1.68 Ensure 'Control use of the Headless Mode' is set to 'Disabled'

Information

This policy setting controls whether users can launch Microsoft Edge in headless mode. A headless browser is a browser that is not configured with a Graphical User Interface (GUI) and is executed via command-line or using network communication.

The recommended state for this setting is Disabled.

Rationale:

Although this feature can be very useful to developers, an attacker could programmatically scrape website content and install malicious scripts on devices running the browser's headless interface.

Impact:

Users will not be able to access headless mode in Microsoft Edge.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Control use of the Headless Mode

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.

Default Value:

Enabled. (Microsoft Edge allows use of the headless mode.)

See Also

https://workbench.cisecurity.org/benchmarks/11865

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Windows

Control ID: 57df000b7b5c6f7548104fa523a17a3468e86c736004024e8ca4b8eb45d2d086