This setting allows a list of names to be specified that will be exempt from HTTP Strict Transport Security (HSTS) policy checks then potentially upgraded from http:// to https://. The recommended state for this setting is: Disabled (0) Rationale: Allowing hostnames to be exempt from HSTS checks could allow for protocol downgrade attacks and cookie hijackings. Impact: None - This is the default behavior.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled: Computer Configuration\Policies\Administrative Templates\Google\Google Chrome\List of names that will bypass the HSTS policy check Default Value: Unset (Same as Disabled, but user can change)