Microsoft Brings HTTP Strict Transport Security To IE11 On Windows 8.1 And Windows 7

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Internet Explorer 11

While Microsoft is going to focus on Microsoft Edge development going forward, they still support Internet Explorer. Today, they are releasing updates (KB 3058515) to bring protections offered by HSTS to Internet Explorer 11 on Windows 8.1 and Windows 7. HSTS is also available in both Internet Explorer 11 and Microsoft Edge on Windows 10. The HTTP Strict Transport Security (HSTS) policy protects against variants of man-in-the-middle attacks that can strip TLS out of communications with a server, leaving the user vulnerable.

Site developers can use HSTS policies to secure connections by opting in to an HSTS preload list, which registers websites to be hardcoded by Microsoft Edge, Internet Explorer, and other browsers to redirect HTTP traffic to HTTPS. Communications with these websites from the initial connection are automatically upgraded to be secure. Like other browsers which have implemented this feature, Microsoft Edge and Internet Explorer 11 base their preload list on the Chromium HSTS preload list.

Alternatively, sites not on the preload list can enable HSTS via the Strict-Transport-Security HTTP header. After an initial HTTPS connection from the client containing the HSTS header, any subsequent HTTP connections are redirected by the browser to be secured via HTTPS.

This month’s Internet Explorer updates also include 24 security fixes, which you can see detailed on TechNet for more details.

User forum

0 messages