Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
A version of this page is also available for
4/8/2010

The following table shows the default security zone settings for content located on a company's intranet. For descriptions of the URL Action Flags, see the URL Action Flagsreference topic. For descriptions for the URL Policy Flags, see the URL Policy Flagsreference topic.

URL action URL policy

URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY

URLPOLICY_DISALLOW

URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY

URLPOLICY_DISALLOW

URLACTION_ACTIVEX_RUN

URLPOLICY_ALLOW

URLACTION_COOKIES

URLPOLICY_ALLOW

URLACTION_COOKIES_SESSION

URLPOLICY_ALLOW

URLACTION_COOKIES_SESSION_THIRD_PARTY

URLPOLICY_ALLOW

URLACTION_COOKIES_THIRD_PARTY

URLPOLICY_ALLOW

URLACTION_CREDENTIALS_USE

URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT

URLACTION_CROSS_DOMAIN_DATA

URLPOLICY_QUERY

URLACTION_HTML_FONT_DOWNLOAD

URLPOLICY_DISALLOW

URLACTION_HTML_JAVA_RUN

URLPOLICY_ALLOW

URLACTION_HTML_META_REFRESH

URLPOLICY_ALLOW

URLACTION_HTML_MIXED_CONTENT

URLPOLICY_QUERY

URLACTION_HTML_SUBFRAME_NAVIGATE

URLPOLICY_ALLOW

URLACTION_HTML_SUBMIT_FORMS

URLPOLICY_ALLOW

URLACTION_HTML_SUBMIT_FORMS_FROM

URLPOLICY_ALLOW

URLACTION_HTML_USERDATA_SAVE

URLPOLICY_ALLOW

URLACTION_SCRIPT_JAVA_USE

URLPOLICY_ALLOW

URLACTION_SCRIPT_OVERRIDE_SAFETY

URLPOLICY_DISALLOW

URLACTION_SCRIPT_PASTE

URLPOLICY_ALLOW

URLACTION_SCRIPT_RUN

URLPOLICY_ALLOW

URLACTION_SCRIPT_SAFE_ACTIVEX

URLPOLICY_ALLOW

URLACTION_SHELL_FILE_DOWNLOAD

URLPOLICY_ALLOW

URLACTION_SHELL_INSTALL_DTITEMS

URLPOLICY_QUERY

URLACTION_SHELL_MOVE_OR_COPY

URLPOLICY_ALLOW

URLACTION_SHELL_VERB

URLPOLICY_ALLOW

URLACTION_SHELL_WEBVIEW_VERB

URLPOLICY_QUERY