URL Action Flags

The following list contains values associated with the actions that can be taken in a URL security zone. The possible URL policy values for each of the listed URL action flags can be found in About URL Security Zones.

Constant/value Description
#define URLACTION_MIN                0x00001000
#define URLACTION_DOWNLOAD_MIN                0x00001000
#define URLACTION_DOWNLOAD_SIGNED_ACTIVEX     0x00001001
#define URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX   0x00001004
#define URLACTION_DOWNLOAD_CURR_MAX           0x00001004
#define URLACTION_DOWNLOAD_MAX                0x000011FF
#define URLACTION_ACTIVEX_MIN                            0x00001200
#define URLACTION_ACTIVEX_RUN                            0x00001200
#define URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY         0x00001201
#define URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY           0x00001202
#define URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY         0x00001203
#define URLACTION_SCRIPT_OVERRIDE_SAFETY                 0x00001401
#define URLACTION_ACTIVEX_CONFIRM_NOOBJECTSAFETY         0x00001204
#define URLACTION_ACTIVEX_TREATASUNTRUSTED               0x00001205
#define URLACTION_ACTIVEX_NO_WEBOC_SCRIPT                0x00001206
#define URLACTION_ACTIVEX_OVERRIDE_REPURPOSEDETECTION    0x00001207
#define URLACTION_ACTIVEX_OVERRIDE_OPTIN                 0x00001208
#define URLACTION_ACTIVEX_SCRIPTLET_RUN                  0x00001209
#define URLACTION_ACTIVEX_DYNSRC_VIDEO_AND_ANIMATION     0x0000120A
#define URLACTION_ACTIVEX_OVERRIDE_DOMAINLIST            0x0000120B
#define URLACTION_ACTIVEX_CURR_MAX                       0x0000120B
#define URLACTION_ACTIVEX_MAX                            0x000013ff
#define URLACTION_SCRIPT_MIN                        0x00001400
#define URLACTION_SCRIPT_RUN                        0x00001400
#define URLACTION_SCRIPT_JAVA_USE                   0x00001402
#define URLACTION_SCRIPT_SAFE_ACTIVEX               0x00001405
#define URLACTION_CROSS_DOMAIN_DATA                 0x00001406
#define URLACTION_SCRIPT_PASTE                      0x00001407
#define URLACTION_ALLOW_XDOMAIN_SUBFRAME_RESIZE     0x00001408
#define URLACTION_SCRIPT_XSSFILTER                  0x00001409
#define URLACTION_SCRIPT_CURR_MAX                   0x00001409
#define URLACTION_SCRIPT_MAX                        0x000015ff
#define URLACTION_HTML_MIN                      0x00001600
#define URLACTION_HTML_SUBMIT_FORMS             0x00001601
#define URLACTION_HTML_SUBMIT_FORMS_FROM        0x00001602
#define URLACTION_HTML_SUBMIT_FORMS_TO          0x00001603
#define URLACTION_HTML_FONT_DOWNLOAD            0x00001604
#define URLACTION_HTML_JAVA_RUN                 0x00001605
#define URLACTION_HTML_USERDATA_SAVE            0x00001606
#define URLACTION_HTML_SUBFRAME_NAVIGATE        0x00001607
#define URLACTION_HTML_META_REFRESH             0x00001608
#define URLACTION_HTML_MIXED_CONTENT            0x00001609
#define URLACTION_HTML_INCLUDE_FILE_PATH        0x0000160A
#define URLACTION_HTML_MAX                      0x000017ff
#define URLACTION_SHELL_MIN                          0x00001800
#define URLACTION_SHELL_INSTALL_DTITEMS              0x00001800
#define URLACTION_SHELL_MOVE_OR_COPY                 0x00001802
#define URLACTION_SHELL_FILE_DOWNLOAD                0x00001803
#define URLACTION_SHELL_VERB                         0x00001804
#define URLACTION_SHELL_WEBVIEW_VERB                 0x00001805
#define URLACTION_SHELL_SHELLEXECUTE                 0x00001806
#if (_WIN32_IE >= _WIN32_IE_IE60SP2)
#define URLACTION_SHELL_EXECUTE_HIGHRISK             0x00001806
#define URLACTION_SHELL_EXECUTE_MODRISK              0x00001807
#define URLACTION_SHELL_EXECUTE_LOWRISK              0x00001808
#define URLACTION_SHELL_POPUPMGR                     0x00001809
#define URLACTION_SHELL_RTF_OBJECTS_LOAD             0x0000180A
#define URLACTION_SHELL_ENHANCED_DRAGDROP_SECURITY   0x0000180B
#define URLACTION_SHELL_EXTENSIONSECURITY            0x0000180C
#define URLACTION_SHELL_SECURE_DRAGSOURCE            0x0000180D
