Every policy key SlimBrave Neo manages was audited against brave-core and Chromium source policy definitions. The full verification matrix and re-audit procedure now live in AUDIT.md.
New
- Shields & Content Protection category - pin Brave's own protection defaults as managed policy so they can't be weakened per-site or in settings (Brave 1.83+):
- Enforce Ad Blocking
- Enforce Fingerprinting Protection
- Force HTTPS Upgrades (Strict)
- Cap Referrers (Strict Origin)
- Forget First-Party Storage on Close
- Force Shields On (All Sites) - counterpart to Disable Brave Shields, mutually exclusive in all three UIs
- Disable Email Aliases - new Brave policy (Brave ~1.89+)
AUDIT.md- per-key verification matrix with sources and minimum Brave versions
Fixed
- Removed
EnableDoNotTrackfrom all scripts and presets - it is not a real Chromium policy (absent from the policy index) and was silently ignored on every platform. Global Privacy Control, which Brave actually honors, was already exposed and covers the intent. - macOS no longer writes
BackgroundModeEnabled- the policy only exists on Windows/Linux and surfaced as an unrecognized-policy error inbrave://policyon Macs.
Changed
- Maximum Privacy preset now also enforces the five new Shields & Content Protection policies and disables Email Aliases. Note: strict HTTPS shows an interstitial on HTTP-only sites, and forget-on-close clears site logins when tabs close - both in keeping with this preset's "as private as possible" intent.
- Windows GUI is slightly taller (955 px) to fit the new section.
All new toggles default to off. Existing applied policies are untouched until you re-run the tool and Apply.
After applying, verify at brave://policy - every row should report OK.