HSTS Support in Microsoft Edge and Internet Explorer

HSTS Support in Microsoft Edge and Internet Explorer

Q: Do Microsoft browsers (Internet Explorer and the new Microsoft Edge) support the HTTP Strict Transport Security (HSTS) extension for HTTP?  HSTS protects SSL/TSL-secured websites against downgrade attacks and ensures that browsers can only interact with a site using a secure HTTPS connection.

A: Yes Microsoft supports HSTS in their brand new Edge browser and in their latest Internet Explorer (IE) – version 11. Both browsers and HSTS support are included in Windows 10. Internet Explorer 11 on Windows 8.1 and Windows 7 can also support HSTS if the patch described in the Microsoft Knowledge Base article 3058515 is installed. See https://support.microsoft.com/nl-be/kb/3058515 for more information on this patch.

The HSTS support basically means that browsers will turn insecure (HTTP) links into secure (HTTPs) links as instructed by an HSTS-compliant web server before accessing the web server content. Also, HSTS-compliant browsers will show an error message if a secure connection to the web server cannot be guaranteed.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish