9 on ports other than 80 for HTTP and 443 for HTTPS.\n\nThis policy is disabled by default, and if enabled, leaves users open to the security issue https://crbug.com/600352.\n\nThis policy is intended to give enterprises a chance to migrate exising servers off of HTTP/0.9, and will be removed in the future.\n\nIf this policy is not set, HTTP/0.9 will be disabled on non-default ports.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=Http09OnNonDefaultPortsEnabled",

"pfm_name": "Http09OnNonDefaultPortsEnabled",

"pfm_title": "Enable HTTP/0.9 support on non-default ports",

"pfm_type": "boolean"

},

{

"pfm_app_min": "39",

"pfm_description": "This policy forces the autofill form data to be imported from the previous default browser if enabled. If enabled, this policy also affects the import dialog.",

"pfm_description_reference": "This policy forces the autofill form data to be imported from the previous default browser if enabled. If enabled, this policy also affects the import dialog.\n\nIf disabled, the autofill form data is not imported.\n\nIf it is not set, the user may be asked whether to import, or importing may happen automatically.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ImportAutofillFormData",

"pfm_name": "ImportAutofillFormData",

"pfm_title": "Import autofill form data from default browser on first run",

"pfm_type": "boolean"

},

{

"pfm_app_min": "15",

"pfm_default": true,

"pfm_description": "This policy forces bookmarks to be imported from the current default browser if enabled. If enabled, this policy also affects the import dialog.",

"pfm_description_reference": "This policy forces bookmarks to be imported from the current default browser if enabled. If enabled, this policy also affects the import dialog.\n\nIf disabled, no bookmarks are imported.\n\nIf it is not set, the user may be asked whether to import, or importing may happen automatically.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ImportBookmarks",

"pfm_name": "ImportBookmarks",

"pfm_title": "Import bookmarks from default browser on first run",

"pfm_type": "boolean"

},

{

"pfm_app_min": "15",

"pfm_description": "This policy forces the browsing history to be imported from the current default browser if enabled. If enabled, this policy also affects the import dialog.",

"pfm_description_reference": "This policy forces the browsing history to be imported from the current default browser if enabled. If enabled, this policy also affects the import dialog.\n\nIf disabled, no browsing history is imported.\n\nIf it is not set, the user may be asked whether to import, or importing may happen automatically.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ImportHistory",

"pfm_name": "ImportHistory",

"pfm_title": "Import browsing history from default browser on first run",

"pfm_type": "boolean"

},

{

"pfm_app_min": "15",

"pfm_description": "This policy forces the home page to be imported from the current default browser if enabled.",

"pfm_description_reference": "This policy forces the home page to be imported from the current default browser if enabled.\n\nIf disabled, the home page is not imported.\n\nIf it is not set, the user may be asked whether to import, or importing may happen automatically.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ImportHomepage",

"pfm_name": "ImportHomepage",

"pfm_title": "Import of homepage from default browser on first run",

"pfm_type": "boolean"

},

{

"pfm_app_min": "15",

"pfm_description": "This policy forces the saved passwords to be imported from the previous default browser if enabled. If enabled, this policy also affects the import dialog.",

"pfm_description_reference": "This policy forces the saved passwords to be imported from the previous default browser if enabled. If enabled, this policy also affects the import dialog.\n\nIf disabled, the saved passwords are not imported.\n\nIf it is not set, the user may be asked whether to import, or importing may happen automatically.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ImportSavedPasswords",

"pfm_name": "ImportSavedPasswords",

"pfm_title": "Import saved passwords from default browser on first run",

"pfm_type": "boolean"

},

{

"pfm_app_min": "15",

"pfm_description": "This policy forces search engines to be imported from the current default browser if enabled. If enabled, this policy also affects the import dialog.",

"pfm_description_reference": "This policy forces search engines to be imported from the current default browser if enabled. If enabled, this policy also affects the import dialog.\n\nIf disabled, the default search engine is not imported.\n\nIf it is not set, the user may be asked whether to import, or importing may happen automatically.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ImportSearchEngine",

"pfm_name": "ImportSearchEngine",

"pfm_title": "Import search engines from default browser on first run",

"pfm_type": "boolean"

},

{

"pfm_default": true,

"pfm_app_deprecated": "15",

"pfm_app_min": "11",

"pfm_description": "This policy is deprecated. Please, use IncognitoModeAvailability instead. Enables Incognito mode in Google Chrome.\n\nIf this setting is enabled or not configured, users can open web pages in incognito mode.",

"pfm_description_reference": "This policy is deprecated. Please, use IncognitoModeAvailability instead. Enables Incognito mode in Google Chrome.\n\nIf this setting is enabled or not configured, users can open web pages in incognito mode.\n\nIf this setting is disabled, users cannot open web pages in incognito mode.\n\nIf this policy is left not set, this will be enabled and the user will be able to use incognito mode.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ImportSearchEngine",

"pfm_name": "IncognitoEnabled",

"pfm_title": "Enable Incognito",

"pfm_type": "boolean"

},

{

"pfm_app_min": "14",

"pfm_description": "Specifies whether the user may open pages in Incognito mode in Google Chrome.",

"pfm_description_reference": "0 - Incognito mode available\n1 - Incognito mode disabled\n2 - Incognito mode forced\nSpecifies whether the user may open pages in Incognito mode in Google Chrome.\n\nIf 'Enabled' is selected or the policy is left unset, pages may be opened in Incognito mode.\n\nIf 'Disabled' is selected, pages may not be opened in Incognito mode.\n\nIf 'Forced' is selected, pages may be opened ONLY in Incognito mode.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=IncognitoModeAvailability",

"pfm_name": "IncognitoModeAvailability",

"pfm_range_list": [0, 1, 2],

"pfm_range_list_titles": ["Incognito mode available", "Incognito mode disabled", "Incognito mode forced"],

"pfm_title": "Incognito mode availability",

"pfm_type": "integer"

},

{

"pfm_app_min": "85",

"pfm_description": "When enabled, the IntensiveWakeUpThrottling feature causes JavaScript timers in background tabs to be aggressively throttled and coalesced, running no more than once per minute after a page has been backgrounded for 5 minutes or more.",

"pfm_description_reference": "When enabled the IntensiveWakeUpThrottling feature causes Javascript timers in background tabs to be aggressively throttled and coalesced, running no more than once per minute after a page has been backgrounded for 5 minutes or more.\n\nThis is a web standards compliant feature, but it may break functionality on some websites by causing certain actions to be delayed by up to a minute. However, it results in significant CPU and battery savings when enabled. See https://bit.ly/30b1XR4 for more details.\n\nIf this policy is set to enabled then the feature will be force enabled, and users will not be able to override this.\n\nIf this policy is set to disabled then the feature will be force disabled, and users will not be able to override this.\n\nIf this policy is left unset then the feature will be controlled by its own internal logic, which can be manually configured by users.\n\nNote that the policy is applied per renderer process, with the most recent value of the policy setting in force when a renderer process starts. A full restart is required to ensure that all loaded tabs receive a consistent policy setting. It is harmless for processes to be running with different values of this policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=IntensiveWakeUpThrottlingEnabled",

"pfm_name": "IntensiveWakeUpThrottlingEnabled",

"pfm_note": "This is a web standards compliant feature, but it may break functionality on some websites by causing certain actions to be delayed by up to a minute. However, it results in significant CPU and battery savings when enabled. See https://bit.ly/30b1XR4 for more details.",

"pfm_title": "Enable Intensive Wake Up Throttling",

"pfm_type": "boolean"

},

{

"pfm_app_min": "63",

"pfm_description": "If the policy is enabled, each of the named origins in a comma-separated list will run in its own process. This will also isolate origins named by subdomains; e.g. specifying https://example.com/ will also cause https://foo.example.com/ to be isolated as part of the https://example.com/ site. If the policy is disabled, no explicit Site Isolation will happen and field trials of IsolateOrigins and SitePerProcess will be disabled. Users will still be able to enable IsolateOrigins manually. If the policy is not configured, the user will be able to change this setting. On Google Chrome OS, it is recommended to also set the DeviceLoginScreenIsolateOrigins device policy to the same value. If the values specified by the two policies don't match, a delay may be incurred when entering a user session while the value specified by user policy is being applied.",

"pfm_description_reference": "If the policy is enabled, each of the named origins in a comma-separated list will run in its own process. This will also isolate origins named by subdomains; e.g. specifying https://example.com/ will also cause https://foo.example.com/ to be isolated as part of the https://example.com/ site. If the policy is disabled, no explicit Site Isolation will happen and field trials of IsolateOrigins and SitePerProcess will be disabled. Users will still be able to enable IsolateOrigins manually. If the policy is not configured, the user will be able to change this setting. On Google Chrome OS, it is recommended to also set the DeviceLoginScreenIsolateOrigins device policy to the same value. If the values specified by the two policies don't match, a delay may be incurred when entering a user session while the value specified by user policy is being applied.\n\nNOTE: This policy does not apply on Android. To enable IsolateOrigins on Android, use the IsolateOriginsAndroid policy setting.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=IsolateOrigins",

"pfm_name": "IsolateOrigins",

"pfm_title": "Enable Site Isolation for specified origins",

"pfm_type": "string"

},

{

"pfm_default": true,

"pfm_app_deprecated": "15",

"pfm_app_min": "8",

"pfm_description": "This policy is deprecated, please use DefaultJavaScriptSetting instead.\n\nCan be used to disabled JavaScript in Google Chrome.",

"pfm_description_reference": "This policy is deprecated, please use DefaultJavaScriptSetting instead.\n\nCan be used to disabled JavaScript in Google Chrome.\n\nIf this setting is disabled, web pages cannot use JavaScript and the user cannot change that setting.\n\nIf this setting is enabled or not set, web pages can use JavaScript but the user can change that setting.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=JavascriptEnabled",

"pfm_name": "JavascriptEnabled",

"pfm_title": "Javascript Enabled",

"pfm_type": "boolean"

},

{

"pfm_app_min": "81",

"pfm_description": "This policy controls access to controllable features in the local discovery UI (chrome://devices) which shows discoverable devices near the user as well as cloud devices registered to them. On all operating systems except for Google Chrome OS, the local discovery UI also allows users to add classic printers connected to their computers to Google Cloud Print.",

"pfm_description_reference": "This policy controls access to controllable features in the local discovery UI (chrome://devices) which shows discoverable devices near the user as well as cloud devices registered to them. On all operating systems except for Google Chrome OS, the local discovery UI also allows users to add classic printers connected to their computers to Google Cloud Print.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=LocalDiscoveryEnabled",

"pfm_name": "LocalDiscoveryEnabled",

"pfm_title": "Enable chrome://devices",

"pfm_type": "boolean"

},

{

"pfm_app_min": "86",

"pfm_description": "This policy prevents the display of lookalike URL warnings on the sites listed. These warnings are typically shown on sites that Google Chrome believes might be trying to spoof another site the user is familiar with. If the policy is enabled and set to one or more domains, no lookalike warnings pages will be shown when the user visits pages on that domain. If the policy is disabled, not set, or set to an empty list, warnings may appear on any site the user visits.",

"pfm_description_reference": "This policy prevents the display of lookalike URL warnings on the sites listed. These warnings are typically shown on sites that Google Chrome believes might be trying to spoof another site the user is familiar with.\n\nIf the policy is enabled and set to one or more domains, no lookalike warnings pages will be shown when the user visits pages on that domain.\n\nIf the policy is disabled, not set, or set to an empty list, warnings may appear on any site the user visits.\n\nA hostname can be allowed with a complete host match, or any domain match. For example, a URL like \"https://foo.example.com/bar\" may have warnings suppressed if this list includes either \"foo.example.com\" or \"example.com\".",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=LookalikeWarningAllowlistDomains",

"pfm_name": "LookalikeWarningAllowlistDomains",

"pfm_note": "A hostname can be allowed with a complete host match, or any domain match.",

"pfm_subkeys": [

{

"pfm_title": "Domain",

"pfm_type": "string"

}],

"pfm_title": "Suppress lookalike domain warnings on domains",

"pfm_type": "array"

},

{

"pfm_app_deprecated": "72",

"pfm_app_min": "66",

"pfm_description": "The enrollment token of cloud policy on desktop. This policy is deprecated in M72. Please use CloudManagementEnrollmentToken instead.",

"pfm_description_reference": "The enrollment token of cloud policy on desktop. This policy is deprecated in M72. Please use CloudManagementEnrollmentToken instead.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=MachineLevelUserCloudPolicyEnrollmentToken",

"pfm_name": "MachineLevelUserCloudPolicyEnrollmentToken",

"pfm_title": "The enrollment token of cloud policy on desktop",

"pfm_type": "string",

"pfm_value_placeholder": "ex. 37185d02-e055-11e7-80c1-9a214cf093ae"

},

{

"pfm_app_min": "37",

"pfm_description": "Configures a list of managed bookmarks.",

"pfm_description_reference": "Configures a list of managed bookmarks.\n\nThe policy consists of a list of bookmarks whereas each bookmark is a dictionary containing the keys \"name\" and \"url\" which hold the bookmark's name and its target. A subfolder may be configured by defining a bookmark without an \"url\" key but with an additional \"children\" key which itself contains a list of bookmarks as defined above (some of which may be folders again). Google Chrome amends incomplete URLs as if they were submitted via the Omnibox, for example \"google.com\" becomes \"https://google.com/\".\n\nThese bookmarks are placed in a folder that can't be modified by the user (but the user can choose to hide it from the bookmark bar). By default the folder name is \"Managed bookmarks\" but it can be customized by adding to the list of bookmarks a dictionary containing the key \"toplevel_name\" with the desired folder name as the value.\n\nManaged bookmarks are not synced to the user account and can't be modified by extensions.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks",

"pfm_name": "ManagedBookmarks",

"pfm_title": "Managed Bookmarks",

"pfm_subkeys": [

{

"pfm_description": "",

"pfm_name": "ManagedBookmark",

"pfm_subkeys": [

{

"pfm_description": "Name of the bookmark.",

"pfm_description_reference": "",

"pfm_name": "name",

"pfm_type": "string"

},

{

"pfm_description": "URL for the bookmark.",

"pfm_description_reference": "",

"pfm_name": "url",

"pfm_type": "string"

}, null],

"pfm_title": "",

"pfm_type": "dictionary"

},

{

"pfm_description": "The top-level managed bookmarks folder name.",

"pfm_subkeys": [

{

"pfm_name": "toplevel_name",

"pfm_title": "Top Level Name",

"pfm_type": "string"

}],

"pfm_title": "Managed Bookmarks Folder Name",

"pfm_type": "dictionary"

}],

"pfm_type": "array"

},

{

"pfm_default": 32,

"pfm_app_min": "14",

"pfm_description": "Specifies the maximal number of simultaneous connections to the proxy server.",

"pfm_description_reference": "Specifies the maximal number of simultaneous connections to the proxy server.\n\nSome proxy servers can not handle high number of concurrent connections per client and this can be solved by setting this policy to a lower value.\n\nThe value of this policy should be lower than 100 and higher than 6 and the default value is 32.\n\nSome web apps are known to consume many connections with hanging GETs, so lowering below 32 may lead to browser networking hangs if too many such web apps are open. Lower below the default at your own risk.\n\nIf this policy is left not set the default value will be used which is 32.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=MaxConnectionsPerProxy",

"pfm_name": "MaxConnectionsPerProxy",

"pfm_title": "Maximal number of concurrent connections to the proxy server",

"pfm_type": "integer",

"pfm_value_unit": "connections"

},

{

"pfm_app_min": "30",

"pfm_default": 5000,

"pfm_description": "Specifies the maximum delay in milliseconds between receiving a policy invalidation and fetching the new policy from the device management service.",

"pfm_description_reference": "Specifies the maximum delay in milliseconds between receiving a policy invalidation and fetching the new policy from the device management service.\n\nSetting this policy overrides the default value of 5000 milliseconds. Valid values for this policy are in the range from 1000 (1 second) to 300000 (5 minutes). Any values not in this range will be clamped to the respective boundary.\n\nLeaving this policy not set will make Google Chrome use the default value of 5000 milliseconds.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=MaxInvalidationFetchDelay",

"pfm_name": "MaxInvalidationFetchDelay",

"pfm_range_max": 300000,

"pfm_range_min": 1000,

"pfm_title": "Maximum fetch delay after a policy invalidation",

"pfm_type": "integer",

"pfm_value_unit": "milliseconds"

},

{

"pfm_app_min": "87",

"pfm_description": "By default the browser will show media recommendations that are personalized to the user. Setting this policy to Disabled will result in these recommendations being hidden from the user. Setting this policy to Enabled or leaving it unset will result in the media recommendations being shown to the user.",

"pfm_description_reference": "By default the browser will show media recommendations that are personalized to the user. Setting this policy to Disabled will result in these recommendations being hidden from the user. Setting this policy to Enabled or leaving it unset will result in the media recommendations being shown to the user.\n\ntrue = Show media recommendations to the user\nfalse = Hide media recommendations from the user",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=MediaRecommendationsEnabled",

"pfm_name": "MediaRecommendationsEnabled",

"pfm_title": "Enable Media Recommendations",

"pfm_type": "boolean"

},

{

"pfm_app_min": "67",

"pfm_description": "If this policy is set to true, Google Cast will connect to Cast devices on all IP addresses, not just RFC1918/RFC4913 private addresses.",

