InformationThis policy setting allows for a specified list of origins (URLs) or hostname patterns (like '*.contoso.com') for which security restrictions on insecure origins don't apply.
Allowed origins for legacy applications that can't deploy TLS or set up a staging server for internal web development so that developers can test features requiring secure contexts without having to deploy TLS on the staging server. This policy also prevents the origin from being labeled Not Secure in the omnibox.
The recommended state for this setting is: Disabled.
Insecure contexts should always be labeled as insecure.
None - This is the default behavior.
SolutionTo establish the recommended configuration via Group Policy, set the following UI path to Disabled:
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Control where security restrictions on insecure origins apply