Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft adds HTTP Strict Transport Security support to Internet Explorer

Lucian Constantin | Feb. 18, 2015
Starting with Windows 10, Internet Explorer will allow users to access some websites only over SSL-encrypted connections, if those websites have opted into a new security mechanism.

Internet Explorer will use the same HSTS preload list used by the Chromium open source browser, Bell and Walp said, adding that websites can register to be included on this list.

The new security mechanism might impact the user experience on sites that opt into it. In certain situations, IE allows users to click through some certificate errors and continue to open a website. If such errors happen for an HSTS website, users will no longer be able to dismiss them and the connection will be refused.

Also, some sites that use HTTPS might load content from third-party servers over plain HTTP. This is known as mixed content and while it's a discouraged practice from a security standpoint, it's accepted by browsers. With HSTS enabled, mixed content will no longer be allowed.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.