Q: Do Microsoft browsers (Internet Explorer and the new Microsoft Edge) support the HTTP Strict Transport Security (HSTS) extension for HTTP? HSTS protects SSL/TSL-secured websites against downgrade attacks and ensures that browsers can only interact with a site using a secure HTTPS connection.
A: Yes Microsoft supports HSTS in their brand new Edge browser and in their latest Internet Explorer (IE) – version 11. Both browsers and HSTS support are included in Windows 10. Internet Explorer 11 on Windows 8.1 and Windows 7 can also support HSTS if the patch described in the Microsoft Knowledge Base article 3058515 is installed. See https://support.microsoft.com/nl-be/kb/3058515 for more information on this patch.
The HSTS support basically means that browsers will turn insecure (HTTP) links into secure (HTTPs) links as instructed by an HSTS-compliant web server before accessing the web server content. Also, HSTS-compliant browsers will show an error message if a secure connection to the web server cannot be guaranteed.