"pfm_description_reference": "If this policy is set to true, Google Cast will connect to Cast devices on all IP addresses, not just RFC1918/RFC4913 private addresses.\n\nIf this policy is set to false, Google Cast will connect to Cast devices on RFC1918/RFC4913 private addresses only.\n\nIf this policy is not set, Google Cast will connect to Cast devices on RFC1918/RFC4913 private addresses only, unless the CastAllowAllIPs feature is enabled.\n\nIf the policy \"EnableMediaRouter\" is set to false, then this policy's value would have no effect.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=MediaRouterCastAllowAllIPs",

"pfm_name": "MediaRouterCastAllowAllIPs",

"pfm_title": "Allow Google Cast to connect to Cast devices on all IP addresses.",

"pfm_type": "boolean"

},

{

"pfm_app_min": "8",

"pfm_description": "Enables anonymous reporting of usage and crash-related data about Google Chrome to Google and prevents users from changing this setting.",

"pfm_description_reference": "Enables anonymous reporting of usage and crash-related data about Google Chrome to Google and prevents users from changing this setting.\n\nIf this setting is enabled, anonymous reporting of usage and crash-related data is sent to Google. If it is disabled, this information is not sent to Google. In both cases, users cannot change or override the setting. If this policy is left not set, the setting will be what the user chose upon installation / first run.\n\nThis policy is not available on Windows instances that are not joined to a Microsoft® Active Directory® domain. (For Chrome OS, see DeviceMetricsReportingEnabled.)",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=MetricsReportingEnabled",

"pfm_name": "MetricsReportingEnabled",

"pfm_title": "Enable reporting of usage and crash-related data",

"pfm_type": "boolean"

},

{

"pfm_app_min": "88",

"pfm_description": "This policy controls the visibility of cards on the New Tab Page. Cards surface entry points to launch common user journeys based on the user's browsing behavior.\n\nIf the policy is set to Enabled, the New Tab Page will show cards if content is available.\n\nIf the policy is set to Disabled, the New Tab Page won't show cards.",

"pfm_description_reference": "This policy controls the visibility of cards on the New Tab Page. Cards surface entry points to launch common user journeys based on the user's browsing behavior.\n\nIf the policy is set to Enabled, the New Tab Page will show cards if content is available.\n\nIf the policy is set to Disabled, the New Tab Page won't show cards.\n\nIf the policy is not set, the user can control the card visibility. The default is visible.\n\ntrue = New Tab Page will show cards if content is available\nfalse = New Tab Page will not show cards\nnull = New Tab Page will show cards if content is available, but allow the user to change this setting",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NTPCardsVisible",

"pfm_name": "NTPCardsVisible",

"pfm_title": "Show cards on the New Tab Page",

"pfm_type": "boolean"

},

{

"pfm_app_min": "80",

"pfm_default": true,

"pfm_description": "Allow users to customize the background on the New Tab page",

"pfm_description_reference": "If the policy is set to false, the New Tab page won't allow users to customize the background. Any existing custom background will be permanently removed even if the policy is set to true later.\n\nIf the policy is set to true or unset, users can customize the background on the New Tab page.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NTPCustomBackgroundEnabled",

"pfm_name": "NTPCustomBackgroundEnabled",

"pfm_title": "Allow New Tab page background customization",

"pfm_type": "boolean"

},

{

"pfm_app_min": "38",

"pfm_description": "(Deprecated in 50, removed in 52. After 52, if value 1 is set, it will be treated as 0 - predict network actions on any network connection.)\nEnables network prediction in Google Chrome and prevents users from changing this setting.",

"pfm_description_reference": "0 - Predict network actions on any network connection\n1 - Predict network actions on any network that is not cellular.\n(Deprecated in 50, removed in 52. After 52, if value 1 is set, it will be treated as 0 - predict network actions on any network connection.)\n2 - Do not predict network actions on any network connection\nEnables network prediction in Google Chrome and prevents users from changing this setting.\n\nThis controls DNS prefetching, TCP and SSL preconnection and prerendering of web pages.\n\nIf you set this policy, users cannot change or override this setting in Google Chrome.\n\nIf this policy is left not set, network prediction will be enabled but the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NetworkPredictionOptions",

"pfm_name": "NetworkPredictionOptions",

"pfm_range_list": [0, 1, 2],

"pfm_range_list_titles": ["Predict network actions on any network connection", "Predict network actions on any network that is not cellular.", "Do not predict network actions on any network connection"],

"pfm_title": "Enable network prediction",

"pfm_type": "integer"

},

{

"pfm_app_min": "69",

"pfm_description": "The policy specifies a list of origins (URLs) or hostname patterns (such as \"*.example.com\") to be treated as secure contexts. The intent is to allow organizations to set up a staging server for internal web development, so that their developers can test out features requiring secure contexts without having to deploy TLS on the staging server.\n\nSetting a list of URLs in this policy has the same effect as setting the command-line flag '--unsafely-treat-insecure-origin-as-secure' to a comma-separated list of the same URLs. If the policy is set, it will override the command-line flag.\n\nFor more information on secure contexts, see https://www.w3.org/TR/secure-contexts/",

"pfm_description_reference": "The policy specifies a list of origins (URLs) or hostname patterns (such as \"*.example.com\") to be treated as secure contexts. The intent is to allow organizations to set up a staging server for internal web development, so that their developers can test out features requiring secure contexts without having to deploy TLS on the staging server.\n\nSetting a list of URLs in this policy has the same effect as setting the command-line flag '--unsafely-treat-insecure-origin-as-secure' to a comma-separated list of the same URLs. If the policy is set, it will override the command-line flag.\n\nFor more information on secure contexts, see https://www.w3.org/TR/secure-contexts/",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=OverrideSecurityRestrictionsOnInsecureOrigin",

"pfm_name": "OverrideSecurityRestrictionsOnInsecureOrigin",

"pfm_subkeys": [

{

"pfm_type": "string"

}],

"pfm_title": "Origins or hostname patterns to be treated as secure context.",

"pfm_type": "array"

},

{

"pfm_app_min": "80",

"pfm_default": true,

"pfm_description": "Allows you to set whether websites are allowed to check if the user has payment methods saved.",

"pfm_description_reference": "Allows you to set whether websites are allowed to check if the user has payment methods saved.\n\nIf this policy is set to disabled, websites that use PaymentRequest.canMakePayment or PaymentRequest.hasEnrolledInstrument API will be informed that no payment methods are available.\n\nIf the setting is enabled or not set then websites are allowed to check if the user has payment methods saved.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PaymentMethodQueryEnabled",

"pfm_name": "PaymentMethodQueryEnabled",

"pfm_title": "Payment Method Query",

"pfm_type": "boolean"

},

{

"pfm_app_min": "78",

"pfm_default": true,

"pfm_description": "Enables the concept of policy atomic groups.",

"pfm_description_reference": "If this policy is enabled, policies coming from the an atomic group that do not share the source with the highest priority from that group will be ignored.\n\nIf this policy is disabled, no policy will be ignored because of its source. Policies will be ignored only if there is a conflict and the policy does not have the highest priority.\n\nIf this policy ist set from a cloud source, it cannot target a specific user.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PolicyAtomicGroupsEnabled",

"pfm_name": "PolicyAtomicGroupsEnabled",

"pfm_note": "If this policy ist set from a cloud source, it cannot target a specific user.",

"pfm_title": "Enable Policy Atomic Groups",

"pfm_type": "boolean"

},

{

"pfm_app_min": "76",

"pfm_description": "Allows the selected policies to be merged when they come from different sources, with the same scopes and level. Entered strings must match a Chrome policy / key name that uses a dictionary for its data type.",

"pfm_description_reference": "Allows the selected policies to be merged when they come from different sources, with the same scopes and level.\n\nThe merging consists in merging the first level keys of the dictionary from each source. In case of conflict between keys, the key coming from the highest priority source will be applied.\n\nIf a policy is in the list, in case there is conflict between two sources, given that they have the same scopes and level, the values will be merged into a new policy dictionary.\n\nIf a policy is in the list, in case there is conflict between two sources but also between different scopes and/or level, the policy with the highest priority will be applied.\n\nIf a policy is not in the list, in case there is any conflict between sources, scopes and/or level, the policy with the highest priority will be applied.\n\nContentPackManualBehaviorURLs = Managed user manual exception URLs\nDeviceLoginScreenPowerManagement = Power management on the login screen\nExtensionSettings = Extension management settings\nKeyPermissions = Key Permissions\nPowerManagementIdleSettings = Power management settings when the user becomes idle\nScreenBrightnessPercent = Screen brightness percent\nScreenLockDelays = Screen lock delays",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PolicyDictionaryMultipleSourceMergeList",

"pfm_name": "PolicyDictionaryMultipleSourceMergeList",

"pfm_note": "If a policy is in the list, in case there is conflict between two sources, given that they have the same scopes and level, the values will be merged into a new policy dictionary.\n\nIf a policy is in the list, in case there is conflict between two sources but also between different scopes and/or level, the policy with the highest priority will be applied.\n\nIf a policy is not in the list, in case there is any conflict between sources, scopes and/or level, the policy with the highest priority will be applied.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "ex. ExtensionSettings"

}],

"pfm_title": "Allow merging dictionary policies from different sources",

"pfm_type": "array"

},

{

"pfm_app_min": "75",

"pfm_description": "Allows the selected policies to be merged when they come from different sources, with the same scopes and level. Entered strings must match a Chrome policy / key name that use an array (list) of strings for its data type.",

"pfm_description_reference": "Allows the selected policies to be merged when they come from different sources, with the same scopes and level.\n\nIf a policy is in the list, in case there is conflict between two sources, given that they have the same scopes and level, the values will be merged into a new policy list.\n\nIf a policy is in the list, in case there is conflict between two sources but also between different scopes and/or level, the policy with the highest priority will be applied.\n\nIf a policy is not in the list, in case there is any conflict between sources, scopes and/or level, the policy with the highest priority will be applied.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PolicyListMultipleSourceMergeList",

"pfm_name": "PolicyListMultipleSourceMergeList",

"pfm_note": "If a policy is in the list, in case there is conflict between two sources, given that they have the same scopes and level, the values will be merged into a new policy list.\n\nIf a policy is in the list, in case there is conflict between two sources but also between different scopes and/or level, the policy with the highest priority will be applied.\n\nIf a policy is not in the list, in case there is any conflict between sources, scopes and/or level, the policy with the highest priority will be applied.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "ex. ExtensionInstallWhitelist"

}],

"pfm_title": "Allow merging list policies from different sources",

"pfm_type": "array"

},

{

"pfm_app_min": "79",

"pfm_default": 10800000,

"pfm_description": "Refresh rate for user policy. Specifies the period in milliseconds at which the device management service is queried for user policy information. Setting this policy overrides the default value of 3 hours. Valid values for this policy are in the range from 1800000 (30 minutes) to 86400000 (1 day).",

"pfm_description_reference": "Specifies the period in milliseconds at which the device management service is queried for user policy information.\n\nSetting this policy overrides the default value of 3 hours. Valid values for this policy are in the range from 1800000 (30 minutes) to 86400000 (1 day). Any values not in this range will be clamped to the respective boundary. If the platform supports policy notifications, the refresh delay will be set to 24 hours because it is expected that policy notifications will force a refresh automatically whenever policy changes.\n\nLeaving this policy not set will make Google Chrome use the default value of 3 hours.\n\nNote that if the platform supports policy notifications, the refresh delay will be set to 24 hours (ignoring all defaults and the value of this policy) because it is expected that policy notifications will force a refresh automatically whenever policy changes, making more frequent refreshes unnecessary.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PolicyRefreshRate",

"pfm_name": "PolicyRefreshRate",

"pfm_note": "The default refresh rate is 3 hrs.",

"pfm_range_max": 86400000,

"pfm_range_min": "1800000",

"pfm_title": "Policy Refresh Rate",

"pfm_type": "integer",

"pfm_value_unit": "milliseconds"

},

{

"pfm_app_min": "88",

"pfm_description": "Specifies whether the profile picker is enabled, disabled or forced at the browser startup. By default the profile picker is not shown if the browser starts in guest or incognito mode, a profile directory and/or urls are specified by command line, an app is explicitly requested to open, the browser was launched by a native notification, there is only one profile available or the policy ForceBrowserSignin is set to true.",

"pfm_description_reference": "Specifies whether the profile picker is enabled, disabled or forced at the browser startup.\n\nBy default the profile picker is not shown if the browser starts in guest or incognito mode, a profile directory and/or urls are specified by command line, an app is explicitly requested to open, the browser was launched by a native notification, there is only one profile available or the policy ForceBrowserSignin is set to true.\n\nIf 'Enabled' (0) is selected or the policy is left unset, the profile picker will be shown at startup by default, but users will be able to enable/disable it.\n\nIf 'Disabled' (1) is selected, the profile picker will never be shown, and users will not be able to change the setting.\n\nIf 'Forced' (2) is selected, the profile picker cannot be suppressed by the user. The profile picker will be shown even if there is only one profile available.\n\n0 = Profile picker available at startup\n1 = Profile picker disabled at startup\n2 = Profile picker forced at startup",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ProfilePickerOnStartupAvailability",

"pfm_name": "ProfilePickerOnStartupAvailability",

"pfm_range_list": [0, 1, 2],

"pfm_range_list_titles": ["Profile picker available at startup", "Profile picker disabled at startup", "Profile picker forced at startup"],

"pfm_title": "Profile picker availabily on startup",

"pfm_type": "integer"

},

{

"pfm_app_min": "69",

"pfm_default": true,

"pfm_description": "Allows you to control the presentation of full-tab promotional and/or educational content in Google Chrome.",

"pfm_description_reference": "Allows you to control the presentation of full-tab promotional and/or educational content in Google Chrome.\n\nIf not configured or enabled (set to true), Google Chrome may show full-tab content to users to provide product information.\n\nIf disabled (set to false), Google Chrome will not show full-tab content to users to provide product information.\n\nThis setting controls the presentation of the welcome pages that help users sign into Google Chrome, choose it as their default browser, or otherwise inform them of product features.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PromotionalTabsEnabled",

"pfm_name": "PromotionalTabsEnabled",

"pfm_title": "Enable showing full-tab promotional content",

"pfm_type": "boolean"

},

{

"pfm_app_min": "64",

"pfm_description": "If the policy is enabled, the user will be asked where to save each file before downloading.\nIf the policy is disabled, downloads will start immediately, and the user will not be asked where to save the file.\nIf the policy is not configured, the user will be able to change this setting.",

"pfm_description_reference": "If the policy is enabled, the user will be asked where to save each file before downloading.\nIf the policy is disabled, downloads will start immediately, and the user will not be asked where to save the file.\nIf the policy is not configured, the user will be able to change this setting.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PromptForDownloadLocation",

"pfm_name": "PromptForDownloadLocation",

"pfm_title": "Ask where to save each file before downloading",

"pfm_type": "boolean"

},

{

"pfm_app_min": "18",

"pfm_description": "Configures the proxy settings for Google Chrome. These proxy settings will be available for ARC-apps too.\n\nIf you enable this setting, Google Chrome and ARC-apps ignore all proxy-related options specified from the command line.",

"pfm_description_reference": "Configures the proxy settings for Google Chrome. These proxy settings will be available for ARC-apps too.\n\nIf you enable this setting, Google Chrome and ARC-apps ignore all proxy-related options specified from the command line.\n\nLeaving this policy not set will allow the users to choose the proxy settings on their own.\n\nIf the ProxySettings policy is set, it will override any of the individual policies ProxyMode, ProxyPacUrl, ProxyServer, ProxyBypassList and ProxyServerMode.\n\nThe ProxyMode field allows you to specify the proxy server used by Google Chrome and prevents users from changing proxy settings.\n\nThe ProxyPacUrl field is a URL to a proxy .pac file.\n\nThe ProxyServer field is a URL of the proxy server.\n\nThe ProxyBypassList field is a list of proxy hosts that Google Chrome will bypass.\n\nThe ProxyServerMode field is deprecated in favor of the field 'ProxyMode'. It allows you to specify the proxy server used by Google Chrome and prevents users from changing proxy settings.\n\nIf you choose the value 'direct' as 'ProxyMode', a proxy will never be used and all other fields will be ignored.\n\nIf you choose the value 'system' as 'ProxyMode', the systems's proxy will be used and all other fields will be ignored.\n\nIf you choose the value 'auto_detect' as 'ProxyMode', all other fields will be ignored.\n\nIf you choose the value 'fixed_server' as 'ProxyMode', the 'ProxyServer' and 'ProxyBypassList' fields will be used.\n\nIf you choose the value 'pac_script' as 'ProxyMode', the 'ProxyPacUrl' and 'ProxyBypassList' fields will be used.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ProxySettings",

"pfm_name": "ProxySettings",

"pfm_note": "If the ProxySettings policy is set, it will override any of the individual policies ProxyMode, ProxyPacUrl, ProxyServer, ProxyBypassList and ProxyServerMode.",

"pfm_subkeys": [

{

"pfm_description": "",

"pfm_name": "ProxySetting",

"pfm_subkeys": [

{

"pfm_name": "ProxyMode",

"pfm_range_list": ["direct", "system", "auto_detect", "fixed_server", "pac_script"],

"pfm_range_list_titles": ["Never use proxy (ignores other fields)", "System (ignores other fields)", "Auto Detect (ignores other fields)", "Fixed (Uses ProxyServer & ProxyBypassList)", "Pac Script (Uses ProxyPacUrl & ProxyBypassList)"],

"pfm_type": "string"

},

{

"pfm_format": "^https?://.*.pac$",

"pfm_name": "ProxyPacUrl",

"pfm_type": "string",

"pfm_value_placeholder": "https://internal.site/example.pac"