#endif //(_WIN32_IE >= _WIN32_IE_IE60SP2)
#if (_WIN32_IE >= _WIN32_IE_WIN7)
#define URLACTION_SHELL_REMOTEQUERY                  0x0000180E
#define URLACTION_SHELL_PREVIEW                      0x0000180F
#endif //(_WIN32_IE >= _WIN32_IE_WIN7)
#define URLACTION_SHELL_CURR_MAX                     0x0000180F
#define URLACTION_SHELL_MAX                          0x000019ff
#define URLACTION_NETWORK_MIN                     0x00001A00
#define URLACTION_CREDENTIALS_USE                 0x00001A00
#define URLACTION_AUTHENTICATE_CLIENT             0x00001A01
#define URLACTION_COOKIES                         0x00001A02
#define URLACTION_COOKIES_SESSION                 0x00001A03
#define URLACTION_CLIENT_CERT_PROMPT              0x00001A04
#define URLACTION_COOKIES_THIRD_PARTY             0x00001A05
#define URLACTION_COOKIES_SESSION_THIRD_PARTY     0x00001A06
#define URLACTION_COOKIES_ENABLED                 0x00001A10
#define URLACTION_NETWORK_CURR_MAX                0x00001A10
#define URLACTION_NETWORK_MAX                     0x00001Bff
#define URLACTION_JAVA_MIN             0x00001C00
#define URLACTION_JAVA_PERMISSIONS     0x00001C00
#define URLACTION_JAVA_CURR_MAX        0x00001C00
#define URLACTION_JAVA_MAX             0x00001Cff
#define URLACTION_INFODELIVERY_MIN                          0x00001D00
#define URLACTION_INFODELIVERY_NO_ADDING_CHANNELS           0x00001D00
#define URLACTION_INFODELIVERY_NO_EDITING_CHANNELS          0x00001D01
#define URLACTION_INFODELIVERY_NO_REMOVING_CHANNELS         0x00001D02
#define URLACTION_INFODELIVERY_NO_ADDING_SUBSCRIPTIONS      0x00001D03
#define URLACTION_INFODELIVERY_NO_EDITING_SUBSCRIPTIONS     0x00001D04
#define URLACTION_INFODELIVERY_NO_REMOVING_SUBSCRIPTIONS    0x00001D05
#define URLACTION_INFODELIVERY_NO_CHANNEL_LOGGING           0x00001D06
#define URLACTION_INFODELIVERY_CURR_MAX                     0x00001D06
#define URLACTION_INFODELIVERY_MAX                          0x00001Dff
#define URLACTION_CHANNEL_SOFTDIST_MIN                      0x00001E00
#define URLACTION_CHANNEL_SOFTDIST_PERMISSIONS              0x00001E05
#define URLACTION_CHANNEL_SOFTDIST_MAX                      0x00001Eff
#if (_WIN32_IE >= _WIN32_IE_IE80)
#define URLACTION_DOTNET_USERCONTROLS               0x00002005
#endif //(_WIN32_IE >= _WIN32_IE_IE80)
#if (_WIN32_IE >= _WIN32_IE_IE60SP2)
#define URLACTION_BEHAVIOR_MIN                      0x00002000
#define URLACTION_BEHAVIOR_RUN                      0x00002000
#define URLACTION_FEATURE_MIN                       0x00002100
#define URLACTION_FEATURE_MIME_SNIFFING             0x00002100
#define URLACTION_FEATURE_ZONE_ELEVATION            0x00002101
#define URLACTION_FEATURE_WINDOW_RESTRICTIONS       0x00002102
#define URLACTION_FEATURE_SCRIPT_STATUS_BAR         0x00002103
#define URLACTION_FEATURE_FORCE_ADDR_AND_STATUS     0x00002104
#define URLACTION_FEATURE_BLOCK_INPUT_PROMPTS       0x00002105
#define URLACTION_FEATURE_DATA_BINDING              0x00002106
#define URLACTION_FEATURE_CROSSDOMAIN_FOCUS_CHANGE  0x00002107
#define URLACTION_AUTOMATIC_DOWNLOAD_UI_MIN         0x00002200
#define URLACTION_AUTOMATIC_DOWNLOAD_UI             0x00002200
#define URLACTION_AUTOMATIC_ACTIVEX_UI              0x00002201
#define URLACTION_ALLOW_RESTRICTEDPROTOCOLS         0x00002300
#endif //(_WIN32_IE >= _WIN32_IE_IE60SP2)
#if (_WIN32_IE >= _WIN32_IE_IE70)
#define URLACTION_ALLOW_APEVALUATION                0x00002301
#define URLACTION_WINDOWS_BROWSER_APPLICATIONS      0x00002400
#define URLACTION_XPS_DOCUMENTS                     0x00002401
#define URLACTION_LOOSE_XAML                        0x00002402
#define URLACTION_LOWRIGHTS                         0x00002500
#define URLACTION_WINFX_SETUP                       0x00002600
#define URLACTION_INPRIVATE_BLOCKING                0x00002700
#endif //(_WIN32_IE >= _WIN32_IE_IE70) 
#define URLACTION_ALLOW_AUDIO_VIDEO                 0x00002701
#define URLACTION_ALLOW_ACTIVEX_FILTERING           0x00002702
#define URLACTION_ALLOW_STRUCTURED_STORAGE_SNIFFING 0x00002703 
URLACTION_ACTIVEX_CONFIRM_NOOBJECTSAFETY 0x00001204

