Disable DNS over HTTPS on enterprise browsers

Browsers in your enterprise may enable DoH by default. To make sure that your enterprise computers rely on ​ETP Client​ for protection and privacy and do not bypass ​SIA​ security, you can manually disable this protocol.


Use your enterprise system management solution to deploy these browser settings to computers across your organization.

On Google Chrome

DoH is enabled by default on Google Chrome version 83 or later. Complete this procedure to disable DoH on a single instance of Chrome.

You can also use the DnsOverHttpsMode group policy or the Google Admin Console to disable DoH. For more information, see the Google Chrome Enterprise documentation.

To disable DoH on Chrome:

  1. Open the Google Chrome browser.

  2. Go to the Security settings. Complete these steps:

    1. In the address bar, enter chrome://settings/security/.

    2. In the Advanced section, disable Use Secure DNS.

On Mozilla Firefox

DoH is enabled by default on Mozilla Firefox. Complete this procedure to disable DoH.

To disable DoH on Firefox:

  1. On Mozilla Firefox, click the menu button.

  2. Click Options.

  3. Go to the Network Settings section and click Settings.

  4. Scroll down to the Enable DNS over HTTPS option, and deselect it.

  5. Click OK to save your settings.

On Microsoft Edge

While DoH is not enabled by default on Microsoft Edge browsers, you can perform this procedure in case it's enabled.

To disable DoH on Edge:

  1. Open Edge.

  2. In the browser menu, select Settings.

  3. From the Settings menu, select Privacy, Search, and Services.

  4. Under Security, disable Use secure DNS to specify how to lookup the network address for websites.