

You can modify Chromium flags by visiting: edge://flags (for Microsoft Edge), and chrome://flags.


When web servers omit the SameSite HTTP Set-Cookie attribute, Chromium will force the HTTP cookie over TLS. NOTE: When web servers specify SameSite, TLS is enforced for that cookie.

Forces all cookies through secure connections


When SameSite is omitted, Chromium will force the cookie to SameSite=Lax, which improves security, and prevents the cookie from being able to track you as easily.

Makes cookies more secure by default


This applies a stricter policy for determining the cross-site definition for an HTTP cookie. Both the scheme and the domain is used. E.g: is considered cross-site to It prevents from obtaining SameSite=Lax cookies.


Enable this flag to disable insecure versions of TLS.


When you type a basic domain name like into the address bar, you make a request to the HTTP version of the website instead of HTTPS. Enable this flag to force typed URLs in the address bar to use TLS.


Enable this flag so Chromium automatically disables autofill for forms which submit over insecure connections.


Enable this so you are warned if a form submits over a non-secure connection.


Treat “dangerous files” (i.e: .exe, .dmg, .jar, etc) as “active mixed content” when downloading over insecure connections so Chromium blocks you from downloading it.