User can decide whether to load and script a ActiveX control that is not safe.

URLACTION_ACTIVEX_CURR_MAX 0x0000120B

Current maximum value of the URL action ActiveX flags.

URLACTION_ACTIVEX_DYNSRC_VIDEO_AND_ANIMATION 0x0000120A

Internet Explorer 7. Determines whether to allow native playback of video and animation in Web pages that specify media files in the DYNSRC attribute of the IMG element. Users may still be able to view non-native video and animation because animation and video can be created in the context of an external player application using the OBJECT tag.

As of Internet Explorer 8, this setting also applies to HTML+TIME elements.

URLACTION_ACTIVEX_MAX 0x000013ff

Maximum value of the URL action ActiveX flags.

URLACTION_ACTIVEX_MIN 0x00001200

Minimum value of the URL action ActiveX flags.

URLACTION_ACTIVEX_NO_WEBOC_SCRIPT 0x00001206

Controls the ability to script the Web browser ActiveX control.

URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY 0x00001202

Determines whether ActiveX safety for untrusted data can be overridden.

URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY 0x00001201

Determines whether the ActiveX control object safety is overridden or enforced for pages in the URL security zone. Object safety should be overridden only if all ActiveX Controls and scripts that might interact with them on pages in the zone can be trusted not to breach security. This is an aggregate of URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY, URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY, URLACTION_ACTIVEX_CONFIRM_NOOBJECTSAFETY, and URLACTION_SCRIPT_OVERRIDE_SAFETY.

URLACTION_ACTIVEX_OVERRIDE_OPTIN 0x00001208

Internet Explorer 7. Applications can opt in to bypass the ActiveX prompt mode to prevent security prompts from appearing out of context. This action determines whether to override this setting.

URLACTION_ACTIVEX_OVERRIDE_REPURPOSEDETECTION 0x00001207

Internet Explorer 6 for Windows XP SP2 and later. Determines whether to perform ActiveX repurpose detection, which tests if the control is safe to be hosted. Internet Explorer checks for the IObjectSafety interface on ActiveX controls in the Internet zone to identify how the author intends for the control to be reused. (See KB909738 for more information.) The default policy for this action is set by security update and should not be modified. Requires that the feature control FEATURE_ACTIVEX_REPURPOSEDETECTION is enabled.

URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY 0x00001203

Determines whether ActiveX safety for scripting is overridden.

URLACTION_ACTIVEX_RUN 0x00001200

Manages the execution of ActiveX Controls and plug-ins from HTML pages in the zone.

URLACTION_ACTIVEX_SCRIPTLET_RUN 0x00001209

Internet Explorer 7. Determines whether scriptlets are allowed to run. This action has no effect if URLACTION_ACTIVEX_RUN is disabled.

URLACTION_ACTIVEX_TREATASUNTRUSTED 0x00001205

Not implemented.

URLACTION_ACTIVEX_OVERRIDE_DOMAINLIST 0x0000120B

Internet Explorer 8. When enabled, allows ActiveX controls to run without prompting in approved domains. The Per-Site ActiveX feature can be enabled and disabled under Internet Options; to do so, click the Security tab, select a security zone, click the Custom Level button, and then select one of the option buttons under "Only allow approved domains to use ActiveX without prompt."

URLACTION_ALLOW_ACTIVEX_FILTERING 0x00002702

Internet Explorer 9. Determines whether ActiveX Filtering is allowed for the security zone. No filtering occurs until the user enables ActiveX Filtering on the Safety menu. ActiveX Filtering is disabled by default in the Local intranet zone.

URLACTION_ALLOW_APEVALUATION 0x00002301

Internet Explorer 7 and later. Determine whether Phishing Filter evaluation is enabled.

URLACTION_ALLOW_AUDIO_VIDEO 0x00002701

Internet Explorer 9. Determines whether media elements (audio and video) are allowed. For the element to appear, both the security zone of the host webpage and the media source must allow media. By default, this URLAction permits playback of resources from all zones except the Restricted Sites zone. This means that pages in the restricted zone cannot play media from anywhere, and that pages in other zones do not permit media that is loaded from restricted sites.

URLACTION_ALLOW_RESTRICTEDPROTOCOLS 0x00002300

Internet Explorer 6 for Windows XP SP2 and later. Determines whether content loaded over a particular protocol should be restricted. Requires that the feature control FEATURE_PROTOCOL_LOCKDOWN is enabled.

URLACTION_ALLOW_STRUCTURED_STORAGE_SNIFFING 0x00002703

Internet Explorer 9. Determines whether to return the CLSID from a structured storage file when calling GetClassFileOrMime. Enabled by default in the Local intranet and Trusted sites security zone. To disallow sniffing across all zones, enable the FEATURE_RESTRICT_CDL_CLSIDSNIFF feature control key for the process as described in Introduction to Feature Controls.

URLACTION_ALLOW_XDOMAIN_SUBFRAME_RESIZE 0x00001408

Internet Explorer 7. Prevents content from an different domain from executing a resize command on a subframe (frame/iframe). The following methods are blocked: window.IHTMLWindow2::moveTo(x,y), window.IHTMLWindow2::moveBy(x,y), window.IHTMLWindow2::resizeTo(x,y), window.IHTMLWindow2::resizeBy(x,y). There is no UI to modify this behavior.

URLACTION_AUTHENTICATE_CLIENT 0x00001A01

Not currently used.

URLACTION_AUTOMATIC_ACTIVEX_UI 0x00002201

Internet Explorer 6 for Windows XP SP2 and later. Determines whether to display the Information Bar for ActiveX control installations rather than the ActiveX control prompt. Requires that the feature control FEATURE_RESTRICT_ACTIVEXINSTALL for code downloads is enabled.

URLACTION_AUTOMATIC_DOWNLOAD_UI 0x00002200

Internet Explorer 6 for Windows XP SP2 and later. Determines whether to display the file download dialogs or the Information Bar for downloads that are not initiated by the user. Requires that the feature control FEATURE_RESTRICT_FILEDOWNLOAD for file downloads is enabled.

URLACTION_AUTOMATIC_DOWNLOAD_UI_MIN 0x00002200

Internet Explorer 6 for Windows XP SP2 and later. Minimum value of the URL action download UI flags.

