Microsoft brings http strict transport security to IE 11
Microsoft has brought support for http strict transport security to Internet Explorer 11 on Windows 7 and Windows 8.1. The security functionality was already enabled by default with IE 11 and Edge in the Windows 10 trial.
HTTP strict transport protection has come to IE 11 on Windows 7 and 8.1 as part of cumulative security updates that were rolled out on Patch Tuesday, Microsoft reports. Hsts was already present in Internet Explorer 11 in the Windows 10 preview and the new Edge browser also includes the feature.
Http Strict Transport Security is an IETF protocol that protects sites against certain man-in-the-middle or downgrade attacks, which cause the tls protection to be removed and communications between server and user to be intercepted. Thanks to hsts, sites indicate via an http header that they can only be visited via https. Unprotected connections are redirected to https.
Also, the functionality guarantees that https sites use a valid certificate. Browsers know which sites are based on hsts thanks to a list they maintain. Chrome, Safari, and Firefox already support this preloaded list.