HTTP Strict Transport Security comes to Internet Explorer 11

    HTTP Strict Transport Security comes to Internet Explorer 11


    Posted: 09 Jun 2015
    In February, we released the first preview of HTTP Strict Transport Security in Internet Explorer 11 in the Windows 10 Insider Preview. The HTTP Strict Transport Security (HSTS) policy protects against variants of man-in-the-middle attacks that can strip TLS out of communications with a server, leaving the user vulnerable.

    With today’s monthly security updates (KB 3058515), we’re bringing the protections offered by HSTS to Internet Explorer 11 on Windows 8.1 and Windows 7. HSTS is also available in both Internet Explorer 11 and Microsoft Edge on Windows 10.

    Site developers can use HSTS policies to secure connections by opting in to an HSTS preload list, which registers websites to be hardcoded by Microsoft Edge, Internet Explorer, and other browsers to redirect HTTP traffic to HTTPS. Communications with these websites from the initial connection are automatically upgraded to be secure. Like other browsers which have implemented this feature, Microsoft Edge and Internet Explorer 11 base their preload list on the Chromium HSTS preload list.

    Alternatively, sites not on the preload list can enable HSTS via the Strict-Transport-Security HTTP header. After an initial HTTPS connection from the client containing the HSTS header, any subsequent HTTP connections are redirected by the browser to be secured via HTTPS.

    When we initially announced HSTS in Windows 10, we noted that mixed content is not supported on servers supporting HSTS. With today’s updates, this is still the case in Microsoft Edge on Windows 10 – mixed content is always blocked on these servers. For Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7, the Information bar will prompt the user to proceed in mixed content scenarios.

    In addition to the HSTS updates, this month’s Internet Explorer updates include 24 security fixes, which you can see detailed on TechNet for more details.

    Kyle Pflug, Program Manager, Microsoft Edge
    Source: HTTP Strict Transport Security comes to Internet Explorer 11 on Windows 8.1 and Windows 7
    Brink's Avatar Posted By: Brink
    09 Jun 2015



 

  Related Discussions
Latest Internet Explorer security update
in Windows Updates & Activation

Hi everyone.... I hope someone can explain this to me. When I clicked on the iconfor "new updates available) there was "security update for Internet Explorer 9 for Windows 7 64 bit KB2964358" When I clicked on the "more information" it states that the know issue is that IE will crash if...
Security Update for Internet Explorer today
in Windows Updates & Activation

I just got an update for Internet Explorer installed it on a Windows 8.1 machine along with 3 other updates had a restart, installed on my Windows 7 machine no reboot required and then on a Vista Machine needed to be restarted, anybody else have any problems ...
Hello When i use certain Secure* Web Sites Internet explorer pops ups always Security Certificate Error.How i can disable it? I update to the latest Certificates but prpoblem still exist. Windows 7 64bit i7 3.06 12 gb ATI radeon 6870
Do you know how to turn this off in Windows 7?
More...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 20:03.
Find Us