},

{

"pfm_name": "ProxyServer",

"pfm_type": "string",

"pfm_value_placeholder": "123.123.123.123:8080"

},

{

"pfm_name": "ProxyBypassList",

"pfm_subkeys": [

{

"pfm_format": "^https?://.*",

"pfm_type": "string"

}],

"pfm_type": "array"

}],

"pfm_type": "array"

}],

"pfm_title": "Proxy Settings",

"pfm_type": "dictionary"

},

{

"pfm_app_min": "43",

"pfm_default": true,

"pfm_description": "If this policy is set to true or not set usage of QUIC protocol in Google Chrome is allowed.\nIf this policy is set to false usage of QUIC protocol is disallowed.",

"pfm_description_reference": "If this policy is set to true or not set usage of QUIC protocol in Google Chrome is allowed.\nIf this policy is set to false usage of QUIC protocol is disallowed.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=QuicAllowed",

"pfm_name": "QuicAllowed",

"pfm_title": "Allow QUIC protocol",

"pfm_type": "boolean"

},

{

"pfm_app_min": "66",

"pfm_description": "Notify users that Google Chrome must be relaunched to apply a pending update.",

"pfm_description_reference": "1 - Show a recurring prompt to the user indicating that a relaunch is recommended\n2 - Show a recurring prompt to the user indicating that a relaunch is required\nNotify users that Google Chrome must be relaunched to apply a pending update.\n\nThis policy setting enables notifications to inform the user that a browser relaunch is recommended or required. If not set, Google Chrome indicates to the user that a relaunch is needed via subtle changes to its menu. If set to 'Recommended', a recurring warning will be shown to the user that a relaunch is recommended. The user can dismiss this warning to defer the relaunch. If set to 'Required', a recurring warning will be shown to the user indicating that a browser relaunch will be forced once the notification period passes. This period is seven days by default, and may be configured via the RelaunchNotificationPeriod policy setting.\n\nThe user's session is restored following the relaunch.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RelaunchNotification",

"pfm_name": "RelaunchNotification",

"pfm_range_list": [1, 2],

"pfm_range_list_titles": ["Show a recurring prompt to the user indicating that a relaunch is recommended", "Show a recurring prompt to the user indicating that a relaunch is required"],

"pfm_title": "Notify a user that a browser relaunch is recommended or required",

"pfm_type": "integer"

},

{

"pfm_app_min": "67",

"pfm_description": "Allows you to set the time period, in milliseconds, over which users are notified that Google Chrome must be relaunched or that a Google Chrome OS device must be restarted to apply a pending update.",

"pfm_description_reference": "Allows you to set the time period, in milliseconds, over which users are notified that Google Chrome must be relaunched or that a Google Chrome OS device must be restarted to apply a pending update.\n\nOver this time period, the user will be repeatedly informed of the need for an update. For Google Chrome OS devices, a restart notification appears in the system tray when an upgrade is detected. This notification changes color once half of the notification period passes, and again once the full notification period has passed. For Google Chrome browsers, the app menu changes to indicate that a relaunch is needed once one third of the notification period passes. This notification changes color once two thirds of the notification period passes, and again once the full notification period has passed. The additional notifications enabled by the RelaunchNotification policy for browsers follow this same schedule.\n\nIf not set, the default period of 345600000 milliseconds (four days) is used for Google Chrome OS devices and 604800000 milliseconds (one week) for browsers.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RelaunchNotificationPeriod",

"pfm_name": "RelaunchNotificationPeriod",

"pfm_title": "Update time period",

"pfm_type": "integer",

"pfm_value_unit": "milliseconds"

},

{

"pfm_app_min": "21",

"pfm_description": "Contains a regular expression which is used to determine which users can sign in to Google Chrome.",

"pfm_description_reference": "Contains a regular expression which is used to determine which users can sign in to Google Chrome.\n\nAn appropriate error is displayed if a user tries to log in with a username that does not match this pattern.\n\nIf this policy is left not set or blank, then any user can sign in to Google Chrome.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RestrictSigninToPattern",

"pfm_name": "RestrictSigninToPattern",

"pfm_title": "Restrict which users are allowed to sign in to Google Chrome",

"pfm_type": "string",

"pfm_value_placeholder": ".*@example.com"

},

{

"pfm_app_min": "63",

"pfm_default": false,

"pfm_description": "If you enable this setting, all Flash content embedded on websites that have been set to allow Flash in content settings -- either by the user or by enterprise policy -- will be run, including content from other origins or small content.",

"pfm_description_reference": "If you enable this setting, all Flash content embedded on websites that have been set to allow Flash in content settings -- either by the user or by enterprise policy -- will be run, including content from other origins or small content.\n\nTo control which websites are allowed to run Flash, see the \"DefaultPluginsSetting\", \"PluginsAllowedForUrls\", and \"PluginsBlockedForUrls\" policies.\n\nIf this setting is disabled or not set, Flash content from other origins or small content might be blocked.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RunAllFlashInAllowMode",

"pfm_name": "RunAllFlashInAllowMode",

"pfm_title": "Extend Flash content setting to all content",

"pfm_type": "boolean"

},

{

"pfm_app_min": "44",

"pfm_default": true,

"pfm_description": "Chrome shows a warning page when users navigate to sites that have SSL errors. By default or when this policy is set to true, users are allowed to click through these warning pages.\nSetting this policy to false disallows users to click through any warning page.",

"pfm_description_reference": "Chrome shows a warning page when users navigate to sites that have SSL errors. By default or when this policy is set to true, users are allowed to click through these warning pages.\nSetting this policy to false disallows users to click through any warning page.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SSLErrorOverrideAllowed",

"pfm_name": "SSLErrorOverrideAllowed",

"pfm_title": "Allow proceeding from the SSL warning page",

"pfm_type": "boolean"

},

{

"pfm_app_min": "66",

"pfm_description": "If this policy is not configured then Google Chrome uses a default minimum version which is TLS 1.0.",

"pfm_description_reference": "tls1 - TLS 1.0\ntls1.1 - TLS 1.1\ntls1.2 - TLS 1.2\nIf this policy is not configured then Google Chrome uses a default minimum version which is TLS 1.0.\n\nOtherwise it may be set to one of the following values: \"tls1\", \"tls1.1\" or \"tls1.2\". When set, Google Chrome will not use SSL/TLS versions less than the specified version. An unrecognized value will be ignored.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SSLVersionMin",

"pfm_name": "SSLVersionMin",

"pfm_range_list": ["tls1", "tls1.1", "tls1.2"],

"pfm_range_list_titles": ["TLS 1.0", "TLS 1.1", "TLS 1.2"],

"pfm_title": "Minimum SSL version enabled",

"pfm_type": "string"

},

{

"pfm_app_min": "69",

"pfm_description": "This policy controls the application of the SafeSites URL filter.\nThis filter uses the Google Safe Search API to classify URLs as pornographic or not.",

"pfm_description_reference": "0 - Do not filter sites for adult content\n1 - Filter top level sites (but not embedded iframes) for adult content\nThis policy controls the application of the SafeSites URL filter.\nThis filter uses the Google Safe Search API to classify URLs as pornographic or not.\n\nWhen this policy is not configured or set to \"Do not filter sites for adult content\", sites will not be filtered.\n\nWhen this policy is set to \"Filter top level sites for adult content\", sites classified as pornographic will be filtered.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SafeSitesFilterBehavior",

"pfm_name": "SafeSitesFilterBehavior",

"pfm_range_list": [0, 1],

"pfm_range_list_titles": ["Do not filter sites for adult content", "Filter top level sites (but not embedded iframes) for adult content"],

"pfm_title": "Control SafeSites adult content filtering.",

"pfm_type": "integer"

},

{

"pfm_app_min": "8",

"pfm_default": false,

"pfm_description": "Disables saving browser history in Google Chrome and prevents users from changing this setting.",

"pfm_description_reference": "Disables saving browser history in Google Chrome and prevents users from changing this setting.\n\nIf this setting is enabled, browsing history is not saved. This setting also disables tab syncing.\n\nIf this setting is disabled or not set, browsing history is saved.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SavingBrowserHistoryDisabled",

"pfm_name": "SavingBrowserHistoryDisabled",

"pfm_title": "Disable saving browser history",

"pfm_type": "boolean"

},

{

"pfm_app_min": "81",

"pfm_default": true,

"pfm_description": "If enabled or not configured (default), a Web page can use screen-share APIs (e.g., getDisplayMedia() or the Desktop Capture extension API) to prompt the user to select a tab, window or desktop to capture.",

"pfm_description_reference": "If enabled or not configured (default), a Web page can use screen-share APIs (e.g., getDisplayMedia() or the Desktop Capture extension API) to prompt the user to select a tab, window or desktop to capture.\n\nWhen this policy is disabled, any calls to screen-share APIs will fail with an error.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ScreenCaptureAllowed",

"pfm_name": "ScreenCaptureAllowed",

"pfm_title": "Screen Capture",

"pfm_type": "boolean"

},

{

"pfm_app_min": "83",

"pfm_default": true,

"pfm_description": "This feature allows for hyperlinks and address bar URL navigations to target specific text within a web page, which will be scrolled to once the loading of the web page is complete.",

"pfm_description_reference": "This feature allows for hyperlinks and address bar URL navigations to target specific text within a web page, which will be scrolled to once the loading of the web page is complete.\n\nIf you enable or don't configure this policy, web page scrolling to specific text fragments via URL will be enabled.\n\nIf you disable this policy, web page scrolling to specific text fragments via URL will be disabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ScrollToTextFragmentEnabled",

"pfm_name": "ScrollToTextFragmentEnabled",

"pfm_title": "Enable scroll to text fragment",

"pfm_type": "boolean"

},

{

"pfm_app_min": "8",

"pfm_description": "Enables search suggestions in Google Chrome's omnibox and prevents users from changing this setting.",

"pfm_description_reference": "Enables search suggestions in Google Chrome's omnibox and prevents users from changing this setting.\n\nIf you enable this setting, search suggestions are used.\n\nIf you disable this setting, search suggestions are never used.\n\nIf you enable or disable this setting, users cannot change or override this setting in Google Chrome.\n\nIf this policy is left not set, this will be enabled but the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SearchSuggestEnabled",

"pfm_name": "SearchSuggestEnabled",

"pfm_title": "Enable search suggestions",

"pfm_type": "boolean"

},

{

"pfm_app_min": "65",

"pfm_description": "Specifies URLs and domains for which no prompt will be shown when attestation certificates from Security Keys are requested. Additionally, a signal will be sent to the Security Key indicating that individual attestation may be used. Without this, users will be prompted in Chrome 65+ when sites request attestation of Security Keys.",

"pfm_description_reference": "Specifies URLs and domains for which no prompt will be shown when attestation certificates from Security Keys are requested. Additionally, a signal will be sent to the Security Key indicating that individual attestation may be used. Without this, users will be prompted in Chrome 65+ when sites request attestation of Security Keys.\n\nURLs (like https://example.com/some/path) will only match as U2F appIDs. Domains (like example.com) only match as webauthn RP IDs. Thus, to cover both U2F and webauthn APIs for a given site, both the appID URL and domain would need to be listed.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SecurityKeyPermitAttestation",

"pfm_name": "SecurityKeyPermitAttestation",

"pfm_subkeys": [

{

"pfm_type": "string"

}],

"pfm_title": "URLs/domains automatically permitted direct Security Key attestation",

"pfm_type": "array"

},

{

"pfm_app_min": "79",

"pfm_default": true,

"pfm_description": "Enables the Shared Clipboard feature which allows users to send text between Chrome Desktops and an Android device when Sync is enabled and the user is Signed-in.",

"pfm_description_reference": "Enable the Shared Clipboard feature which allows users to send text between Chrome Desktops and an Android device when Sync is enabled and the user is Signed-in.\n\nIf this policy is set to true, the capability of sending text, cross device, for chrome user is enabled.\n\nIf this policy is set to false, the capability of sending text, cross device, for chrome user is disabled.\n\nIf you set this policy, users cannot change or override it.\n\nIf this policy is left unset, the shared clipboard feature is enabled by default.\n\nIt is up to the admins to set policies in all platforms they care about. It's recommended to set this policy to one value in all platforms.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SharedClipboardEnabled",

"pfm_name": "SharedClipboardEnabled",

"pfm_note": "It is up to the admins to set policies in all platforms they care about. It's recommended to set this policy to one value in all platforms.",

"pfm_title": "Enable Shared Clipboard",

"pfm_type": "boolean"

},

{

"pfm_app_min": "37",

"pfm_description": "Enables or disables the apps shortcut in the bookmark bar.",

"pfm_description_reference": "Enables or disables the apps shortcut in the bookmark bar.\n\nIf this policy is not set then the user can choose to show or hide the apps shortcut from the bookmark bar context menu.\n\nIf this policy is configured then the user can't change it, and the apps shortcut is always shown or never shown.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ShowAppsShortcutInBookmarkBar",

"pfm_name": "ShowAppsShortcutInBookmarkBar",

"pfm_title": "Show the apps shortcut in the bookmark bar",

"pfm_type": "boolean"

},

{

"pfm_app_min": "86",

"pfm_description": "This feature enables display of the full URL in the address bar. If this policy is set to True, then the full URL will be shown in the address bar, including schemes and subdomains. If this policy is set to False, then the default URL display will apply.",

"pfm_description_reference": "This feature enables display of the full URL in the address bar. If this policy is set to True, then the full URL will be shown in the address bar, including schemes and subdomains. If this policy is set to False, then the default URL display will apply. If this policy is left unset, then the default URL display will apply and the user will be able to toggle between default and full URL display with a context menu option.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ShowFullUrlsInAddressBar",

"pfm_name": "ShowFullUrlsInAddressBar",

"pfm_title": "Show Full URLs",

"pfm_type": "boolean"

},

{

"pfm_app_min": "75",

"pfm_default": true,

"pfm_description": "Enable support for Signed HTTP Exchange (SXG).",

"pfm_description_reference": "Enable support for Signed HTTP Exchange (SXG).\n\nIf this policy is unset or set to Enabled, Google Chrome will accept web contents served as Signed HTTP Exchanges.\n\nIf this policy is set to Disabled, Signed HTTP Exchanges cannot be loaded.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SignedHTTPExchangeEnabled",

"pfm_name": "SignedHTTPExchangeEnabled",

"pfm_title": "Enabled Signed HTTP Exchange (SXG) support",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "30",

"pfm_app_min": "27",

"pfm_description": "This policy is deprecated, consider using BrowserSignin instead.\n\nAllows the user to sign in to Google Chrome.",

"pfm_description_reference": "This policy is deprecated, consider using BrowserSignin instead.\n\nAllows the user to sign in to Google Chrome.\n\nIf you set this policy, you can configure whether a user is allowed to sign in to Google Chrome. Setting this policy to 'False' will prevent apps and extensions that use the chrome.identity API from functioning, so you may want to use SyncDisabled instead.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SigninAllowed",

"pfm_name": "SigninAllowed",

"pfm_title": "Allow sign in",

"pfm_type": "boolean"

},

{

"pfm_app_min": "88",

"pfm_description": "This settings enables or disables signin interception. When this policy not set or is set to True, the signin interception dialog triggers when a Google account is added on the web, and the user may benefit from moving this account to another (new or existing) profile. When this is set to False, the signin interception dialog does not trigger.",

"pfm_description_reference": "This settings enables or disables signin interception.\n\nWhen this policy not set or is set to True, the signin interception dialog triggers when a Google account is added on the web, and the user may benefit from moving this account to another (new or existing) profile.\n\nWhen this is set to False, the signin interception dialog does not trigger.\n\ntrue = Enable signin interception\nfalse = Disable signin interception\nnull = Enable signin interception",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SigninInterceptionEnabled",

"pfm_name": "SigninInterceptionEnabled",

"pfm_title": "Enable signin interception",

"pfm_type": "boolean"

},

{

"pfm_app_min": "63",

"pfm_description": "You might want to look at the IsolateOrigins policy setting to get the best of both worlds, isolation and limited impact for users, by using IsolateOrigins with a list of the sites you want to isolate. This setting, SitePerProcess, isolates all sites. If the policy is enabled, each site will run in its own process. If the policy is disabled, no explicit Site Isolation will happen and field trials of IsolateOrigins and SitePerProcess will be disabled. Users will still be able to enable SitePerProcess manually. If the policy is not configured, the user will be able to change this setting. On Google Chrome OS, it is recommended to also set the DeviceLoginScreenSitePerProcess device policy to the same value. If the values specified by the two policies don't match, a delay may be incurred when entering a user session while the value specified by user policy is being applied.",

"pfm_description_reference": "You might want to look at the IsolateOrigins policy setting to get the best of both worlds, isolation and limited impact for users, by using IsolateOrigins with a list of the sites you want to isolate. This setting, SitePerProcess, isolates all sites. If the policy is enabled, each site will run in its own process. If the policy is disabled, no explicit Site Isolation will happen and field trials of IsolateOrigins and SitePerProcess will be disabled. Users will still be able to enable SitePerProcess manually. If the policy is not configured, the user will be able to change this setting. On Google Chrome OS, it is recommended to also set the DeviceLoginScreenSitePerProcess device policy to the same value. If the values specified by the two policies don't match, a delay may be incurred when entering a user session while the value specified by user policy is being applied.\n\nNOTE: This policy does not apply on Android. To enable SitePerProcess on Android, use the SitePerProcessAndroid policy setting.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SitePerProcess",

"pfm_name": "SitePerProcess",

"pfm_title": "Enable Site Isolation for every site",

"pfm_type": "boolean"

},

{

"pfm_app_min": "22",

"pfm_description": "Google Chrome can use a Google web service to help resolve spelling errors. If this setting is enabled, then this service is always used. If this setting is disabled, then this service is never used.",

"pfm_description_reference": "Google Chrome can use a Google web service to help resolve spelling errors. If this setting is enabled, then this service is always used. If this setting is disabled, then this service is never used.\n\nSpell checking can still be performed using a downloaded dictionary; this policy only controls the usage of the online service.\n\nIf this setting is not configured then users can choose whether the spell checking service should be used or not.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SpellCheckServiceEnabled",

"pfm_name": "SpellCheckServiceEnabled",

"pfm_title": "Enable or disable spell checking web service",

"pfm_type": "boolean"

},

{

"pfm_app_min": "65",

"pfm_description": "If this policy is not set or enabled, the user is allowed to use spellcheck.",

"pfm_description_reference": "If this policy is not set or enabled, the user is allowed to use spellcheck.\n\nIf this policy is disabled, the user is not allowed to use spellcheck. The SpellcheckLanguage policy will also be ignored when this policy is disabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SpellcheckEnabled",

"pfm_name": "SpellcheckEnabled",

"pfm_title": "Enable spellcheck",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "84",

"pfm_app_min": "80",

"pfm_default": true,

"pfm_description": "This policy controls the treatment for mixed content (HTTP content in HTTPS sites) in the browser. If the policy is set to true or unset, audio and video mixed content will be autoupgraded to HTTPS (i.e. the URL will be rewritten as HTTPS, without a fallback if the resource is not available over HTTPS) and a 'Not Secure' warning will be shown in the URL bar for image mixed content. If the policy is set to false, autoupgrades will be disabled for audio and video, and no warning will be shown for images. This policy does not affect other types of mixed content other than audio, video, and images. This policy will no longer take effect starting in Google Chrome 84.",

"pfm_description_reference": "This policy controls the treatment for mixed content (HTTP content in HTTPS sites) in the browser. If the policy is set to true or unset, audio and video mixed content will be autoupgraded to HTTPS (i.e. the URL will be rewritten as HTTPS, without a fallback if the resource is not available over HTTPS) and a 'Not Secure' warning will be shown in the URL bar for image mixed content. If the policy is set to false, autoupgrades will be disabled for audio and video, and no warning will be shown for images. This policy does not affect other types of mixed content other than audio, video, and images. This policy will no longer take effect starting in Google Chrome 84.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=StricterMixedContentTreatmentEnabled",

"pfm_name": "StricterMixedContentTreatmentEnabled",

"pfm_title": "Stricter Mixed Content Treatment",

"pfm_type": "boolean"

},

{

"pfm_app_min": "49",

"pfm_description": "Suppresses the warning that appears when Google Chrome is running on a computer or operating system that is no longer supported.",

"pfm_description_reference": "Suppresses the warning that appears when Google Chrome is running on a computer or operating system that is no longer supported.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SuppressUnsupportedOSWarning",

"pfm_name": "SuppressUnsupportedOSWarning",

"pfm_title": "Suppress the unsupported OS warning",

"pfm_type": "boolean"

},

{

"pfm_app_min": "8",

"pfm_description": "Disables data synchronization in Google Chrome using Google-hosted synchronization services and prevents users from changing this setting.",

"pfm_description_reference": "Disables data synchronization in Google Chrome using Google-hosted synchronization services and prevents users from changing this setting.\n\nIf you enable this setting, users cannot change or override this setting in Google Chrome.\n\nIf this policy is left not set Google Sync will be available for the user to choose whether to use it or not.\n\nTo fully disable Google Sync, it is recommended that you disable the Google Sync service in the Google Admin console.\n\nThis policy should not be enabled when RoamingProfileSupportEnabled policy is set to enabled as that feature shares the same client side functionality. The Google-hosted synchronization is disabled in this case completely.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SyncDisabled",

"pfm_name": "SyncDisabled",

"pfm_title": "Disable synchronization of data with Google",

"pfm_type": "boolean"

},

{

"pfm_app_min": "79",

"pfm_description": "If this policy is set, all specified data types will be excluded from synchronization both for Google Sync as well as for roaming profile synchronization.",

"pfm_description_reference": "If this policy is set all specified data types will be excluded from synchronization both for Google Sync as well as for roaming profile synchronization. This can be beneficial to reduce the size of the roaming profile or limit the type of data uploaded to the Google Sync Servers.\n\nThe current data types for this policy are: \"bookmarks\", \"preferences\", \"passwords\", \"autofill\", \"themes\", \"typedUrls\", \"extensions\", \"apps\", \"tabs\", \"wifiConfiguration\". Those names are case sensitive!",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SyncTypesListDisabled",

"pfm_name": "SyncTypesListDisabled",

"pfm_subkeys": [

{

"pfm_range_list": ["apps", "autofill", "bookmarks", "extensions", "passwords", "preferences", "tabs", "themes", "typedUrls", "wifiConfiguration"],

"pfm_range_list_titles": ["Apps", "Autofill", "Bookmarks", "Extensions", "Passwords", "Preferences", "Tabs", "Themes", "Typed URLs", "Wifi Configuration"],

"pfm_title": "Data Types",

"pfm_type": "string",

"pfm_value_unique": true

}],

"pfm_title": "Sync types to disable",

"pfm_type": "array"

},

{

"pfm_app_deprecated": "86",

"pfm_app_min": "79",

"pfm_default": true,

"pfm_description": "Enable a TLS 1.3 security feature for local trust anchors. This policy controls a security feature in TLS 1.3 which protects connections against downgrade attacks. It is backwards-compatible and will not affect connections to compliant TLS 1.2 servers or proxies. However, older versions of some TLS-intercepting proxies have an implementation flaw which causes them to be incompatible.",

"pfm_description_reference": "This policy controls a security feature in TLS 1.3 which protects connections against downgrade attacks. It is backwards-compatible and will not affect connections to compliant TLS 1.2 servers or proxies. However, older versions of some TLS-intercepting proxies have an implementation flaw which causes them to be incompatible.\n\nIf this policy is set to True or not set, Google Chrome will enable these security protections for all connections.\n\nIf this policy is set to False, Google Chrome will disable these security protections for connections authenticated with locally-installed CA certificates. These protections are always enabled for connections authenticated with publicly-trusted CA certificates.\n\nThe default value for this policy was changed in Google Chrome 81 from false to true. Affected proxies are expected to fail connections with an error code of ERR_TLS13_DOWNGRADE_DETECTED. Administrators who need more time to upgrade affected proxies may use this policy to temporarily disable this security feature. This policy will be removed after version 85.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=TLS13HardeningForLocalAnchorsEnabled",

"pfm_name": "TLS13HardeningForLocalAnchorsEnabled",

"pfm_note": "The default value for this policy was changed in Google Chrome 81 from false to true. Affected proxies are expected to fail connections with an error code of ERR_TLS13_DOWNGRADE_DETECTED. Administrators who need more time to upgrade affected proxies may use this policy to temporarily disable this security feature. This policy will be removed after version 85.",

"pfm_title": "Enable TLS 1.3 hardening for local anchors",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "99",

"pfm_app_min": "88",

"pfm_default": true,

"pfm_description": "Setting the policy to Disabled allows popups targeting _blank to access (via JavaScript) the page that requested to open the popup. Setting the policy to Enabled or leaving it unset causes the window.opener property to be set to null unless the anchor specifies rel=\"opener\".",

"pfm_description_reference": "Setting the policy to Disabled allows popups targeting _blank to access (via JavaScript) the page that requested to open the popup.\n\nSetting the policy to Enabled or leaving it unset causes the window.opener property to be set to null unless the anchor specifies rel=\"opener\".\n\nThis policy will be removed in Google Chrome version 95.\n\nSee https://chromestatus.com/feature/6140064063029248.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=TargetBlankImpliesNoOpener",

"pfm_name": "TargetBlankImpliesNoOpener",

"pfm_note": "This policy will be removed in Google Chrome version 95.",

"pfm_title": "Do not set window.opener for links targeting _blank",

"pfm_type": "boolean"

},

{

"pfm_app_min": "52",

"pfm_default": true,

"pfm_description": "If set to false, the 'End process' button is disabled in the Task Manager.",

"pfm_description_reference": "If set to false, the 'End process' button is disabled in the Task Manager.\n\nIf set to true or not configured, the user can end processes in the Task Manager.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=TaskManagerEndProcessEnabled",

"pfm_name": "TaskManagerEndProcessEnabled",

"pfm_title": "Enable ending processes in Task Manager",

"pfm_type": "boolean"

},

{

"pfm_app_min": "79",

"pfm_description": "Configures the amount of memory that a single Google Chrome instance can use before tabs start being discarded (I.E. the memory used by the tab will be freed and the tab will have to be reloaded when switched to) to save memory. The minimum allowed value is 1024.",

"pfm_description_reference": "Configures the amount of memory that a single Google Chrome instance can use before tabs start being discarded (I.E. the memory used by the tab will be freed and the tab will have to be reloaded when switched to) to save memory.\n\nIf the policy is set, browser will begin to discard tabs to save memory once the limitation is exceeded. However, there is no guarantee that the browser is always running under the limit. Any value under 1024 will be rounded up to 1024.\n\nIf this policy is not set, the browser will only begin attempts to save memory once it has detected that the amount of physical memory on its machine is low.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=TotalMemoryLimitMb",

"pfm_name": "TotalMemoryLimitMb",

"pfm_range_min": 1024,

"pfm_title": "Total Memory Limit",

"pfm_type": "integer",

"pfm_value_unit": "MB"

},

{

"pfm_app_min": "12",

"pfm_description": "Enables the integrated Google Translate service on Google Chrome.",

"pfm_description_reference": "Enables the integrated Google Translate service on Google Chrome.\n\nIf you enable this setting, Google Chrome will offer translation functionality to the user by showing an integrated translate toolbar (when appropriate) and a translate option on the right-click context menu.\n\nIf you disable this setting, all built-in translate features will be disabled.\n\nIf you enable or disable this setting, users cannot change or override this setting in Google Chrome.\n\nIf this setting is left not set the user can decide to use this function or not.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=TranslateEnabled",

"pfm_name": "TranslateEnabled",

"pfm_title": "Enable Translate",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "86",

"pfm_app_min": "15",

"pfm_description": "This policy prevents the user from loading web pages from blacklisted URLs. The denylist provides a list of URL patterns that specify which URLs will be denied. A URL pattern is formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.",

"pfm_description_reference": "This policy prevents the user from loading web pages from blacklisted URLs. The blacklist provides a list of URL patterns that specify which URLs will be blacklisted.\n\nA URL pattern has to be formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.\n\nExceptions can be defined in the URL whitelist policy. These policies are limited to 1000 entries; subsequent entries will be ignored.\n\nNote that it is not recommended to block internal 'chrome://*' URLs since this may lead to unexpected errors.\n\nIf this policy is not set no URL will be blacklisted in the browser.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=URLBlacklist",

"pfm_name": "URLBlacklist",

"pfm_note": "Use URLBlocklist instead.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "example.com"

}],

"pfm_title": "URL Blacklist",

"pfm_type": "array"

},

{

"pfm_app_min": "15",

"pfm_description": "This policy prevents the user from loading web pages from blocked URLs. The blocklist provides a list of URL patterns that specify which URLs will be denied. A URL pattern is formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.",

"pfm_description_reference": "This policy prevents the user from loading web pages from blacklisted URLs. The blacklist provides a list of URL patterns that specify which URLs will be blacklisted.\n\nA URL pattern has to be formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.\n\nExceptions can be defined in the URL whitelist policy. These policies are limited to 1000 entries; subsequent entries will be ignored.\n\nNote that it is not recommended to block internal 'chrome://*' URLs since this may lead to unexpected errors.\n\nIf this policy is not set no URL will be blacklisted in the browser.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=URLBlocklist",

"pfm_name": "URLBlocklist",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "example.com"

}],

"pfm_title": "URL Blocklist",

"pfm_type": "array"

},

{

"pfm_app_deprecated": "86",

"pfm_app_min": "15",

"pfm_description": "Allows access to the listed URLs, as exceptions to the URL denylist. A URL pattern is formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.",

"pfm_description_reference": "Allows access to the listed URLs, as exceptions to the URL blacklist.\n\nSee the description of the URL blacklist policy for the format of entries of this list.\n\nThis policy can be used to open exceptions to restrictive blacklists. For example, '*' can be blacklisted to block all requests, and this policy can be used to allow access to a limited list of URLs. It can be used to open exceptions to certain schemes, subdomains of other domains, ports, or specific paths.\n\nThe most specific filter will determine if a URL is blocked or allowed. The whitelist takes precedence over the blacklist.\n\nThis policy is limited to 1000 entries; subsequent entries will be ignored.\n\nIf this policy is not set there will be no exceptions to the blacklist from the 'URLBlacklist' policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=URLWhitelist",

"pfm_name": "URLWhitelist",

"pfm_note": "Use URLAllowlist instead.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "example.com"

}],

"pfm_title": "Allow access to a list of URLs",

"pfm_type": "array"

},

{

"pfm_app_min": "86",

"pfm_description": "Allows access to the listed URLs, as exceptions to the URL block list. A URL pattern is formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.",

"pfm_description_reference": "Allows access to the listed URLs, as exceptions to the URL block list.\n\nSee the description of the URL block list policy for the format of entries of this list.\n\nThis policy can be used to open exceptions to restrictive block list. For example, '*' can be blacklisted to block all requests, and this policy can be used to allow access to a limited list of URLs. It can be used to open exceptions to certain schemes, subdomains of other domains, ports, or specific paths.\n\nThe most specific filter will determine if a URL is blocked or allowed. The allow list takes precedence over the block list.\n\nThis policy is limited to 1000 entries; subsequent entries will be ignored.\n\nIf this policy is not set there will be no exceptions to the blacklist from the 'URLBlacklist' policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=URLAllowlist",

"pfm_name": "URLAllowlist",

"pfm_note": "This policy is limited to 1,000 entries.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "example.com"

}],

"pfm_title": "Allow access to a list of URLs",

"pfm_type": "array"

},

{

"pfm_app_deprecated": "69",

"pfm_app_min": "65",

"pfm_description": "Deprecated in M69. Use OverrideSecurityRestrictionsOnInsecureOrigin instead.\n\nThe policy specifies a list of origins (URLs) or hostname patterns (such as \"*.example.com\") for which security restrictions on insecure origins will not apply.",

"pfm_description_reference": "Deprecated in M69. Use OverrideSecurityRestrictionsOnInsecureOrigin instead.\n\nThe policy specifies a list of origins (URLs) or hostname patterns (such as \"*.example.com\") for which security restrictions on insecure origins will not apply.\n\nThe intent is to allow organizations to whitelist origins for legacy applications that cannot deploy TLS, or to set up a staging server for internal web development so that their developers can test out features requiring secure contexts without having to deploy TLS on the staging server. This policy will also prevent the origin from being labeled \"Not Secure\" in the omnibox.\n\nSetting a list of URLs in this policy has the same effect as setting the command-line flag '--unsafely-treat-insecure-origin-as-secure' to a comma-separated list of the same URLs. If the policy is set, it will override the command-line flag.\n\nThis policy is deprecated in M69 in favor of OverrideSecurityRestrictionsOnInsecureOrigin. If both policies are present, OverrideSecurityRestrictionsOnInsecureOrigin will override this policy.\n\nFor more information on secure contexts, see https://www.w3.org/TR/secure-contexts/",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=UnsafelyTreatInsecureOriginAsSecure",

"pfm_name": "UnsafelyTreatInsecureOriginAsSecure",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "*.example.com"

}],

"pfm_title": "Origins or hostname patterns for which restrictions on insecure origins should not apply",

"pfm_type": "array"

},

{

"pfm_app_min": "69",

"pfm_description": "Enable URL-keyed anonymized data collection in Google Chrome and prevents users from changing this setting.",

"pfm_description_reference": "Enable URL-keyed anonymized data collection in Google Chrome and prevents users from changing this setting.\n\nURL-keyed anonymized data collection sends URLs of pages the user visits to Google to make searches and browsing better.\n\nIf you enable this policy, URL-keyed anonymized data collection is always active.\n\nIf you disable this policy, URL-keyed anonymized data collection is never active.\n\nIf this policy is left not set, URL-keyed anonymized data collection will be enabled but the user will be able to change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=UrlKeyedAnonymizedDataCollectionEnabled",

"pfm_name": "UrlKeyedAnonymizedDataCollectionEnabled",

"pfm_title": "Enable URL-keyed anonymized data collection",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "88",

"pfm_app_min": "84",

"pfm_description": "When enabled the User-Agent Client Hints feature sends granular request headers providing information about the user browser and environment.",

"pfm_description_reference": "When enabled the User-Agent Client Hints feature sends granular request headers providing information about the user browser and environment.\n\nThis is an additive feature, but the new headers may break some websites that restrict the characters that requests may contain.\n\nIf this policy is enabled or not set the User-Agent Client Hints feature is enabled. If the policy is disabled the feature is unavailable.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=UserAgentClientHintsEnabled",

"pfm_name": "UserAgentClientHintsEnabled",

"pfm_note": "This is an additive feature, but the new headers may break some websites that restrict the characters that requests may contain.",

"pfm_title": "Enable user agent client hints",

"pfm_type": "boolean"

},

{

"pfm_app_min": "77",

"pfm_default": true,

"pfm_description": "Allow user feedback. If the policy is set to false, users can not send feedback to Google.",

