How to Enable or Disable Website Typo Protection Override in Microsoft Edge on Windows 11

Learning how to enable or disable Website Typo Protection in Microsoft Edge is one of those small configuration changes that can have an outsized impact on how safely people browse the web in your environment. Website Typo Protection helps catch fat-fingered URLs before they drop users onto lookalike phishing pages, and the override setting determines whether users are allowed to ignore those warnings and proceed anyway.

On Windows 11, you can control both the protection itself and the ability to bypass prompts using a mix of Edge Settings, Group Policy, registry keys, and automation.

What Website Typo Protection does

Typosquatting attacks rely on domains that look almost identical to legitimate sites — think “amzon.com” instead of “amazon.com” — to trick users into handing over credentials, payment information, or other sensitive data. Website Typo Protection in Microsoft Edge compares what users type against a maintained set of known domains and common typo patterns and then warns when it detects a suspicious lookalike. If triggered, Edge surfaces a warning page that explains the site may not be what the user intended and offers a safer alternative or a chance to go back.

The override behavior is where policy comes in. By default, if Website Typo Protection is on but not locked down by policy, the user can dismiss the warning and continue to the site anyway. In security-sensitive environments, that flexibility might be unacceptable, which is why Microsoft exposes a separate policy to prevent users from bypassing those prompts entirely.

Typical reasons to manage this feature include:

• Reducing the risk of users landing on malicious sites
• Reinforcing security awareness by making warnings more visible
• Aligning browser behavior with enterprise baselines
• Deciding whether end users should ever be allowed to click through a typo warning

Prerequisites

Before you try changing settings across a fleet of Windows 11 devices, make sure you have the right prerequisites in place. You will need a Windows 11 system with Microsoft Edge installed and up to date, since older builds may not include all Website Typo Protection policies. You should also be working from an account with local administrator rights, because both Group Policy and registry changes require elevated privileges.

For domain or centrally managed environments, you should download and import the latest Microsoft Edge ADMX and ADML templates so the relevant policy names and descriptions appear correctly in the Group Policy Editor. If you intend to script this via PowerShell or deploy it using an RMM or MDM platform, verify that those tools have permission to write under HKLM\SOFTWARE\Policies\Microsoft\Edge.

Use Edge settings

For individual devices or quick checks, the built-in Edge Settings UI is the most straightforward way to toggle Website Typo Protection.

To use this method:

1. Open Microsoft Edge.
2. Select the menu (three dots) and choose Settings.
3. In the left pane, select Privacy, search, and services.
4. Scroll down to the Security section.
5. Locate Website typo protection.
6. Turn it On to warn users when Edge detects a suspiciously mistyped URL that may be a typosquatting site.
7. Turn it Off to disable those warnings and allow navigation to proceed without prompts.

Changes usually apply immediately, but if you do not see the expected behavior, close all Edge windows and restart the browser. This setting governs whether the protection is available and, when not locked down by policy, it also effectively determines if users can choose to heed or ignore warnings on a per-visit basis.

For managed environments, treat this method as best-effort: if Group Policy or HKLM registry policies are configured, the toggle may be greyed out or overridden.

Configure override behavior with Group policy

Group Policy gives you the fine-grained control you need to decide whether users can bypass Website Typo Protection prompts. It also scales well for fleets of Windows 11 machines joined to Active Directory or managed via on-premises GPOs.

Once the latest Edge administrative templates are installed, you can configure two key policies:

• Configure Edge Website Typo Protection (TyposquattingCheckerEnabled) – turns the feature on or off.
• Prevent bypassing Edge Website Typo Protection prompts for sites (PreventTyposquattingPromptOverride) – controls whether users can override warnings.

