Disable Certificate Transparency enforcement for a list of URLs

Disables enforcing Certificate Transparency requirements to the listed URLs.

This policy allows certificates for the hostnames in the specified URLs to not be disclosed via Certificate Transparency. This allows certificates that would otherwise be untrusted, because they were not properly publicly disclosed, to continue to be used, but makes it harder to detect misissued certificates for those hosts.

A URL pattern is formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format. However, because certificates are valid for a given hostname independent of the scheme, port, or path, only the hostname portion of the URL is considered. Wildcard hosts are not supported.

If this policy is not set, any certificate that is required to be disclosed via Certificate Transparency will be treated as untrusted if it is not disclosed according to the Certificate Transparency policy.


Supported on: Microsoft Windows XP SP2 or later
Disable Certificate Transparency enforcement for a list of URLs

Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls
Value Name{number}
Value TypeREG_SZ
Default Value

chrome.admx

Administrative Templates (Computers)

Administrative Templates (Users)