!By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.

Author Topic: Microsoft to Support HTTP Strict Transport Security In Internet Exploer  (Read 1103 times)

Online javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 33064
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
    • Email
Microsoft today announced the support for HTTP Strict Transport Security (HSTS) in Internet Explorer. This is already part of Internet Explorer in the Windows 10 Technical Preview, and it will also come to Project Spartan in a later update.

HSTS specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by web sites via the Strict-Transport-Security HTTP response header field and/or by other means, such as user agent configuration, for example.
This feature protects against variants of man-in-the-middle attacks that can strip TLS out of communications with a server, leaving the user vulnerable.

HSTS provides two methods for sites to secure their connections:

■ Registering for a preload list: websites can register to be hardcoded by IE and other browsers to redirect HTTP traffic to http. Communications with these websites from the initial connection are automatically upgraded to be secure. Like other browsers which have implemented this feature, Internet Explorerís preload list is based on the Chromium HSTS preload list.

■ Serving a HSTS header: Sites not on the preload list can enable HSTS via the Strict-Transport-Security HTTP header. After an initial http connection from the client containing the HSTS header, any subsequent HTTP connections are redirected by the browser to be secured via http.

Read more about it here.