On a target machine:

1. Press Win + R, type gpedit.msc, and press Enter to open the Local Group Policy Editor.
2. Navigate to Computer Configuration > Administrative Templates > Microsoft Edge > Edge Website Typo Protection settings.
3. Double-click Configure Edge Website Typo Protection.
   • Set to Enabled to turn Website Typo Protection on for all users.
   • Set to Disabled to completely turn it off.
   • Leave Not configured to use the default behavior (on, but user-controllable).
4. Double-click Prevent bypassing Edge Website Typo Protection prompts for sites.
   • Set to Enabled to block overrides so users cannot continue past a warning.
   • Set to Disabled or Not configured to allow users to ignore warnings if they choose.
5. Run gpupdate /force from an elevated Command Prompt to speed up policy application.
6. In Edge, browse to edge://policy and verify that the policies show with the expected values.

Once these policies are in place under Computer Configuration, they apply system-wide and take precedence over per-user settings in the Edge UI. In practice, many organizations enable Website Typo Protection and also enable the PreventTyposquattingPromptOverride policy on high-risk or regulated systems so users can never click through to a flagged site.

Control Typo Protection via Registry Editor

If you prefer working directly with the registry or need a method that mirrors what management tools will enforce, you can configure the same policies under the Edge policy registry path. This approach is also useful for editions of Windows where Group Policy isn’t available locally, though most enterprise scenarios will still use GPO or MDM to push the keys.

To configure Website Typo Protection using Registry Editor:

1. Press Win + R, type regedit, and press Enter.
2. Navigate to:
   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
   • Create the Edge key if it does not already exist.
3. Create or modify the DWORD (32-bit) value TyposquattingCheckerEnabled.
   • Set to 1 to enable Website Typo Protection.
   • Set to 0 to disable it.
4. (Optional) Create or modify DWORD PreventTyposquattingPromptOverride.
   • Set to 1 to prevent users from bypassing prompts.
   • Delete or set to 0 to allow overrides.
5. Close Registry Editor and restart Edge to ensure the browser reads the updated policies.

Because these values live under HKLM, they behave as machine-level policies and override what a user might attempt to configure inside Edge’s own settings. When used together, TyposquattingCheckerEnabled=1 and PreventTyposquattingPromptOverride=1 deliver strict, enforced protection against typo-based domain attacks.

Automate with PowerShell

For scripting, RMM, or mass deployment scenarios, PowerShell is often the most efficient way to manage Website Typo Protection settings across many endpoints. It also mirrors what you would do manually in the registry, which keeps the behavior predictable and easy to audit.

Open PowerShell as an administrator on a Windows 11 machine and use commands like:

• Enable Website Typo Protection:

Set-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Edge” `

-Name “TyposquattingCheckerEnabled” -Type DWord -Value 1

• Disable Website Typo Protection:

Set-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Edge” `

-Name “TyposquattingCheckerEnabled” -Type DWord -Value 0

• Block bypassing protection prompts:

Set-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Edge” `

-Name “PreventTyposquattingPromptOverride” -Type DWord -Value 1

• Restart Edge to apply policies:

Stop-Process -Name msedge -Force -ErrorAction SilentlyContinue

These commands can be wrapped in scripts, scheduled tasks, or your RMM platform’s policy engine to keep enforcement consistent. Because they write to HKLM, they should be executed with care and preferably after you have tested them on a pilot set of devices.

Validate Typo Protection behavior

Once you have configured Website Typo Protection and any override policy, you should verify that the behavior matches your intent. Testing is especially important when mixing Edge Settings, Group Policy, registry entries, and profile-level configurations.

Start with a simple functional test:

• Open Edge and intentionally mistype a popular domain, such as “amzon.com” or another common variant.
• Confirm that Edge displays a warning banner or interstitial page indicating the address may be a typo and could lead to a malicious site.
• If override is allowed, check that the prompt gives the user a visible option to continue anyway.
• If you have enforced PreventTyposquattingPromptOverride, confirm that there is no “Continue” option and that users can only go back or close the tab.