URLACTION_BEHAVIOR_MIN 0x00002000

Internet Explorer 6 for Windows XP SP2 and later. Minimum value of the URL action behavior flags.

URLACTION_BEHAVIOR_RUN 0x00002000

Internet Explorer 6 for Windows XP SP2 and later. Determines whether to allow DHTML behaviors and binary behaviors to run securely. Requires that the feature control FEATURE_BEHAVIORS is enabled.

URLACTION_CHANNEL_SOFTDIST_MAX 0x00001Eff

Maximum value for a URL action Software Update Channel flag.

URLACTION_CHANNEL_SOFTDIST_MIN 0x00001E00

Minimum value for a URL action Software Update Channel flag.

URLACTION_CHANNEL_SOFTDIST_PERMISSIONS 0x00001E05

Determines the level of trust placed on Software Update Channels.

URLACTION_CLIENT_CERT_PROMPT 0x00001A04

Internet Explorer 6 and later. Determines whether to suppress the authentication dialog that prompts the user to select a client certificate when no certificate or only one certificate is already installed.

URLACTION_COOKIES 0x00001A02

Determines whether HTTP persistent cookies are allowed.

URLACTION_COOKIES_ENABLED 0x00001A10

Internet Explorer 6 and later. Determines whether HTTP cookies can be set and retrieved.

URLACTION_COOKIES_SESSION 0x00001A03

Determines whether HTTP session cookies are allowed.

URLACTION_COOKIES_SESSION_THIRD_PARTY 0x00001A06

Internet Explorer 6 and later. Determines whether third-party HTTP session cookies are allowed.

URLACTION_COOKIES_THIRD_PARTY 0x00001A05

Internet Explorer 6 and later. Determines whether third-party HTTP persistent cookies are allowed.

URLACTION_CREDENTIALS_USE 0x00001A00

Determines how the user's credentials are used over the network.

URLACTION_CROSS_DOMAIN_DATA 0x00001406

Determines whether the resource is allowed to access data sources across domains.

URLACTION_DOTNET_USERCONTROLS 0x00002005

Internet Explorer 8. Determines whether to load a .NET user control on a Web page. Note that the applicable security zone is that of the control (based on URL), not that of the hosting page. This URL Action can only be set in the registry; no user interface is provided in the Internet Options dialog box. To configure this option with Group Policy, a custom administrative template (ADMX) must be deployed.

URLACTION_DOWNLOAD_CURR_MAX 0x00001004

Maximum value for the URL action download flags.

URLACTION_DOWNLOAD_MAX 0x000011FF

Maximum value of a URL action download flag.

URLACTION_DOWNLOAD_MIN 0x00001000

Minimum value of a URL action download flag.

URLACTION_DOWNLOAD_SIGNED_ACTIVEX 0x00001001

Manages the download of signed ActiveX Controls from the URL zone of the HTML page that contains the control.

URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX 0x00001004

Manages the download of unsigned ActiveX Controls from the URL zone of the HTML page that contains the control.

URLACTION_FEATURE_BLOCK_INPUT_PROMPTS 0x00002105

Internet Explorer 7. Determines whether to allow the popup blocker to show input prompt dialogs. Used to mitigate the risk of spoofing.

URLACTION_FEATURE_CROSSDOMAIN_FOCUS_CHANGE 0x00002107

Internet Explorer 9. Determines whether a caller is allowed to steal input focus from a different top-level parent. Normally, only windows with the same top-level parent are allowed to steal input focus from each other.

URLACTION_FEATURE_DATA_BINDING 0x00002106

Internet Explorer 8. Determines whether databinding is supported. By default, this feature is disabled in the Restricted zone, and in the High security template.

URLACTION_FEATURE_FORCE_ADDR_AND_STATUS 0x00002104

Internet Explorer 7. Determines whether to allow sites to open windows without address or status bar. Overrides the setting of FEATURE_FORCE_ADDR_AND_STATUS. This flag also overrides the attempt of a script to hide the status and address bar.

