Microsoft adds HTTP Strict Transport Security support to Internet Explorer

Starting with Windows 10, Internet Explorer will allow users to access some websites only over SSL-encrypted connections, if those websites have opted into a new security mechanism.

Users can test the new feature, known as HTTP Strict Transport Security (HSTS) in Internet Explorer on Windows 10 Technical Preview. In the future, it will also be added to the Project Spartan browser, said Microsoft program managers Mike Bell and David Walp in a blog post.

HSTS is a standard defined by the Internet Engineering Task Force in RFC6797. It was designed to prevent SSL stripping attacks, where hackers in a position to intercept a user’s traffic can downgrade connections from HTTPS (HTTP and SSL encryption) to plain HTTP.

To read this article in full or to leave a comment, please click here