For enterprise environments, always review edge://policy on a sample machine to see the effective values for TyposquattingCheckerEnabled and PreventTyposquattingPromptOverride. If a setting is coming from both GPO and registry or from multiple sources, this page helps you spot conflicts quickly.

It is also worth repeating your tests after disabling the feature to ensure that warnings truly no longer appear and that nothing else — such as a security extension or network filter — is injecting similar warnings that might confuse users.

Additional considerations for security teams

Website Typo Protection is one layer in a broader defense-in-depth strategy rather than a replacement for existing controls. It complements SmartScreen, which continues to analyze site reputation and downloaded content, by adding a dedicated focus on patterns that resemble known domains. Many organizations combine these browser features with DNS filtering, web proxies, or next-generation firewalls to cover different angles of the same phishing problem.

Because Website Typo Protection relies on Microsoft-curated domain lists and pattern updates, its coverage will evolve over time as new campaigns and brand abuses are discovered. Some locales may also display slightly different warning text or localization depending on regional builds and language packs, so your user education materials should reference what people actually see in their region.

Keep in mind that when policies are applied under HKLM or via Computer Configuration GPO, end users cannot change or override them, even within their own profiles. If you run multiple Edge profiles on the same machine, you must either configure each via policy or rely on HKLM-level enforcement to ensure consistent protection.

Troubleshooting common issues

If Website Typo Protection or the override setting does not behave as expected, there are a few common culprits worth checking.

• Warnings still appear after disabling the feature:

• • Confirm that TyposquattingCheckerEnabled is set to 0 under the Edge policy key and that no GPO is forcing it to 1.
  • Restart Edge or the system to flush any cached policy state.

• No warnings appear even when the feature is enabled:

• • Verify that Edge is up to date; very old channel builds may not support the same behavior.
  • Check for conflicting browser security extensions or enterprise proxies that may be rewriting URLs and bypassing the checker.

• edge://policy reports conflicts:

• • Look for duplicate settings coming from different GPOs or from both the “Mandatory” and “Recommended” registry paths.
  • Remove deprecated keys or rationalize overlapping GPOs so only one policy source defines each setting.

• Override prompt never appears:

• • If users never see a “Continue” option, confirm that PreventTyposquattingPromptOverride is not set to 1 at the machine level.

• Behavior differs across profiles:

• • Check whether some profiles are syncing settings or are governed by different policy scopes (for example, work vs personal profiles).
  • Enforce configuration via HKLM or a device-targeted GPO if you need truly uniform behavior.

Logging and monitoring tools can also help validate that blocked navigation attempts correlate with policy changes, giving security teams confidence that the feature is working as intended.

NinjaOne integration and automation

In managed environments, you rarely want to rely on manual configuration of every endpoint. NinjaOne and similar RMM platforms let administrators standardize Website Typo Protection settings using registry enforcement and PowerShell scripting. You can bundle the registry edits or PowerShell commands described earlier into deployment policies, apply them during onboarding, and periodically reapply them for drift correction.

Because NinjaOne already focuses on device compliance, it is straightforward to add browser hardening checks, such as confirming that TyposquattingCheckerEnabled=1 and PreventTyposquattingPromptOverride=1 on systems designated as “high security.” When a machine falls out of compliance — for example, a registry value is removed or changed — a remediation script can restore the expected configuration automatically.

This kind of automation ensures your Edge security posture stays consistent even as machines are reimaged, repurposed, or used by different users over time.

Conclusion

At a high level, managing Website Typo Protection override in Microsoft Edge comes down to three decisions: whether the feature is enabled at all, whether users can bypass warnings, and how centrally you want to enforce those choices. Edge’s Settings page is fine for ad hoc tweaks, but Group Policy, registry keys, and PowerShell automation give you repeatable, enforceable control across Windows 11 devices.

In summary

By taking the time to configure and enforce Website Typo Protection — and deciding deliberately whether overrides are allowed — you reduce the odds that a simple typo will become the entry point for a serious security incident.