URLACTION_FEATURE_MIME_SNIFFING 0x00002100

Internet Explorer 6 for Windows XP SP2 and later. Allows Internet Explorer to determine a file's type by examining its bit signature. Internet Explorer uses this information to determine how to render the file. Requires that the feature control FEATURE_MIME_SNIFFING is enabled.

URLACTION_FEATURE_MIN 0x00002100

Internet Explorer 6 for Windows XP SP2 and later. Minimum value of the URL action feature control flags.

URLACTION_FEATURE_SCRIPT_STATUS_BAR 0x00002103

Internet Explorer 7. Determines whether scripts can update the text of the status bar.

URLACTION_FEATURE_WINDOW_RESTRICTIONS 0x00002102

Internet Explorer 6 for Windows XP SP2 and later. Determines whether a window should be constrained to the viewable desktop area and forced to have a status bar. Also, pop-up windows without chrome should be restricted in size and position so that they cannot overlay important information on their parent windows and cannot overlay system dialog box information. Requires that the feature control FEATURE_WINDOW_RESTRICTIONS is enabled.

URLACTION_FEATURE_ZONE_ELEVATION 0x00002101

Internet Explorer 6 for Windows XP SP2 and later. Determines whether to prevent non-user-initiated navigation between a page in a lower security zone to a page in a higher security zone. Requires that the feature control FEATURE_ZONE_ELEVATION is enabled.

URLACTION_HTML_CURR_MAX 0x00001609

Deprecated. Use URLACTION_HTML_MAX instead.

URLACTION_HTML_FONT_DOWNLOAD 0x00001604

Determines whether HTML font downloads are allowed.

URLACTION_HTML_INCLUDE_FILE_PATH 0x0000160A

Internet Explorer 7. Controls whether file pathnames are submitted during a file upload.

URLACTION_HTML_JAVA_RUN 0x00001605

Determines whether Java applets are allowed to run.

URLACTION_HTML_MAX 0x000017ff

Maximum value of the URL action HTML flags.

URLACTION_HTML_META_REFRESH 0x00001608

Internet Explorer 6 and later. Determines whether an HTML page can refresh in the security zone where the page is hosted.

URLACTION_HTML_MIN 0x00001600

Minimum value of the URL action HTML flags.

URLACTION_HTML_MIXED_CONTENT 0x00001609

Internet Explorer 6 and later. Indicates that a secure HTTPS document contains unsecure elements, such as frames, HTTP image sources, and so forth.

URLACTION_HTML_SUBFRAME_NAVIGATE 0x00001607

Internet Explorer 5 and later. Determines whether subframes are allowed to navigate across different domains.

URLACTION_HTML_SUBMIT_FORMS 0x00001601

Determines whether HTML forms on pages in the URL security zone, or submitted to servers in the zone, are allowed. Aggregate of the URLACTION_HTML_SUBMIT_FORMS_FROM and URLACTION_HTML_SUBMIT_FORMS_TO flags.

URLACTION_HTML_SUBMIT_FORMS_FROM 0x00001602

Determines whether form submissions from pages in the security zone are allowed. This flag is part of the URLACTION_HTML_SUBMIT_FORMS aggregate flag.

URLACTION_HTML_SUBMIT_FORMS_TO 0x00001603

Determines whether form submissions to a server in the security zone are allowed. This flag is part of the URLACTION_HTML_SUBMIT_FORMS aggregate flag.

URLACTION_HTML_USERDATA_SAVE 0x00001606

Internet Explorer 5 and later. Determines whether user data persistence is enabled.

URLACTION_INFODELIVERY_CURR_MAX 0x00001D06

Reserved.

URLACTION_INFODELIVERY_MAX 0x00001Dff

Reserved.

URLACTION_INFODELIVERY_MIN 0x00001D00

Reserved.

URLACTION_INFODELIVERY_NO_ADDING_CHANNELS 0x00001D00

Reserved.

URLACTION_INFODELIVERY_NO_ADDING_SUBSCRIPTIONS 0x00001D03

Reserved.

URLACTION_INFODELIVERY_NO_CHANNEL_LOGGING 0x00001D06

Reserved.

URLACTION_INFODELIVERY_NO_EDITING_CHANNELS 0x00001D01

Reserved.