"pfm_description_reference": "Allow user feedback. If the policy is set to false, users can not send feedback to Google.\n\nIf the policy is unset or set to true, users can send feedback to Google via Menu->Help->Report an Issue or key combination.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=UserFeedbackAllowed",

"pfm_name": "UserFeedbackAllowed",

"pfm_title": "Allow user feedback",

"pfm_type": "boolean"

},

{

"pfm_app_min": "11",

"pfm_description": "Configures the directory that Google Chrome will use for storing user data. See https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.",

"pfm_description_reference": "Configures the directory that Google Chrome will use for storing user data.\n\nIf you set this policy, Google Chrome will use the provided directory regardless whether the user has specified the '--user-data-dir' flag or not. To avoid data loss or other unexpected errors this policy should not be set to a volume's root directory or to a directory used for other purposes, because Google Chrome manages its contents.\n\nSee https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.\n\nIf this policy is left not set the default profile path will be used and the user will be able to override it with the '--user-data-dir' command line flag.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=UserDataDir",

"pfm_name": "UserDataDir",

"pfm_title": "Set user data directory",

"pfm_type": "string",

"pfm_value_placeholder": "${users}/${user_name}/Chrome"

},

{

"pfm_app_min": "83",

"pfm_default": 3,

"pfm_description": "Limits the number of user data snapshots retained for use in case of emergency rollback. If this policy is not set, the default value of 3 is used. If the policy is set to 0, no snapshots will be taken.",

"pfm_description_reference": "Following each major version update, Chrome will create a snapshot of certain portions of the user's browsing data for use in case of a later emergency version rollback. If an emergency rollback is performed to a version for which a user has a corresponding snapshot, the data in the snapshot is restored. This allows users to retain such settings as bookmarks and autofill data.\n\nIf this policy is not set, the default value of 3 is used\n\nIf the policy is set, old snapshots are deleted as needed to respect the limit. If the policy is set to 0, no snapshots will be taken",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=UserDataSnapshotRetentionLimit",

"pfm_name": "UserDataSnapshotRetentionLimit",

"pfm_note": "Following each major version update, Chrome will create a snapshot of certain portions of the user's browsing data for use in case of a later emergency version rollback. If an emergency rollback is performed to a version for which a user has a corresponding snapshot, the data in the snapshot is restored. This allows users to retain such settings as bookmarks and autofill data.",

"pfm_title": "User data snapshot retention limit",

"pfm_type": "integer"

},

{

"pfm_app_min": "25",

"pfm_default": true,

"pfm_description": "If enabled or not configured (default), the user will be prompted for\nvideo capture access except for URLs configured in the\nVideoCaptureAllowedUrls list which will be granted access without prompting.",

"pfm_description_reference": "If enabled or not configured (default), the user will be prompted for\nvideo capture access except for URLs configured in the\nVideoCaptureAllowedUrls list which will be granted access without prompting.\n\nWhen this policy is disabled, the user will never be prompted and video\ncapture only be available to URLs configured in VideoCaptureAllowedUrls.\n\nThis policy affects all types of video inputs and not only the built-in camera.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=VideoCaptureAllowed",

"pfm_name": "VideoCaptureAllowed",

"pfm_title": "Allow or deny video capture",

"pfm_type": "boolean"

},

{

"pfm_app_min": "29",

"pfm_description": "Patterns in this list will be matched against the security\norigin of the requesting URL. If a match is found, access to audio\ncapture devices will be granted without prompt.",

"pfm_description_reference": "Patterns in this list will be matched against the security\norigin of the requesting URL. If a match is found, access to audio\ncapture devices will be granted without prompt.\n\nNOTE: Until version 45, this policy was only supported in Kiosk mode.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=VideoCaptureAllowedUrls",

"pfm_name": "VideoCaptureAllowedUrls",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "[*.]example.edu"

}],

"pfm_title": "URLs that will be granted access to video capture devices without prompt",

"pfm_type": "array"

},

{

"pfm_app_min": "35",

"pfm_default": true,

"pfm_description": "Allows to turn off WPAD (Web Proxy Auto-Discovery) optimization in Google Chrome.",

"pfm_description_reference": "Allows to turn off WPAD (Web Proxy Auto-Discovery) optimization in Google Chrome.\n\nIf this policy is set to false, WPAD optimization is disabled causing Google Chrome to wait longer for DNS-based WPAD servers. If the policy is not set or is enabled, WPAD optimization is enabled.\n\nIndependent of whether or how this policy is set, the WPAD optimization setting cannot be changed by users.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=WPADQuickCheckEnabled",

"pfm_name": "WPADQuickCheckEnabled",

"pfm_title": "Enable WPAD optimization",

"pfm_type": "boolean"

},

{

"pfm_app_min": "75",

"pfm_description": "Specifies a list of websites that are installed silently, without user interaction, and which cannot be uninstalled nor disabled by the user.",

"pfm_description_reference": "Specifies a list of websites that are installed silently, without user interaction, and which cannot be uninstalled nor disabled by the user.\n\nEach list item of the policy is an object with a mandatory member: \"url\" and two optional members: \"default_launch_container\" and \"create_desktop_shortcut\". \"url\" should be the URL of the web app to install, \"launch_container\" should be either \"window\" or \"tab\" to indicate how the Web App will be opened once installed, and \"create_desktop_shortcut\" should be true if a desktop shortcut should be created on Linux and Windows. If \"default_launch_container\" is omitted, the app will open in a tab by default. Regardless of the value of \"default_launch_container\", users are able to change which container the app will open in. If \"create_desktop_shortcuts\" is omitted, no desktop shortcuts will be created. See PinnedLauncherApps policy for pinning apps to the ChromeOS shelf.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=WebAppInstallForceList",

"pfm_name": "WebAppInstallForceList",

"pfm_subkeys": [

{

"pfm_subkeys": [

{

"pfm_format": "^https?://.*",

"pfm_name": "url",

"pfm_required": true,

"pfm_type": "string",

"pfm_value_placeholder": "https://www.google.com/maps"

},

{

"pfm_name": "create_desktop_shortcut",

"pfm_type": "boolean"

},

{

"pfm_name": "default_launch_container",

"pfm_range_list": ["window", "tab"],

"pfm_range_list_titles": ["Window", "Tab"],

"pfm_type": "string"

}],

"pfm_type": "dictionary"

}],

"pfm_title": "WebApp Force Install List",

"pfm_type": "array"

},

{

"pfm_app_deprecated": "84",

"pfm_app_min": "80",

"pfm_default": false,

"pfm_description": "The Web Components v0 APIs (Shadow DOM v0, Custom Elements v0, and HTML Imports) were deprecated in 2018, and have been disabled by default starting in M80. This policy allows these features to be selectively re-enabled until M84.",

"pfm_description_reference": "The Web Components v0 APIs (Shadow DOM v0, Custom Elements v0, and HTML Imports) were deprecated in 2018, and have been disabled by default starting in M80. This policy allows these features to be selectively re-enabled until M84.\n\nIf this policy is set to True, the Web Components v0 features will be enabled for all sites.\n\nIf this policy is set to False or not set, the Web Components v0 features will be disabled by default, starting in M80.\n\nThis policy will be removed after Chrome 84.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=WebComponentsV0Enabled",

"pfm_name": "WebComponentsV0Enabled",

"pfm_title": "Re-enable Web Components v0 API until M84",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "80",

"pfm_app_min": "65",

"pfm_default": false,

"pfm_description": "This policy allows users of the WebDriver feature to override policies which can interfere with its operation.",

"pfm_description_reference": "This policy was removed in M80, because it is not necessary anymore as WebDriver is now compatible with all existing policies.\n\nThis policy allows users of the WebDriver feature to override policies which can interfere with its operation.\n\nCurrently this policy disables SitePerProcess and IsolateOrigins policies.\n\nIf the policy is enabled, WebDriver will be able to override incomaptible policies. If the policy is disabled or not configured, WebDriver will not be allowed to override incompatible policies.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=WebDriverOverridesIncompatiblePolicies",

"pfm_name": "WebDriverOverridesIncompatiblePolicies",

"pfm_note": "This policy was removed in M80, because it is not necessary anymore as WebDriver is now compatible with all existing policies.",

"pfm_title": "Allow WebDriver to Override Incompatible Policies",

"pfm_type": "boolean"

},

{

"pfm_app_min": "87",

"pfm_description": "f enabled, WebRTC peer connections can downgrade to obsolete versions of the TLS/DTLS (DTLS 1.0, TLS 1.0 and TLS 1.1) protocols. When this policy is disabled or not set, these TLS/DTLS versions are disabled.",

"pfm_description_reference": "f enabled, WebRTC peer connections can downgrade to obsolete versions of the TLS/DTLS (DTLS 1.0, TLS 1.0 and TLS 1.1) protocols. When this policy is disabled or not set, these TLS/DTLS versions are disabled.\n\n\tThis policy is temporary and will be removed in a future version of Google Chrome.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=WebRtcAllowLegacyTLSProtocols",

"pfm_name": "WebRtcAllowLegacyTLSProtocols",

"pfm_note": "This policy is temporary and will be removed in a future version of Google Chrome.",

"pfm_title": "Allow legacy TLS/DTLS downgrade in WebRTC",

"pfm_type": "boolean"

},

{

"pfm_app_min": "70",

"pfm_description": "If the policy is set to true, Google Chrome is allowed to collect WebRTC event logs from Google services (e.g. Google Meet), and upload those logs to Google.",

"pfm_description_reference": "If the policy is set to true, Google Chrome is allowed to collect WebRTC event logs from Google services (e.g. Google Meet), and upload those logs to Google.\n\nIf the policy is set to false, Google Chrome may not collect nor upload such logs.\n\nIf the policy is unset, up to and including M76, Google Chrome may not collect nor upload such logs.\n\nIf the policy is unset, since M77, Google Chrome may collect or upload such logs by default if the browser profile is considered managed, i.e. if the profile receives cloud or machine level policies, and is not a child, ephemeral, login, or incognito profile.\n\nThese logs contain diagnostic information helpful when debugging issues with audio or video calls in Chrome, such as the time and size of sent and received RTP packets, feedback about congestion on the network, and metadata about time and quality of audio and video frames. These logs do not contain audio or video contents from the call.\n\nThis data collection by Chrome can only be triggered by Google's web services, such as Google Hangouts or Google Meet.\n\nGoogle may associate these logs, by means of a session ID, with other logs collected by the Google service itself; this is intended to make debugging easier.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=WebRtcEventLogCollectionAllowed",

"pfm_name": "WebRtcEventLogCollectionAllowed",

"pfm_title": "Allow collection of WebRTC event logs from Google services",

"pfm_type": "boolean"

},

{

"pfm_app_min": "79",

"pfm_description": "Patterns in this list will be matched against the security origin of the requesting URL. If a match is found or chrome://flags/#enable-webrtc-hide-local-ips-with-mdns is Disabled, the local IP addresses are shown in WebRTC ICE candidates. Otherwise, local IP addresses are concealed with mDNS hostnames.",

"pfm_description_reference": "Patterns in this list will be matched against the security origin of the requesting URL. If a match is found or chrome://flags/#enable-webrtc-hide-local-ips-with-mdns is Disabled, the local IP addresses are shown in WebRTC ICE candidates. Otherwise, local IP addresses are concealed with mDNS hostnames. Please note that this policy weakens the protection of local IPs if needed by administrators.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=WebRtcLocalIpsAllowedUrls",

"pfm_name": "WebRtcLocalIpsAllowedUrls",

"pfm_note": "Please note that this policy weakens the protection of local IPs if needed by administrators.",

"pfm_subkeys": [

{

"pfm_title": "URL",

"pfm_type": "string",

"pfm_value_placeholder": "https://www.example.com"

}],

"pfm_title": "Allowed WebRTC local IP URLs",

"pfm_type": "array"

},

{

"pfm_app_min": "54",

"pfm_description": "If the policy is set, the UDP port range used by WebRTC is restricted to the specified port interval (endpoints included).",

"pfm_description_reference": "If the policy is set, the UDP port range used by WebRTC is restricted to the specified port interval (endpoints included).\n\nIf the policy is not set, or if it is set to the empty string or an invalid port range, WebRTC is allowed to use any available local UDP port.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=WebRtcUdpPortRange",

"pfm_name": "WebRtcUdpPortRange",

"pfm_title": "Restrict the range of local UDP ports used by WebRTC",

"pfm_type": "string",

"pfm_value_placeholder": "port range (ex. 10000-11999)"

}, null, null,

{

"pfm_app_deprecated": "86",

"pfm_app_min": "34",

"pfm_description": "Allows you to specify which native messaging hosts that should not be loaded. A blacklist value of '*' means all native messaging hosts are denied unless they are explicitly listed in the allowlist.",

"pfm_description_reference": "Allows you to specify which native messaging hosts that should not be loaded.\n\nA blacklist value of '*' means all native messaging hosts are blacklisted unless they are explicitly listed in the whitelist.\n\nIf this policy is left not set Google Chrome will load all installed native messaging hosts.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NativeMessagingBlacklist",

"pfm_name": "NativeMessagingBlacklist",

"pfm_note": "Use NativeMessagingBlocklist instead.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "com.native.messaging.host.name1"

}],

"pfm_title": "Native Messaging Host Blacklist",

"pfm_type": "array"

},

{

"pfm_app_min": "86",

"pfm_description": "Allows you to specify which native messaging hosts that should not be loaded. A block list value of '*' means all native messaging hosts are denied unless they are explicitly listed in the allow list.",

"pfm_description_reference": "Allows you to specify which native messaging hosts that should not be loaded.\n\nA blopck list value of '*' means all native messaging hosts are blocked unless they are explicitly listed in the allow list.\n\nIf this policy is left not set Google Chrome will load all installed native messaging hosts.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NativeMessagingBlocklist",

"pfm_name": "NativeMessagingBlocklist",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "com.native.messaging.host.name1"

}],

"pfm_title": "Native Messaging Host Blocklist",

"pfm_type": "array"

},

{

"pfm_app_min": "34",

"pfm_description": "Enables user-level installation of Native Messaging hosts.",

"pfm_description_reference": "Enables user-level installation of Native Messaging hosts.\n\nIf this setting is enabled then Google Chrome allows usage of Native Messaging hosts installed on user level.\n\nIf this setting is disabled then Google Chrome will only use Native Messaging hosts installed on system level.\n\nIf this setting is left not set Google Chrome will allow usage of user-level Native Messaging hosts.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NativeMessagingUserLevelHosts",

"pfm_name": "NativeMessagingUserLevelHosts",

"pfm_title": "Allow user-level Native Messaging hosts (installed without admin permissions)",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "86",

"pfm_app_min": "34",

"pfm_description": "Allows you to specify which native messaging hosts are not subject to the blacklist. A blacklist value of * means all native messaging hosts are denied and only native messaging hosts listed in the whitelist will be loaded.",

"pfm_description_reference": "Allows you to specify which native messaging hosts are not subject to the blacklist.\n\nA blacklist value of * means all native messaging hosts are blacklisted and only native messaging hosts listed in the whitelist will be loaded.\n\nBy default, all native messaging hosts are whitelisted, but if all native messaging hosts have been blacklisted by policy, the whitelist can be used to override that policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NativeMessagingWhitelist",

"pfm_name": "NativeMessagingWhitelist",

"pfm_note": "Use NativeMessagingAllowlist instead.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "com.native.messaging.host.name1"

}],

"pfm_title": "Native Messaging Host Whitelist",

"pfm_type": "array"

},

{

"pfm_app_min": "86",

"pfm_description": "Allows you to specify which native messaging hosts are not subject to the block list. A block list value of * means all native messaging hosts are denied and only native messaging hosts listed in the allow list will be loaded.",

"pfm_description_reference": "Allows you to specify which native messaging hosts are not subject to the blacklist.\n\nA block list value of * means all native messaging hosts are blocked and only native messaging hosts listed in the allow list will be loaded.\n\nBy default, all native messaging hosts are allowed, but if all native messaging hosts have been blocked by policy, the allow list can be used to override that policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NativeMessagingAllowlist",

"pfm_name": "NativeMessagingAllowlist",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "com.native.messaging.host.name1"

}],

"pfm_title": "Native Messaging Host Allowlist",

"pfm_type": "array"

}, null, null,

{

"pfm_app_min": "79",

"pfm_description": "This policy can be used to force enable or force disable credential leak checking in Google Chrome.",

"pfm_description_reference": "This policy can be used to force enable or force disable credential leak checking in Google Chrome.\n\nNote that even if this policy is set to True, the behavior will not trigger if Safe Browsing is disabled (either by policy or by the user). In order to force Safe Browsing on, use the SafeBrowsingEnabled policy.\n\nIf this policy is enabled or disabled, users cannot change or override it in Google Chrome. If this policy is unset, credential leak checking is allowed (but can be turned off by the user).",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PasswordLeakDetectionEnabled",

"pfm_name": "PasswordLeakDetectionEnabled",

"pfm_note": "Note that even if this policy is set to True, the behavior will not trigger if Safe Browsing is disabled (either by policy or by the user).",

"pfm_title": "Enable password leak detection",

"pfm_type": "boolean"

},

{

"pfm_app_min": "8",

"pfm_description": "If this setting is enabled, users can have Google Chrome memorize passwords and provide them automatically the next time they log in to a site.",

"pfm_description_reference": "If this setting is enabled, users can have Google Chrome memorize passwords and provide them automatically the next time they log in to a site.\n\nIf this settings is disabled, users cannot save new passwords but they\nmay still use passwords that have been saved previously.\n\nIf this policy is enabled or disabled, users cannot change or override it in Google Chrome. If this policy is unset, password saving is allowed (but can be turned off by the user).",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PasswordManagerEnabled",

