URLBlocklist

Setting the URLBlocklist policy stops web pages with prohibited URLs from loading. Administrators can specify the list of URL patterns to be blocked. If left unset, no URLs are blocked in the browser. Up to 1,000 exceptions can be defined in URLAllowlist. See how to format a URL pattern ( https://support.google.com/chrome/a?p=url_blocklist_filter_format ). Note: This policy does not apply to in-page JavaScript URLs with dynamically loaded data. If you blocked example.com/abc, then example.com could still load it using XMLHTTPRequest. Additionally, this policy does not prevent web pages from updating the URL shown in the omnibox to a blocked one using the JavaScript History API. From Google Chrome version 73, you can block javascript://* URLs. But, this only affects JavaScript entered in the address bar or, for example, bookmarklets. From Google Chrome version 92, this policy is also supported in the headless mode. Note: Blocking internal chrome://* and chrome-untrusted://* URLs can lead to unexpected errors or can be circumvented in some cases. Instead of blocking certain internal URLs, see if there are more specific policies available. For example: - Instead of blocking chrome://settings/certificates, use CACertificateManagementAllowed. - Instead of blocking chrome-untrusted://crosh, use SystemFeaturesDisableList.