URLACTION_INFODELIVERY_NO_EDITING_SUBSCRIPTIONS 0x00001D04

Reserved.

URLACTION_INFODELIVERY_NO_REMOVING_CHANNELS 0x00001D02

Reserved.

URLACTION_INFODELIVERY_NO_REMOVING_SUBSCRIPTIONS 0x00001D05

Reserved.

URLACTION_INPRIVATE_BLOCKING 0x00002700

Internet Explorer 8. Enables third-party URL tracking in the security zone, also known as InPrivate Browsing.

URLACTION_JAVA_CURR_MAX 0x00001C00

Current maximum value of the URL action Java flags.

URLACTION_JAVA_MAX 0x00001Cff

Maximum value for URL action Java flags.

URLACTION_JAVA_MIN 0x00001C00

Minimum value for URL action Java flags.

URLACTION_JAVA_PERMISSIONS 0x00001C00

Determines the Java permissions for the zone.

URLACTION_MANAGED_SIGNED 0x00002001

Windows XP SP2 and later. Determines whether to run Framework-reliant components that have been signed with Authenticode. This constant is not defined in Urlmon.h nor is it used directly by Internet Explorer; it is created by the CLR.

URLACTION_MANAGED_UNSIGNED 0x00002004

Windows XP SP2 and later. Determines whether to run Framework-reliant components that have not been signed with Authenticode. This constant is not defined in Urlmon.h nor is it used directly by Internet Explorer; it is created by the CLR.

URLACTION_LOOSE_XAML 0x00002402

Internet Explorer 7. Determines whether to process Loose XAML files, which are markup-only files that are not compiled into a browser application. See also URLACTION_WINDOWS_BROWSER_APPLICATIONS.

URLACTION_LOWRIGHTS 0x00002500

Internet Explorer 7. Determines whether Protected Mode is enabled in the security zone. Available on Windows Vista only.

URLACTION_MIN 0x00001000

The minimum value of URLACTIONS.

URLACTION_NETWORK_CURR_MAX 0x00001A10

Current maximum value for URL action network flags.

URLACTION_NETWORK_MAX 0x00001Bff

Maximum value for URL action network flags.

URLACTION_NETWORK_MIN 0x00001A00

Minimum value for URL action network flags.

URLACTION_SCRIPT_CURR_MAX 0x00001408

Current maximum value for a URL action script flag.

URLACTION_SCRIPT_JAVA_USE 0x00001402

Determines whether script code on HTML pages in the URL security zone is allowed to use Java applets if the properties, methods, and events of the applet are exposed to scripts.

URLACTION_SCRIPT_MAX 0x000015ff

Maximum value for a URL action script flag.

URLACTION_SCRIPT_MIN 0x00001400

Minimum value for a URL action script flag.

URLACTION_SCRIPT_OVERRIDE_SAFETY 0x00001401

Do not use ActiveX safety for objects created by scripts.

URLACTION_SCRIPT_PASTE 0x00001407

Internet Explorer 5 and later. Determines whether scripts can do paste operations.

URLACTION_SCRIPT_RUN 0x00001400

Determines whether script code on the pages in the URL security zone is run.

URLACTION_SCRIPT_SAFE_ACTIVEX 0x00001405

Determines whether scripting of safe ActiveX Controls is allowed.

URLACTION_SCRIPT_XSSFILTER 0x00001409

Internet Explorer 8. Enables or disables cross-site scripting (XSS) filter. This security setting determines the default behavior of the browser if the x-xss-protection HTTP response header is not present.

URLACTION_SHELL_CURR_MAX 0x0000180C

Current maximum value for a URL action Shell flag.

URLACTION_SHELL_ENHANCED_DRAGDROP_SECURITY 0x0000180B

Internet Explorer 6 for Windows XP SP2 and later. Determines whether to allow drag-and-drop operations that originate from Internet Explorer.

URLACTION_SHELL_EXECUTE_HIGHRISK 0x00001806

Internet Explorer 6 for Windows XP SP2 and later. Determines whether launching dangerous files (file types known to be used by viruses and other malicious code) is permitted from the URL security zone.