"pfm_name": "PasswordManagerEnabled",

"pfm_title": "Enable saving passwords to the password manager",

"pfm_type": "boolean"

}, null, null,

{

"pfm_app_min": "17",

"pfm_default": true,

"pfm_description": "Enables Google Chrome to act as a proxy between Google Cloud Print and legacy printers connected to the machine.",

"pfm_description_reference": "Enables Google Chrome to act as a proxy between Google Cloud Print and legacy printers connected to the machine.\n\nIf this setting is enabled or not configured, users can enable the cloud print proxy by authentication with their Google account.\n\nIf this setting is disabled, users cannot enable the proxy, and the machine will not be allowed to share it's printers with Google Cloud Print.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CloudPrintProxyEnabled",

"pfm_name": "CloudPrintProxyEnabled",

"pfm_title": "Enable Google Cloud Print proxy",

"pfm_type": "boolean"

},

{

"pfm_app_min": "17",

"pfm_default": true,

"pfm_description": "Enables Google Chrome to submit documents to Google Cloud Print for printing. NOTE: This only affects Google Cloud Print support in Google Chrome. It does not prevent users from submitting print jobs on web sites.",

"pfm_description_reference": "Enables Google Chrome to submit documents to Google Cloud Print for printing. NOTE: This only affects Google Cloud Print support in Google Chrome. It does not prevent users from submitting print jobs on web sites.\n\nIf this setting is enabled or not configured, users can print to Google Cloud Print from the Google Chrome print dialog.\n\nIf this setting is disabled, users cannot print to Google Cloud Print from the Google Chrome print dialog",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CloudPrintSubmitEnabled",

"pfm_name": "CloudPrintSubmitEnabled",

"pfm_title": "Enable submission of documents to Google Cloud Print",

"pfm_type": "boolean"

},

{

"pfm_app_min": "48",

"pfm_description": "Overrides Google Chrome default printer selection rules.",

"pfm_description_reference": "Overrides Google Chrome default printer selection rules.\n\nThis policy determines the rules for selecting the default printer in Google Chrome which happens the first time the print function is used with a profile.\n\nWhen this policy is set, Google Chrome will attempt to find a printer matching all of the specified attributes, and select it as default printer. The first printer found matching the policy is selected, in case of non-unique match any matching printer can be selected, depending on the order printers are discovered.\n\nIf this policy is not set or matching printer is not found within the timeout, the printer defaults to built-in PDF printer or no printer selected, when PDF printer is not available.\n\nThe value is parsed as JSON object, conforming to the following schema:\n{\n \"type\": \"object\",\n \"properties\": {\n \"kind\": {\n \"description\": \"Whether to limit the search of the matching printer to a specific set of printers.\",\n \"type\": \"string\",\n \"enum\": [ \"local\", \"cloud\" ]\n },\n \"idPattern\": {\n \"description\": \"Regular expression to match printer id.\",\n \"type\": \"string\"\n },\n \"namePattern\": {\n \"description\": \"Regular expression to match printer display name.\",\n \"type\": \"string\"\n }\n }\n}\n\nPrinters connected to Google Cloud Print are considered \"cloud\", the rest of the printers are classified as \"local\".\nOmitting a field means all values match, for example, not specifying connectivity will cause Print Preview to initiate the discovery of all kinds of printers, local and cloud.\nRegular expression patterns must follow the JavaScript RegExp syntax and matches are case sensistive.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultPrinterSelection",

"pfm_name": "DefaultPrinterSelection",

"pfm_title": "Default printer selection rules",

"pfm_type": "string"

},

{

"pfm_app_min": "18",

"pfm_default": false,

"pfm_description": "Show the system print dialog instead of print preview.",

"pfm_description_reference": "Show the system print dialog instead of print preview.\n\nWhen this setting is enabled, Google Chrome will open the system print dialog instead of the built-in print preview when a user requests a page to be printed.\n\nIf this policy is not set or is set to false, print commands trigger the print preview screen.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DisablePrintPreview",

"pfm_name": "DisablePrintPreview",

"pfm_title": "Disable Print Preview",

"pfm_type": "boolean"

},

{

"pfm_app_min": "70",

"pfm_description": "Force 'headers and footers' to be on or off in the printing dialog.",

"pfm_description_reference": "Force 'headers and footers' to be on or off in the printing dialog.\n\nIf the policy is unset, the user can decide whether to print headers and footers.\n\nIf the policy is set to false, 'Headers and footers' is not selected in the print preview dialog, and the user cannot change it.\n\nIf the policy is set to true, 'Headers and footers' is selected in the print preview dialog, and the user cannot change it.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PrintHeaderFooter",

"pfm_name": "PrintHeaderFooter",

"pfm_title": "Print Headers & Footers",

"pfm_type": "boolean"

},

{

"pfm_app_min": "80",

"pfm_description": "The printers of types placed on the deny list will be disabled from being discovered or having their capabilities fetched.",

"pfm_description_reference": "The printers of types placed on the deny list will be disabled from being discovered or having their capabilities fetched.\n\nPlacing all printer types on the deny list effectively disables printing, as there would be no available destinations to send a document for printing.\n\nIncluding cloud on the deny list has the same effect as setting the CloudPrintSubmitEnabled policy to false. In order to keep Google Cloud Print destinations discoverable, the CloudPrintSubmitEnabled policy must be set to true and cloud must not be on the deny list.\n\nIf the policy is not set, or is set to an empty list, all printer types will be available for discovery.\n\nExtension printers are also known as print provider destinations, and include any destination that belongs to a Google Chrome extension.\n\nLocal printers are also known as native printing destinations, and include destinations available to the local machine and shared network printers.\n\nprivet = Zeroconf-based (mDNS + DNS-SD) protocol destinations\nextension = Extension-based destinations\npdf = The 'Save as PDF' destination\nlocal = Local printer destinations\ncloud = Google Cloud Print and 'Save to Google Drive' destinations",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PrinterTypeDenyList",

"pfm_name": "PrinterTypeDenyList",

"pfm_subkeys": [

{

"pfm_range_list": ["privet", "extension", "pdf", "local", "cloud"],

"pfm_range_list_titles": ["Zeroconf-based (mDNS + DNS-SD) protocol destinations", "Extension-based destinations", "The 'Save as PDF' destination", "Local printer destinations", "Google Cloud Print and 'Save to Google Drive' destinations"],

"pfm_title": "Printer Type",

"pfm_type": "string",

"pfm_value_unique": true

}],

"pfm_title": "Printer Type Deny List",

"pfm_type": "array"

},

{

"pfm_app_min": "80",

"pfm_description": "Restricts background graphics printing mode. Unset policy is treated as no restriction.",

"pfm_description_reference": "Restricts background graphics printing mode. Unset policy is treated as no restriction.\n\nany = Allow printing both with and without background graphcis\nenabled = Allow printing only with background graphics\ndisabled = Allow printing only without background graphics",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PrintingAllowedBackgroundGraphicsModes",

"pfm_name": "PrintingAllowedBackgroundGraphicsModes",

"pfm_range_list": ["any", "enabled", "disabled"],

"pfm_range_list_titles": ["Allow printing both with and without background graphics", "Allow printing only with background graphics", "Allow printing only without background graphics"],

"pfm_title": "Background graphics printing mode",

"pfm_type": "string"

},

{

"pfm_app_min": "80",

"pfm_description": "Overrides default background graphics printing mode.",

"pfm_description_reference": "Overrides default background graphics printing mode.\n\nenabled = Enable background graphics printing mode by default\ndisabled = Disable background graphics printing mode by default",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PrintingBackgroundGraphicsDefault",

"pfm_name": "PrintingBackgroundGraphicsDefault",

"pfm_range_list": ["enabled", "disabled"],

"pfm_range_list_titles": ["Enabled", "Disabled"],

"pfm_title": "Default background graphics printing mode",

"pfm_type": "string"

},

{

"pfm_app_min": "8",

"pfm_default": true,

"pfm_description": "Enables printing in Google Chrome and prevents users from changing this setting.",

"pfm_description_reference": "Enables printing in Google Chrome and prevents users from changing this setting.\n\nIf this setting is enabled or not configured, users can print.\n\nIf this setting is disabled, users cannot print from Google Chrome. Printing is disabled in the wrench menu, extensions, JavaScript applications, etc. It is still possible to print from plugins that bypass Google Chrome while printing. For example, certain Flash applications have the print option in their context menu, which is not covered by this policy.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PrintingEnabled",

"pfm_name": "PrintingEnabled",

"pfm_title": "Enable printing",

"pfm_type": "boolean"

},

{

"pfm_app_min": "61",

"pfm_default": false,

"pfm_description": "Causes Google Chrome to use the system default printer as the default choice in Print Preview instead of the most recently used printer.",

"pfm_description_reference": "Causes Google Chrome to use the system default printer as the default choice in Print Preview instead of the most recently used printer.\n\nIf you disable this setting or do not set a value, Print Preview will use the most recently used printer as the default destination choice.\n\nIf you enable this setting, Print Preview will use the OS system default printer as the default destination choice.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PrintPreviewUseSystemDefaultPrinter",

"pfm_name": "PrintPreviewUseSystemDefaultPrinter",

"pfm_title": "Use System Default Printer as Default",

"pfm_type": "boolean"

},

{

"pfm_app_min": "84",

"pfm_description": "Overrides default printing page size. If 'custom' is provided, custom size width and height keys must also be included.",

"pfm_description_reference": "Overrides default printing page size.\n\nname should contain one of the listed formats or 'custom' if required paper size is not in the list. If 'custom' value is provided custom_size property should be specified. It describes the desired height and width in micrometers. Otherwise custom_size property shouldn't be specified. Policy that violates these rules is ignored.\n\nIf the page size is unavailable on the printer chosen by the user this policy is ignored.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PrintingPaperSizeDefault",

"pfm_name": "PrinterPaperSizeDefault",

"pfm_note": "If the page size is unavailable on the printer chosen by the user this policy is ignored.",

"pfm_subkeys": [

{

"pfm_app_min": "84",

"pfm_conditionals": [

{

"pfm_target_conditions": [

{

"pfm_range_list": ["custom"],

"pfm_target": "PrinterPaperSizeDefault.name"

}]

}],

"pfm_exclude": [

{

"pfm_target_conditions": [

{

"pfm_n_range_list": ["custom"],

"pfm_target": "PrinterPaperSizeDefault.name"

}]

}],

"pfm_name": "custom_size",

"pfm_subkeys": [

{

"pfm_app_min": "84",

"pfm_conditionals": [

{

"pfm_target_conditions": [

{

"pfm_range_list": ["custom"],

"pfm_target": "PrinterPaperSizeDefault.name"

}]

}],

"pfm_description": "Width of the page",

"pfm_exclude": [

{

"pfm_target_conditions": [

{

"pfm_n_range_list": ["custom"],

"pfm_target": "PrinterPaperSizeDefault.name"

}]

}],

"pfm_name": "width",

"pfm_title": "Width",

"pfm_type": "integer",

"pfm_value_unit": "micrometers"

},

{

"pfm_app_min": "84",

"pfm_conditionals": [

{

"pfm_target_conditions": [

{

"pfm_range_list": ["custom"],

"pfm_target": "PrinterPaperSizeDefault.name"

}]

}],

"pfm_description": "Height of the page",

"pfm_exclude": [

{

"pfm_target_conditions": [

{

"pfm_n_range_list": ["custom"],

"pfm_target": "PrinterPaperSizeDefault.name"

}]

}],

"pfm_name": "height",

"pfm_title": "Height",

"pfm_type": "integer",

"pfm_value_unit": "micrometers"

}],

"pfm_title": "Custom Size",

"pfm_type": "dictionary"

},

{

"pfm_app_min": "84",

"pfm_name": "name",

"pfm_range_list": ["custom", "asme_f_28x40in", "iso_2a0_1189x1682mm", "iso_a0_841x1189mm", "iso_a1_594x841mm", "iso_a2_420x594mm", "iso_a3_297x420mm", "iso_a4-extra_235.5x322.3mm", "iso_a4-tab_225x297mm", "iso_a4_210x297mm", "iso_a5-extra_174x235mm", "iso_a5_148x210mm", "iso_a6_105x148mm", "iso_a7_74x105mm", "iso_a8_52x74mm", "iso_a9_37x52mm", "iso_a10_26x37mm", "iso_b0_1000x1414mm", "iso_b1_707x1000mm", "iso_b2_500x707mm", "iso_b3_353x500mm", "iso_b4_250x353mm", "iso_b5-extra_201x276mm", "iso_b5_176x250mm", "iso_b6_125x176mm", "iso_b6c4_125x324mm", "iso_b7_88x125mm", "iso_b8_62x88mm", "iso_b9_44x62mm", "iso_b10_31x44mm", "iso_c0_917x1297mm", "iso_c1_648x917mm", "iso_c2_458x648mm", "iso_c3_324x458mm", "iso_c4_229x324mm", "iso_c5_162x229mm", "iso_c6_114x162mm", "iso_c6c5_114x229mm", "iso_c7_81x114mm", "iso_c7c6_81x162mm", "iso_c8_57x81mm", "iso_c9_40x57mm", "iso_c10_28x40mm", "iso_dl_110x220mm", "jis_exec_216x330mm", "jpn_chou2_111.1x146mm", "jpn_chou3_120x235mm", "jpn_chou4_90x205mm", "jpn_hagaki_100x148mm", "jpn_kahu_240x322.1mm", "jpn_kaku2_240x332mm", "jpn_oufuku_148x200mm", "jpn_you4_105x235mm", "na_10x11_10x11in", "na_10x13_10x13in", "na_10x14_10x14in", "na_10x15_10x15in", "na_11x12_11x12in", "na_11x15_11x15in", "na_12x19_12x19in", "na_5x7_5x7in", "na_6x9_6x9in", "na_7x9_7x9in", "na_9x11_9x11in", "na_a2_4.375x5.75in", "na_arch-a_9x12in", "na_arch-b_12x18in", "na_arch-c_18x24in", "na_arch-d_24x36in", "na_arch-e_36x48in", "na_b-plus_12x19.17in", "na_c5_6.5x9.5in", "na_c_17x22in", "na_d_22x34in", "na_e_34x44in", "na_edp_11x14in", "na_eur-edp_12x14in", "na_f_44x68in", "na_fanfold-eur_8.5x12in", "na_fanfold-us_11x14.875in", "na_foolscap_8.5x13in", "na_govt-legal_8x13in", "na_govt-letter_8x10in", "na_index-3x5_3x5in", "na_index-4x6-ext_6x8in", "na_index-4x6_4x6in", "na_index-5x8_5x8in", "na_invoice_5.5x8.5in", "na_ledger_11x17in", "na_legal-extra_9.5x15in", "na_legal_8.5x14in", "na_letter-extra_9.5x12in", "na_letter-plus_8.5x12.69in", "na_letter_8.5x11in", "na_number-10_4.125x9.5in", "na_number-11_4.5x10.375in", "na_number-12_4.75x11in", "na_number-14_5x11.5in", "na_personal_3.625x6.5in", "na_super-a_8.94x14in", "na_super-b_13x19in", "na_wide-format_30x42in", "om_dai-pa-kai_275x395mm", "om_folio-sp_215x315mm", "om_invite_220x220mm", "om_italian_110x230mm", "om_juuro-ku-kai_198x275mm", "om_large-photo_200x300", "om_pa-kai_267x389mm", "om_postfix_114x229mm", "om_small-photo_100x150mm", "prc_10_324x458mm", "prc_16k_146x215mm", "prc_1_102x165mm", "prc_2_102x176mm", "prc_32k_97x151mm", "prc_3_125x176mm", "prc_4_110x208mm", "prc_5_110x220mm", "prc_6_120x320mm", "prc_7_160x230mm", "prc_8_120x309mm", "roc_16k_7.75x10.75in", "roc_8k_10.75x15.5in", "jis_b0_1030x1456mm", "jis_b1_728x1030mm", "jis_b2_515x728mm", "jis_b3_364x515mm", "jis_b4_257x364mm", "jis_b5_182x257mm", "jis_b6_128x182mm", "jis_b7_91x128mm", "jis_b8_64x91mm", "jis_b9_45x64mm", "jis_b10_32x45mm"],

"pfm_title": "Name",

"pfm_type": "string"

}],

"pfm_title": "Default printer paper size",

"pfm_type": "dictionary"

}, null, null,

{

"pfm_app_min": "8",

"pfm_description": "Google Chrome will bypass any proxy for the list of hosts given here.",

"pfm_description_reference": "Google Chrome will bypass any proxy for the list of hosts given here.\n\nThis policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'.\n\nYou should leave this policy not set if you have selected any other mode for setting proxy policies.\n\nFor more detailed examples, visit:\nhttps://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ProxyBypassList",

"pfm_name": "ProxyBypassList",

"pfm_title": "Comma-separated list of proxy bypass rules",

"pfm_type": "string",

"pfm_value_placeholder": "https://www.example1.com,https://www.example2.com,https://internalsite/"

},

{

"pfm_app_min": "10",

"pfm_description": "Allows you to specify the proxy server used by Google Chrome and prevents users from changing proxy settings.",

