Computer Configuration > Administrative Templates > Google Chrome
Both
HKLM\Software\Policies\Google\Chrome
Setting the policy specifies a list of origins (URLs) or hostname patterns (such as *.example.com) for which security restrictions on insecure origins won't apply. Patterns are only accepted for hostnames; URLs/origins with schemes must be exact strings. Organizations can specify origins for legacy applications that can't deploy TLS or set up a staging server for internal web development, so developers can test out features requiring secure contexts without having to deploy TLS on the staging server. This policy also prevents the origin from being labeled "Not Secure" in the address bar. Setting a list of URLs in this policy amounts to setting the command-line flag --unsafely-treat-insecure-origin-as-secure to a comma-separated list of the same URLs. The policy overrides the command-line flag and UnsafelyTreatInsecureOriginAsSecure, if present. For more information on secure contexts, see Secure Contexts ( https://www.w3.org/TR/secure-contexts ). Example value: http://testserver.example.com/ *.example.org