Internet Explorer 11 gains HTTP Strict Transport Security in Windows 7 and 8.1
As the launch of Windows 10 draws ever-nearer, we're hearing more about Microsoft Edge and less about Internet Explorer. Edge (formerly known as Project Spartan) may be the default browser in the upcoming version of Windows, but the browsing stalwart that is IE will live on nonetheless.
Anyone using the Windows 10 preview has had a chance to use the HTTP Strict Transport Security (HSTS) in Microsoft Edge, and today the security feature comes to Internet Explorer 11 in Windows 7 and Windows 8.1. This security protocol protects against man-in-the-middle attacks and is being delivered to users of older versions of Windows through an update in the form of KB 3058515.
With Edge, Microsoft is going to great lengths to bolster security. The inclusion of HSTS is indicative of this, but the company is also keen for Internet Explorer users to feel that they have not been forgotten. Windows 10 may be a free upgrade, but it is fair to say that there will still be a huge number of people who decide to stick with Windows 7 or Windows 8.1. Microsoft feels that this is not a reason to compromise on online security.
Introducing the feature in a blog post, Microsoft explains how it can be used by sites:
Site developers can use HSTS policies to secure connections by opting in to an HSTS preload list, which registers websites to be hardcoded by Microsoft Edge, Internet Explorer, and other browsers to redirect HTTP traffic to HTTPS. Communications with these websites from the initial connection are automatically upgraded to be secure. Like other browsers which have implemented this feature, Microsoft Edge and Internet Explorer 11 base their preload list on the Chromium HSTS preload list.
Microsoft points out that mixed content is not supported by servers offering HSTS. This remains the case with today's update and in both Microsoft Edge for Windows 10, and Internet Explorer 11 for Windows 7 and 8.1 an information bar will appear whenever mixed content is encountered by way of a warning.