URLACTION_SHELL_EXECUTE_LOWRISK 0x00001808

Internet Explorer 6 for Windows XP SP2 and later. Determines whether launching typically safe files (data only) is permitted from the URL security zone.

URLACTION_SHELL_EXECUTE_MODRISK 0x00001807

Internet Explorer 6 for Windows XP SP2 and later. Determines whether launching ambiguous files (file types that could be used by viruses or other malicious code) is permitted from the URL security zone.

URLACTION_SHELL_EXTENSIONSECURITY 0x0000180C

Internet Explorer 7. Determines whether extensions to the shell are allowed to load. Blocked extensions are never loaded. Approved shell extensions are not affected by this action.

URLACTION_SHELL_FILE_DOWNLOAD 0x00001803

Determines whether file downloads are permitted from the URL security zone of the HTML page with the link that is causing the download.

URLACTION_SHELL_INSTALL_DTITEMS 0x00001800

Determines whether desktop items can be installed.

URLACTION_SHELL_MAX 0x000019ff

Maximum value for a URL action Shell flag.

URLACTION_SHELL_MIN 0x00001800

Minimum value for a URL action Shell flag.

URLACTION_SHELL_MOVE_OR_COPY 0x00001802

Determines whether Move or Copy operations are allowed.

URLACTION_SHELL_POPUPMGR 0x00001809

Internet Explorer 6 for Windows XP SP2 and later. Determines whether to apply pop-up window management to Internet Explorer.

URLACTION_SHELL_PREVIEW 0x0000180F

Windows 7. Determines whether a URL can be rendered as a preview for a federated search query in Windows Explorer.

URLACTION_SHELL_REMOTEQUERY 0x0000180E

Windows 7. Determines whether a URL can be used as a federated search query source in Windows Explorer. If denied, the remote server cannot be searched.

URLACTION_SHELL_RTF_OBJECTS_LOAD 0x0000180A

Internet Explorer 6 for Windows XP SP2 and later. Determines whether OLE objects are allowed to load in WordPad.

URLACTION_SHELL_SECURE_DRAGSOURCE 0x0000180D

Internet Explorer 7 and later. Determines whether files can be moved or copied to and from the specified location.

URLACTION_SHELL_SHELLEXECUTE 0x00001806

Internet Explorer 6 for Windows XP SP2 and later. See URLACTION_SHELL_EXECUTE_HIGHRISK.

URLACTION_SHELL_VERB 0x00001804

Determines whether launching of applications and files is permitted from the URL security zone.

URLACTION_SHELL_WEBVIEW_VERB 0x00001805

Determines whether executable files and HTML pages can be launched from WebView. There is no user interface that affects this URL action.

URLACTION_WINDOWS_BROWSER_APPLICATIONS 0x00002400

Internet Explorer 7. Determines whether to launch .NET Framework 3.0 browser applications, which are built on the .NET Framework 3.0 platform.

URLACTION_WINFX_SETUP 0x00002600

Internet Explorer 7. Determines whether .NET Framework 3.0 Runtime Components Setup is allowed.

URLACTION_XPS_DOCUMENTS 0x00002401

Internet Explorer 7. Determines whether to allow XPS Documents, which are files that are designed to provide users with a consistent document appearance regardless of where and how the document is viewed or printed.

Remarks

The .NET Framework 3.5 installs an additional value that is not yet included in the standard list of URL Action Flags. The URLACTION value is equal to 0x00002007, and maps to "Permissions for .NET Framework-reliant components with manifests" in the Security Settings for the selected zone. This setting allows you to add a ClickOnce-style manifest to a control in the browser. It does not apply to ClickOnce applications.

The following two policy values are supported by components with manifests:

  • High Safety (0x00010000) - manifested controls can run with the permissions it requests, but only if those permissions are a subset of the permissions it would have been granted by CAS policy or if the manifests are signed by a trusted publisher.
  • Disabled (0x03) - manifested controls may not run at all. This is the default behavior for unrecognized URL Policy Flags.

Requirements

Minimum supported client

Windows XP

Minimum supported server

Windows 2000 Server

Product

Internet Explorer 4.0