"pfm_description_reference": "direct - Never use a proxy\nauto_detect - Auto detect proxy settings\npac_script - Use a .pac proxy script\nfixed_servers - Use fixed proxy servers\nsystem - Use system proxy settings\nAllows you to specify the proxy server used by Google Chrome and prevents users from changing proxy settings.\n\nIf you choose to never use a proxy server and always connect directly, all other options are ignored.\n\nIf you choose to use system proxy settings, all other options are ignored.\n\nIf you choose to auto detect the proxy server, all other options are ignored.\n\nIf you choose fixed server proxy mode, you can specify further options in 'Address or URL of proxy server' and 'Comma-separated list of proxy bypass rules'. Only the HTTP proxy server with the highest priority is available for ARC-apps.\n\nIf you choose to use a .pac proxy script, you must specify the URL to the script in 'URL to a proxy .pac file'.\n\nFor detailed examples, visit:\nhttps://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett.\n\nIf you enable this setting, Google Chrome and ARC-apps ignore all proxy-related options specified from the command line.\n\nLeaving this policy not set will allow the users to choose the proxy settings on their own.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ProxyMode",

"pfm_name": "ProxyMode",

"pfm_range_list": ["direct", "auto_detect", "pac_script", "fixed_servers", "system"],

"pfm_range_list_titles": ["Never use a proxy", "Auto detect proxy settings", "Use a .pac proxy script", "Use fixed proxy servers", "Use system proxy settings"],

"pfm_title": "Choose how to specify proxy server settings",

"pfm_type": "string"

},

{

"pfm_app_min": "8",

"pfm_description": "You can specify a URL to a proxy .pac file here.",

"pfm_description_reference": "You can specify a URL to a proxy .pac file here.\n\nThis policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'.\n\nYou should leave this policy not set if you have selected any other mode for setting proxy policies.\n\nFor detailed examples, visit:\nhttps://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett.",

"pfm_format": "https?://.*.pac$",

"pfm_name": "ProxyPacUrl",

"pfm_title": "URL to a proxy .pac file",

"pfm_type": "string"

},

{

"pfm_app_min": "8",

"pfm_description": "You can specify the URL of the proxy server here.",

"pfm_description_reference": "You can specify the URL of the proxy server here.\n\nThis policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'.\n\nYou should leave this policy not set if you have selected any other mode for setting proxy policies.\n\nFor more options and detailed examples, visit:\nhttps://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett.",

"pfm_name": "ProxyServer",

"pfm_title": "Address or URL of proxy server",

"pfm_type": "string"

},

{

"pfm_app_deprecated": "10",

"pfm_app_min": "8",

"pfm_description": "This policy is deprecated, use ProxyMode instead.\n\nAllows you to specify the proxy server used by Google Chrome and prevents users from changing proxy settings.",

"pfm_description_reference": "This policy is deprecated, use ProxyMode instead.\n\nAllows you to specify the proxy server used by Google Chrome and prevents users from changing proxy settings.\n\nThis policy only takes effect if the ProxySettings policy has not been specified.\n\nIf you choose to never use a proxy server and always connect directly, all other options are ignored.\n\nIf you choose to use system proxy settings or auto detect the proxy server, all other options are ignored.\n\nIf you choose manual proxy settings, you can specify further options in 'Address or URL of proxy server', 'URL to a proxy .pac file' and 'Comma-separated list of proxy bypass rules'. Only the HTTP proxy server with the highest priority is available for ARC-apps.\n\nFor detailed examples, visit: https://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett.\n\nIf you enable this setting, Google Chrome ignores all proxy-related options specified from the command line.\n\nLeaving this policy not set will allow the users to choose the proxy settings on their own.\n\n0 = Never use a proxy\n1 = Auto detect proxy settings\n2 = Manually specify proxy settings\n3 = Use system proxy settings",

"pfm_name": "ProxyServerMode",

"pfm_range_list": [0, 1, 2, 3],

"pfm_range_list_titles": ["Never use a proxy", "Auto detect proxy settings", "Manually specify proxy settings", "Use system proxy settings"],

"pfm_title": "Proxy server settings",

"pfm_type": "integer"

}, null, null,

{

"pfm_app_min": "30",

"pfm_default": true,

"pfm_description": "If this setting is enabled or not configured, then users can opt to pair clients and hosts at connection time, eliminating the need to enter a PIN every time.",

"pfm_description_reference": "If this setting is enabled or not configured, then users can opt to pair clients and hosts at connection time, eliminating the need to enter a PIN every time.\n\nIf this setting is disabled, then this feature will not be available.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostAllowClientPairing",

"pfm_name": "RemoteAccessHostAllowClientPairing",

"pfm_title": "Enable or disable PIN-less authentication for remote access hosts",

"pfm_type": "boolean"

},

{

"pfm_app_min": "74",

"pfm_description": "Controls the ability of a user connected to a remote access host to transfer files between the client and the host. This does not apply to remote assistance connections, which do not support file transfer.",

"pfm_description_reference": "Controls the ability of a user connected to a remote access host to transfer files between the client and the host. This does not apply to remote assistance connections, which do not support file transfer.\n\nIf this setting is disabled, file transfer will not be allowed. If this setting is enabled or not set, file transfer will be allowed.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostAllowFileTransfer",

"pfm_name": "RemoteAccessHostAllowFileTransfer",

"pfm_title": "Allow remote access file transfer",

"pfm_type": "boolean"

},

{

"pfm_app_min": "35",

"pfm_default": false,

"pfm_description": "If this setting is enabled, then gnubby authentication requests will be proxied across a remote host connection.",

"pfm_description_reference": "If this setting is enabled, then gnubby authentication requests will be proxied across a remote host connection.\n\nIf this setting is disabled or not configured, gnubby authentication requests will not be proxied.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostAllowGnubbyAuth",

"pfm_name": "RemoteAccessHostAllowGnubbyAuth",

"pfm_title": "Allow gnubby authentication for remote access hosts",

"pfm_type": "boolean"

},

{

"pfm_app_min": "36",

"pfm_default": true,

"pfm_description": "Enables usage of relay servers when remote clients are trying to establish a connection to this machine.",

"pfm_description_reference": "Enables usage of relay servers when remote clients are trying to establish a connection to this machine.\n\nIf this setting is enabled, then remote clients can use relay servers to connect to this machine when a direct connection is not available (e.g. due to firewall restrictions).\n\nNote that if the policy RemoteAccessHostFirewallTraversal is disabled, this policy will be ignored.\n\nIf this policy is left not set the setting will be enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostAllowRelayedConnection",

"pfm_name": "RemoteAccessHostAllowRelayedConnection",

"pfm_title": "Enable the use of relay servers by the remote access host",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "60",

"pfm_app_min": "22",

"pfm_description": "Configure the required domain name for remote access clients. This policy is deprecated. Please use RemoteAccessHostClientDomainList instead.",

"pfm_description_reference": "Configure the required domain name for remote access clients. This policy is deprecated. Please use RemoteAccessHostClientDomainList instead.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostClientDomain",

"pfm_name": "RemoteAccessHostClientDomain",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "my-awesome-domain.com"

}],

"pfm_title": "Configure the required domain names for remote access clients",

"pfm_type": "array"

},

{

"pfm_app_min": "60",

"pfm_description": "Configures the required client domain names that will be imposed on remote access clients and prevents users from changing it.",

"pfm_description_reference": "Configures the required client domain names that will be imposed on remote access clients and prevents users from changing it.\n\nIf this setting is enabled, then only clients from one of the specified domains can connect to the host.\n\nIf this setting is disabled or not set, then the default policy for the connection type is applied. For remote assistance, this allows clients from any domain to connect to the host; for anytime remote access, only the host owner can connect.\n\nThis setting will override RemoteAccessHostClientDomain, if present.\n\nSee also RemoteAccessHostDomainList.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostClientDomainList",

"pfm_name": "RemoteAccessHostClientDomainList",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "my-awesome-domain.com"

}],

"pfm_title": "Configure the required domain names for remote access clients",

"pfm_type": "array"

},

{

"pfm_app_deprecated": "60",

"pfm_app_min": "22",

"pfm_description": "Configure the required domain name for remote access hosts. This policy is deprecated. Please use RemoteAccessHostDomainList instead.",

"pfm_description_reference": "Configure the required domain name for remote access hosts. This policy is deprecated. Please use RemoteAccessHostDomainList instead.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostDomain",

"pfm_name": "RemoteAccessHostDomain",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "my-awesome-domain.com"

}],

"pfm_title": "Configure the required domain names for remote access hosts",

"pfm_type": "array"

},

{

"pfm_app_min": "60",

"pfm_description": "Configures the required host domain names that will be imposed on remote access hosts and prevents users from changing it.",

"pfm_description_reference": "Configures the required host domain names that will be imposed on remote access hosts and prevents users from changing it.\n\nIf this setting is enabled, then hosts can be shared only using accounts registered on one of the specified domain names.\n\nIf this setting is disabled or not set, then hosts can be shared using any account.\n\nThis setting will override RemoteAccessHostDomain, if present.\n\nSee also RemoteAccessHostClientDomainList.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostDomainList",

"pfm_name": "RemoteAccessHostDomainList",

"pfm_subkeys": [

{

"pfm_type": "string"

}],

"pfm_title": "Configure the required domain names for remote access hosts",

"pfm_type": "array"

},

{

"pfm_app_min": "14",

"pfm_default": false,

"pfm_description": "Enables usage of STUN servers when remote clients are trying to establish a connection to this machine.",

"pfm_description_reference": "Enables usage of STUN servers when remote clients are trying to establish a connection to this machine.\n\nIf this setting is enabled, then remote clients can discover and connect to this machines even if they are separated by a firewall.\n\nIf this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine will only allow connections from client machines within the local network.\n\nIf this policy is left not set the setting will be enabled.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostFirewallTraversal",

"pfm_name": "RemoteAccessHostFirewallTraversal",

"pfm_title": "Enable firewall traversal from remote access host",

"pfm_type": "boolean"

},

{

"pfm_app_min": "25",

"pfm_default": false,

"pfm_description": "If this setting is enabled, then the remote access host compares the name of the local user (that the host is associated with) and the name of the Google account registered as the host owner (i.e. \"johndoe\" if the host is owned by \"[email protected]\" Google account). The remote access host will not start if the name of the host owner is different from the name of the local user that the host is associated with. RemoteAccessHostMatchUsername policy should be used together with RemoteAccessHostDomain to also enforce that the Google account of the host owner is associated with a specific domain (i.e. \"example.com\").",

"pfm_description_reference": "If this setting is enabled, then the remote access host compares the name of the local user (that the host is associated with) and the name of the Google account registered as the host owner (i.e. \"johndoe\" if the host is owned by \"[email protected]\" Google account). The remote access host will not start if the name of the host owner is different from the name of the local user that the host is associated with. RemoteAccessHostMatchUsername policy should be used together with RemoteAccessHostDomain to also enforce that the Google account of the host owner is associated with a specific domain (i.e. \"example.com\").\n\nIf this setting is disabled or not set, then the remote access host can be associated with any local user.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostMatchUsername",

"pfm_name": "RemoteAccessHostMatchUsername",

"pfm_title": "Require that the name of the local user and the remote access host owner match",

"pfm_type": "boolean"

},

{

"pfm_app_min": "23",

"pfm_default": false,

"pfm_description": "Enables curtaining of remote access hosts while a connection is in progress.",

"pfm_description_reference": "Enables curtaining of remote access hosts while a connection is in progress.\n\nIf this setting is enabled, then hosts' physical input and output devices are disabled while a remote connection is in progress.\n\nIf this setting is disabled or not set, then both local and remote users can interact with the host when it is being shared.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostRequireCurtain",

"pfm_name": "RemoteAccessHostRequireCurtain",

"pfm_title": "Enable curtaining of remote access hosts",

"pfm_type": "boolean"

},

{

"pfm_app_deprecated": "76",

"pfm_app_min": "22",

"pfm_description": "Configures the TalkGadget prefix that will be used by remote access hosts and prevents users from changing it.",

"pfm_description_reference": "Configures the TalkGadget prefix that will be used by remote access hosts and prevents users from changing it.\n\nIf specified, this prefix is prepended to the base TalkGadget name to create a full domain name for the TalkGadget. The base TalkGadget domain name is '.talkgadget.google.com'.\n\nIf this setting is enabled, then hosts will use the custom domain name when accessing the TalkGadget instead of the default domain name.\n\nIf this setting is disabled or not set, then the default TalkGadget domain name ('chromoting-host.talkgadget.google.com') will be used for all hosts.\n\nRemote access clients are not affected by this policy setting. They will always use 'chromoting-client.talkgadget.google.com' to access the TalkGadget.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostTalkGadgetPrefix",

"pfm_name": "RemoteAccessHostTalkGadgetPrefix",

"pfm_title": "Configure the TalkGadget prefix for remote access hosts",

"pfm_type": "string",

"pfm_value_placeholder": "chromoting-host"

},

{

"pfm_app_min": "28",

"pfm_description": "If this policy is set, the remote access host will require authenticating clients to obtain an authentication token from this URL in order to connect. Must be used in conjunction with RemoteAccessHostTokenValidationUrl.",

"pfm_description_reference": "If this policy is set, the remote access host will require authenticating clients to obtain an authentication token from this URL in order to connect. Must be used in conjunction with RemoteAccessHostTokenValidationUrl.\n\nThis feature is currently disabled server-side.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostTokenUrl",

"pfm_name": "RemoteAccessHostTokenUrl",

"pfm_title": "URL where remote access clients should obtain their authentication token",

"pfm_type": "string",

"pfm_value_placeholder": "https://example.com/issue"

},

{

"pfm_app_min": "28",

"pfm_description": "If this policy is set, the host will use a client certificate with the given issuer CN to authenticate to RemoteAccessHostTokenValidationUrl. Set it to \"*\" to use any available client certificate.",

"pfm_description_reference": "If this policy is set, the host will use a client certificate with the given issuer CN to authenticate to RemoteAccessHostTokenValidationUrl. Set it to \"*\" to use any available client certificate.\n\nThis feature is currently disabled server-side.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostTokenValidationCertificateIssuer",

"pfm_name": "RemoteAccessHostTokenValidationCertificateIssuer",

"pfm_title": "Client certificate for connecting to RemoteAccessHostTokenValidationUrl",

"pfm_type": "string",

"pfm_value_placeholder": "Example Certificate Authority"

},

{

"pfm_app_min": "28",

"pfm_description": "If this policy is set, the remote access host will use this URL to validate authentication tokens from remote access clients, in order to accept connections. Must be used in conjunction with RemoteAccessHostTokenUrl.",

"pfm_description_reference": "If this policy is set, the remote access host will use this URL to validate authentication tokens from remote access clients, in order to accept connections. Must be used in conjunction with RemoteAccessHostTokenUrl.\n\nThis feature is currently disabled server-side.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostTokenValidationUrl",

"pfm_name": "RemoteAccessHostTokenValidationUrl",

"pfm_title": "URL for validating remote access client authentication token",

"pfm_type": "string",

"pfm_value_placeholder": "https://example.com/validate"

},

{

"pfm_app_min": "36",

"pfm_description": "Restricts the UDP port range used by the remote access host in this machine.",

"pfm_description_reference": "Restricts the UDP port range used by the remote access host in this machine.\n\nIf this policy is left not set, or if it is set to an empty string, the remote access host will be allowed to use any available port, unless the policy RemoteAccessHostFirewallTraversal is disabled, in which case the remote access host will use UDP ports in the 12400-12409 range.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RemoteAccessHostUdpPortRange",

"pfm_name": "RemoteAccessHostUdpPortRange",

"pfm_title": "Restrict the UDP port range used by the remote access host",

"pfm_type": "string",

"pfm_value_placeholder": "12400-12409",

"pfm_value_unit": "port range"

}, null, null, null,

{

"pfm_app_min": "69",

"pfm_description": "Configure the change password URL (HTTP and HTTPS schemes only). Password protection service will send users to this URL to change their password after seeing a warning in the browser.\nIn order for Google Chrome to correctly capture the new password fingerprint on this change password page, please make sure your change password page follows the guidelines on https://www.chromium.org/developers/design-documents/create-amazing-password-forms.",

"pfm_description_reference": "Configure the change password URL (HTTP and HTTPS schemes only). Password protection service will send users to this URL to change their password after seeing a warning in the browser.\nIn order for Google Chrome to correctly capture the new password fingerprint on this change password page, please make sure your change password page follows the guidelines on https://www.chromium.org/developers/design-documents/create-amazing-password-forms.\n\nIf this setting is enabled, then password protection service will send users to this URL to change their password after seeing a warning in the browser.\nIf this setting is disabled or not set, then password protection service will send users to https://myaccounts.google.com to change their password.\nThis policy is not available on Windows instances that are not joined to a Microsoft® Active Directory® domain.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PasswordProtectionChangePasswordURL",

"pfm_name": "PasswordProtectionChangePasswordURL",

"pfm_title": "Configure the change password URL.",

"pfm_type": "string",

"pfm_value_placeholder": "https://mydomain.com/change_password.html"

},

{

"pfm_app_min": "69",

"pfm_description": "Configure the list of enterprise login URLs (HTTP and HTTPS schemes only). Fingerprint of password will be captured on these URLs and used for password reuse detection.\nIn order for Google Chrome to correctly capture password fingerprints, please make sure your login pages follow the guidelines on https://www.chromium.org/developers/design-documents/create-amazing-password-forms.",

"pfm_description_reference": "Configure the list of enterprise login URLs (HTTP and HTTPS schemes only). Fingerprint of password will be captured on these URLs and used for password reuse detection.\nIn order for Google Chrome to correctly capture password fingerprints, please make sure your login pages follow the guidelines on https://www.chromium.org/developers/design-documents/create-amazing-password-forms.\n\nIf this setting is enabled, then password protection service will capture fingerprint of password on these URLs for password reuse detection purpose.\nIf this setting is disabled or not set, then password protection service will only capture password fingerprint on https://accounts.google.com.\nThis policy is not available on Windows instances that are not joined to a Microsoft® Active Directory® domain.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PasswordProtectionLoginURLs",

