caption: Disable Certificate Transparency enforcement for a list of URLs
desc: |-
Setting the policy turns off Certificate Transparency disclosure requirements for the hostnames in the specified URLs. While making it harder to detect misissued certificates, hosts can keep using certificates that otherwise wouldn't be trusted (because they weren't properly publicly disclosed).
Leaving the policy unset means that if certificates requiring disclosure through Certificate Transparency aren't disclosed, then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> doesn't trust those certificates.
A URL pattern follows this format ( https://support.google.com/chrome/a?p=url_blocklist_filter_format ). However, because the validity of certificates for a given hostname is independent of the scheme, port, or path, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> only considers the hostname portion of the URL. Wildcard hosts aren't supported.
example_value:
- example.com
- .example.com
features:
dynamic_refresh: true
per_profile: false
future_on:
- fuchsia
owners:
- file://components/certificate_transparency/OWNERS
- [email protected]
schema:
items:
type: string
type: array
supported_on:
- chrome.*:53-
- chrome_os:53-
- android:53-
tags:
- system-security
type: list
Codebase Browser
chromium