Information
This policy setting allows a list of names to be specified that will be exempt from HTTP Strict Transport Security (HSTS) policy checks then potentially upgraded from http:// to https://.
The recommended state for this setting is: Disabled.
Rationale:
Allowing hostnames to be exempt from HSTS policy checks could allow for protocol downgrade attacks and cookie hijackings.
Impact:
There should be no adverse affect to users.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Configure the list of names that will bypass the HSTS policy check
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.
Default Value:
Not Configured.