"pfm_name": "PasswordProtectionLoginURLs",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "https://mydomain.com/login.html"

}],

"pfm_title": "Configure the list of enterprise login URLs where password protection service should capture fingerprint of password.",

"pfm_type": "array"

},

{

"pfm_app_min": "69",

"pfm_description": "Allows you to control the triggering of passwore protection warning. Password protection alerts users when they reuse their protected password on potentially suspicious sites.",

"pfm_description_reference": "0 - Password protection warning is off\n1 - Password protection warning is triggered by password reuse\n2 - Password protection warning is triggered by password reuse on phishing page\nAllows you to control the triggering of passwore protection warning. Password protection alerts users when they reuse their protected password on potentially suspicious sites.\n\nYou can use 'PasswordProtectionLoginURLs' and 'PasswordProtectionChangePasswordURL' policies to configure which password to protect.\n\nIf this policy is set to 'PasswordProtectionWarningOff', no password protection warning will be shown.\nIf this policy is set to 'PasswordProtectionWarningOnPasswordReuse', password protection warning will be shown when the user reuses their protected password on a non-whitelisted site.\nIf this policy is set to 'PasswordProtectionWarningOnPhishingReuse', password protection warning will be shown when the user reuses their protected password on a phishing site.\nIf this policy is left unset, password protection service will only protect Google passwords but the user will be able to change this setting.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PasswordProtectionWarningTrigger",

"pfm_name": "PasswordProtectionWarningTrigger",

"pfm_range_list": [0, 1, 2],

"pfm_range_list_titles": ["Password protection warning is off", "Password protection warning is triggered by password reuse", "Password protection warning is triggered by password reuse on phishing page"],

"pfm_title": "Password protection warning trigger",

"pfm_type": "integer"

},

{

"pfm_app_deprecated": "83",

"pfm_app_min": "8",

"pfm_description": "Enables Google Chrome's Safe Browsing feature and prevents users from changing this setting.",

"pfm_description_reference": "Enables Google Chrome's Safe Browsing feature and prevents users from changing this setting.\n\nIf you enable this setting, Safe Browsing is always active.\n\nIf you disable this setting, Safe Browsing is never active.\n\nIf you enable or disable this setting, users cannot change or override the \"Enable phishing and malware protection\" setting in Google Chrome.\n\nIf this policy is left not set, this will be enabled but the user will be able to change it.\n\nSee https://developers.google.com/safe-browsing for more info on Safe Browsing.\n\nThis policy is not available on Windows instances that are not joined to a Microsoft® Active Directory® domain.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SafeBrowsingEnabled",

"pfm_name": "SafeBrowsingEnabled",

"pfm_title": "Enable Safe Browsing",

"pfm_type": "boolean"

},

{

"pfm_app_min": "66",

"pfm_description": "Enables Google Chrome's Safe Browsing Extended Reporting and prevents users from changing this setting.",

"pfm_description_reference": "Enables Google Chrome's Safe Browsing Extended Reporting and prevents users from changing this setting.\n\nExtended Reporting sends some system information and page content to Google servers to help detect dangerous apps and sites.\n\nIf the setting is set to true, then reports will be created and sent whenever necessary (such as when a security interstitial is shown).\n\nIf the setting is set to false, reports will never be sent.\n\nIf this policy is set to true or false, the user will not be able to modify the setting.\n\nIf this policy is left unset, the user will be able to change the setting and decide whether to send reports or not.\n\nSee https://developers.google.com/safe-browsing for more info on Safe Browsing.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SafeBrowsingExtendedReportingEnabled",

"pfm_name": "SafeBrowsingExtendedReportingEnabled",

"pfm_title": "Enable Safe Browsing Extended Reporting",

"pfm_type": "boolean"

},

{

"pfm_app_min": "83",

"pfm_default": 1,

"pfm_description": "Allows you to control whether Google Chrome's Safe Browsing feature is enabled and the mode it operates in. Safe Browsing 'enhanced' mode provides better security, but requires sharing more browsing information with Google.",

"pfm_description_reference": "Allows you to control whether Google Chrome's Safe Browsing feature is enabled and the mode it operates in.\n\nIf this policy is set to 'NoProtection' (value 0), Safe Browsing is never active.\n\nIf this policy is set to 'StandardProtection' (value 1, which is the default), Safe Browsing is always active in the standard mode.\n\nIf this policy is set to 'EnhancedProtection' (value 2), Safe Browsing is always active in the enhanced mode, which provides better security, but requires sharing more browsing information with Google.\n\nIf you set this policy as mandatory, users cannot change or override the Safe Browsing setting in Google Chrome.\n\nIf this policy is left not set, Safe Browsing will operate in Standard Protection mode but users can change this setting.\n\nSee https://developers.google.com/safe-browsing for more info on Safe Browsing.\n\n0 = Safe Browsing is never active.\n1 = Safe Browsing is active in the standard mode.\n2 = Safe Browsing is active in the enhanced mode. This mode provides better security, but requires sharing more browsing information with Google.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SafeBrowsingProtectionLevel",

"pfm_name": "SafeBrowsingProtectionLevel",

"pfm_note": "See https://developers.google.com/safe-browsing for more info on Safe Browsing.",

"pfm_range_list": [0, 1, 2],

"pfm_range_list_titles": ["Safe Browsing is never active", "Safe Browsing is active in the standard mode", "Safe Browsing is active in the enhanced mode"],

"pfm_title": "Safe Browsing protection level",

"pfm_type": "integer"

},

{

"pfm_app_deprecated": "86",

"pfm_app_min": "68",

"pfm_description": "Configure the list of domains which Safe Browsing will trust. This means:\nSafe Browsing will not check for dangerous resources (e.g. phishing, malware, or unwanted software) if their URLs match these domains.\nSafe Browsing's download protection service will not check downloads hosted on these domains.\nSafe Browsing's password protection service will not check for password reuse if the page URL matches these domains.",

"pfm_description_reference": "Configure the list of domains which Safe Browsing will trust. This means:\nSafe Browsing will not check for dangerous resources (e.g. phishing, malware, or unwanted software) if their URLs match these domains.\nSafe Browsing's download protection service will not check downloads hosted on these domains.\nSafe Browsing's password protection service will not check for password reuse if the page URL matches these domains.\n\nIf this setting is enabled, then Safe Browsing will trust these domains.\nIf this setting is disabled or not set, then default Safe Browsing protection is applied to all resources.\nThis policy is not available on Windows instances that are not joined to a Microsoft® Active Directory® domain.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SafeBrowsingWhitelistDomains",

"pfm_name": "SafeBrowsingWhitelistDomains",

"pfm_note": "Use SafeBrowsingAllowlistDomains instead.",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "mydomain.com"

}],

"pfm_title": "Configure the list of domains on which Safe Browsing will not trigger warnings.",

"pfm_type": "array"

},

{

"pfm_app_min": "86",

"pfm_description": "Configure the list of domains which Safe Browsing will trust. This means:\nSafe Browsing will not check for dangerous resources (e.g. phishing, malware, or unwanted software) if their URLs match these domains.\nSafe Browsing's download protection service will not check downloads hosted on these domains.\nSafe Browsing's password protection service will not check for password reuse if the page URL matches these domains.",

"pfm_description_reference": "Configure the list of domains which Safe Browsing will trust. This means:\nSafe Browsing will not check for dangerous resources (e.g. phishing, malware, or unwanted software) if their URLs match these domains.\nSafe Browsing's download protection service will not check downloads hosted on these domains.\nSafe Browsing's password protection service will not check for password reuse if the page URL matches these domains.\n\nIf this setting is enabled, then Safe Browsing will trust these domains.\nIf this setting is disabled or not set, then default Safe Browsing protection is applied to all resources.\nThis policy is not available on Windows instances that are not joined to a Microsoft® Active Directory® domain.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SafeBrowsingAllowlistDomains",

"pfm_name": "SafeBrowsingAllowlistDomains",

"pfm_subkeys": [

{

"pfm_type": "string",

"pfm_value_placeholder": "mydomain.com"

}],

"pfm_title": "Configure the list of domains on which Safe Browsing will not trigger warnings.",

"pfm_type": "array"

},

{

"pfm_app_deprecated": "85",

"pfm_app_min": "44",

"pfm_default": true,

"pfm_description": "This setting is deprecated, use SafeBrowsingExtendedReportingEnabled instead. Enabling or disabling SafeBrowsingExtendedReportingEnabled is equivalent to setting SafeBrowsingExtendedReportingOptInAllowed to False.",

"pfm_description_reference": "This setting is deprecated, use SafeBrowsingExtendedReportingEnabled instead. Enabling or disabling SafeBrowsingExtendedReportingEnabled is equivalent to setting SafeBrowsingExtendedReportingOptInAllowed to False.\n\nSetting this policy to false stops users from choosing to send some system information and page content to Google servers. If this setting is true or not configured, then users will be allowed to send some system information and page content to Safe Browsing to help detect dangerous apps and sites.\n\nSee https://developers.google.com/safe-browsing for more info on Safe Browsing.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=SafeBrowsingExtendedReportingEnabled",

"pfm_name": "SafeBrowsingExtendedReportingOptInAllowed",

"pfm_title": "Allow users to opt in to Safe Browsing extended reporting",

"pfm_type": "boolean"

}, null, null,

{

"pfm_app_min": "8",

"pfm_description": "Configures the type of the default home page in Google Chrome and prevents users from changing home page preferences. The home page can either be set to a URL you specify or set to the New Tab Page.",

"pfm_description_reference": "Configures the type of the default home page in Google Chrome and prevents users from changing home page preferences. The home page can either be set to a URL you specify or set to the New Tab Page.\n\nIf you enable this setting, the New Tab Page is always used for the home page, and the home page URL location is ignored.\n\nIf you disable this setting, the user's homepage will never be the New Tab Page, unless its URL is set to 'chrome://newtab'.\n\nIf you enable or disable this setting, users cannot change their homepage type in Google Chrome.\n\nLeaving this policy not set will allow the user to choose whether the new tab page is their home page on their own.\n\nThis policy is not available on Windows instances that are not joined\nto a Microsoft® Active Directory® domain.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=HomepageIsNewTabPage",

"pfm_name": "HomepageIsNewTabPage",

"pfm_title": "Use New Tab Page as homepage",

"pfm_type": "boolean"

},

{

"pfm_app_min": "8",

"pfm_description": "Configures the default home page URL in Google Chrome and prevents users from changing it.",

"pfm_description_reference": "Configures the default home page URL in Google Chrome and prevents users from changing it.\n\nThe home page is the page opened by the Home button. The pages that open on startup are controlled by the RestoreOnStartup policies.\n\nThe home page type can either be set to a URL you specify here or set to the New Tab Page. If you select the New Tab Page, then this policy does not take effect.\n\nIf you enable this setting, users cannot change their home page URL in Google Chrome, but they can still choose the New Tab Page as their home page.\n\nLeaving this policy not set will allow the user to choose their home page on their own if HomepageIsNewTabPage is not set too.\n\nThis policy is not available on Windows instances that are not joined\nto a Microsoft® Active Directory® domain.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=HomepageLocation",

"pfm_name": "HomepageLocation",

"pfm_title": "Home page URL",

"pfm_type": "string"

},

{

"pfm_app_min": "58",

"pfm_description": "Configures the default New Tab page URL and prevents users from changing it.",

"pfm_description_reference": "Configures the default New Tab page URL and prevents users from changing it.\n\nThe New Tab page is the page opened when new tabs are created (including the one opened in new windows).\n\nThis policy does not decide which pages are to be opened on start up. Those are controlled by the RestoreOnStartup policies. Yet this policy does affect the Home Page if that is set to open the New Tab page, as well as the startup page if that is set to open the New Tab page.\n\nIf the policy is not set or left empty the default new tab page is used.\n\nThis policy is not available on Windows instances that are not joined to a Microsoft® Active Directory® domain.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NewTabPageLocation",

"pfm_name": "NewTabPageLocation",

"pfm_title": "New Tab page URL",

"pfm_type": "string"

},

{

"pfm_app_min": "8",

"pfm_description": "Allows you to specify the behavior on startup.",

"pfm_description_reference": "5 - Open New Tab Page\n1 - Restore the last session\n4 - Open a list of URLs\nAllows you to specify the behavior on startup.\n\nIf you choose 'Open New Tab Page' the New Tab Page will always be opened when you start Google Chrome.\n\nIf you choose 'Restore the last session', the URLs that were open last time Google Chrome was closed will be reopened and the browsing session will be restored as it was left.\nChoosing this option disables some settings that rely on sessions or that perform actions on exit (such as Clear browsing data on exit or session-only cookies).\n\nIf you choose 'Open a list of URLs', the list of 'URLs to open on startup' will be opened when a user starts Google Chrome.\n\nIf you enable this setting, users cannot change or override it in Google Chrome.\n\nDisabling this setting is equivalent to leaving it not configured. The user will still be able to change it in Google Chrome.\n\nThis policy is not available on Windows instances that are not joined\nto a Microsoft® Active Directory® domain.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RestoreOnStartup",

"pfm_name": "RestoreOnStartup",

"pfm_range_list": [5, 1, 4],

"pfm_range_list_titles": ["Open New Tab Page", "Restore the last session", "Open a list of URLs"],

"pfm_title": "Action on startup",

"pfm_type": "integer"

},

{

"pfm_app_min": "8",

"pfm_description": "If 'Open a list of URLs' is selected as the startup action, this allows you to specify the list of URLs that are opened. If left not set no URL will be opened on start up.",

"pfm_description_reference": "If 'Open a list of URLs' is selected as the startup action, this allows you to specify the list of URLs that are opened. If left not set no URL will be opened on start up.\n\nThis policy only works if the 'RestoreOnStartup' policy is set to 'RestoreOnStartupIsURLs'.\n\nThis policy is not available on Windows instances that are not joined\nto a Microsoft® Active Directory® domain.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RestoreOnStartupURLs",

"pfm_name": "RestoreOnStartupURLs",

"pfm_subkeys": [

{

"pfm_name": "URL",

"pfm_type": "string"

}],

"pfm_title": "URLs to open on startup",

"pfm_type": "array"

},

{

"pfm_app_min": "8",

"pfm_description": "Shows the Home button on Google Chrome's toolbar.",

"pfm_description_reference": "Shows the Home button on Google Chrome's toolbar.\n\nIf you enable this setting, the Home button is always shown.\n\nIf you disable this setting, the Home button is never shown.\n\nIf you enable or disable this setting, users cannot change or override this setting in Google Chrome.\n\nLeaving this policy not set will allow the user to choose whether to show the home button.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ShowHomeButton",

"pfm_name": "ShowHomeButton",

"pfm_title": "Show Home button on toolbar",

"pfm_type": "boolean"

}, null,

{

"pfm_app_min": "68",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are allowed to ask the user to grant them access to a USB device.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are allowed to ask the user to grant them access to a USB device.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultWebUsbGuardSetting' policy if it is set, or the user's personal configuration otherwise.\n\nURL patterns in this policy should not clash with ones configured via WebUsbBlockedForUrls. It is unspecified which of the two policies takes precedence if a URL matches with both.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=WebUsbAskForUrls",

"pfm_name": "WebUsbAskForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string"

}],

"pfm_title": "Allow WebUSB on these sites",

"pfm_type": "array"

},

{

"pfm_app_min": "68",

"pfm_description": "Allows you to set a list of url patterns that specify sites which are prevented from asking the user to grant them access to a USB device.",

"pfm_description_reference": "Allows you to set a list of url patterns that specify sites which are prevented from asking the user to grant them access to a USB device.\n\nIf this policy is left not set the global default value will be used for all sites either from the 'DefaultWebUsbGuardSetting' policy if it is set, or the user's personal configuration otherwise.\n\nURL patterns in this policy should not clash with ones configured via WebUsbAskForUrls. It is unspecified which of the two policies takes precedence if a URL matches with both.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=WebUsbBlockedForUrls",

"pfm_name": "WebUsbBlockedForUrls",

"pfm_note": "For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns.",

"pfm_subkeys": [

{

"pfm_type": "string"

}],

"pfm_title": "Block WebUSB on these sites",

"pfm_type": "array"

},

{

"pfm_default": false,

"pfm_app_deprecated": "68",

"pfm_app_min": "9",

"pfm_description": "Disables the Developer Tools and the JavaScript console. This policy is deprecated in M68, please use DeveloperToolsAvailability instead.",

"pfm_description_reference": "This policy is deprecated in M68, please use DeveloperToolsAvailability instead.\n\nDisables the Developer Tools and the JavaScript console.\n\nIf you enable this setting, the Developer Tools can not be accessed and web-site elements can not be inspected anymore. Any keyboard shortcuts and any menu or context menu entries to open the Developer Tools or the JavaScript Console will be disabled.\n\nSetting this option to disabled or leaving it not set allows the user to use the Developer Tools and the JavaScript console.\n\nIf the policy DeveloperToolsAvailability is set, the value of the policy DeveloperToolsDisabled is ignored.",

"pfm_documentation_url": "https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DeveloperToolsDisabled",

"pfm_name": "DeveloperToolsDisabled",

"pfm_title": "Control where Developer Tools can be used",

"pfm_type": "boolean"

}],

"pfm_targets": ["user", "system"],

"pfm_title": "Google Chrome",

"pfm_unique": true,

"pfm_version": 12

}

[json] Chrome Settings

Viewer

Editor