diff --git a/lib/prepare.js b/lib/prepare.js
index f1333e30d..ab9746b53 100644
--- a/lib/prepare.js
+++ b/lib/prepare.js
@@ -997,12 +997,8 @@ function processAccessAndAllowNavigationEntries (config) {
     null is returned if the URL cannot be parsed, or is to be skipped for ATS.
 */
 function parseAllowlistUrlForATS (url, options) {
-    // @todo 'url.parse' was deprecated since v11.0.0. Use 'url.URL' constructor instead.
-    const href = URL.parse(url); // eslint-disable-line
-    const retObj = {};
-    retObj.Hostname = href.hostname;
-
     // Guiding principle: we only set values in retObj if they are NOT the default
+    const retObj = {};
 
     if (url === '*') {
         retObj.Hostname = '*';
@@ -1026,27 +1022,33 @@ function parseAllowlistUrlForATS (url, options) {
         return retObj;
     }
 
-    if (!retObj.Hostname) {
-        // check origin, if it allows subdomains (wildcard in hostname), we set NSIncludesSubdomains to YES. Default is NO
-        const subdomain1 = '/*.'; // wildcard in hostname
-        const subdomain2 = '*://*.'; // wildcard in hostname and protocol
-        const subdomain3 = '*://'; // wildcard in protocol only
-        if (!href.pathname) {
-            return null;
-        } else if (href.pathname.indexOf(subdomain1) === 0) {
-            retObj.NSIncludesSubdomains = true;
-            retObj.Hostname = href.pathname.substring(subdomain1.length);
-        } else if (href.pathname.indexOf(subdomain2) === 0) {
-            retObj.NSIncludesSubdomains = true;
-            retObj.Hostname = href.pathname.substring(subdomain2.length);
-        } else if (href.pathname.indexOf(subdomain3) === 0) {
-            retObj.Hostname = href.pathname.substring(subdomain3.length);
+    let href = null;
+    try {
+        href = new URL.URL(url);
+    } catch (e) {
+        const scheme = url.split(':')[0];
+        // If there's a wildcard in the protocol, the URL will fail to parse
+        // Replace it with "http" to allow insecure loads
+        if (scheme.includes('*')) {
+            href = new URL.URL(url.replace(scheme, 'http'));
         } else {
-            // Handling "scheme:*" case to avoid creating of a blank key in NSExceptionDomains.
             return null;
         }
     }
 
+    retObj.Hostname = href.hostname;
+
+    // Handling "scheme:*" case to avoid creating of a blank key in NSExceptionDomains.
+    if (retObj.Hostname === '') {
+        return null;
+    }
+
+    // check origin, if it allows subdomains (wildcard in hostname), we set NSIncludesSubdomains to YES. Default is NO
+    if (retObj.Hostname.startsWith('*.')) {
+        retObj.NSIncludesSubdomains = true;
+        retObj.Hostname = href.hostname.substring(2);
+    }
+
     if (options.minimum_tls_version && options.minimum_tls_version !== 'TLSv1.2') { // default is TLSv1.2
         retObj.NSExceptionMinimumTLSVersion = options.minimum_tls_version;
     }
@@ -1064,8 +1066,6 @@ function parseAllowlistUrlForATS (url, options) {
     // if the scheme is HTTP, we set NSExceptionAllowsInsecureHTTPLoads to YES. Default is NO
     if (href.protocol === 'http:') {
         retObj.NSExceptionAllowsInsecureHTTPLoads = true;
-    } else if (!href.protocol && href.pathname.indexOf('*:/') === 0) { // wilcard in protocol
-        retObj.NSExceptionAllowsInsecureHTTPLoads = true;
     }
 
     return retObj;