Windows 10 News and info | Forum
January 23, 2021, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Microsoft to Support HTTP Strict Transport Security In Internet Exploer  (Read 1078 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 32173


I Do Windows


WWW Email
« on: February 17, 2015, 12:38:06 AM »
ReplyReply

Microsoft today announced the support for HTTP Strict Transport Security (HSTS) in Internet Explorer. This is already part of Internet Explorer in the Windows 10 Technical Preview, and it will also come to Project Spartan in a later update.

Quote
HSTS specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by web sites via the Strict-Transport-Security HTTP response header field and/or by other means, such as user agent configuration, for example.

This feature protects against variants of man-in-the-middle attacks that can strip TLS out of communications with a server, leaving the user vulnerable.

HSTS provides two methods for sites to secure their connections:

■ Registering for a preload list: websites can register to be hardcoded by IE and other browsers to redirect HTTP traffic to http. Communications with these websites from the initial connection are automatically upgraded to be secure. Like other browsers which have implemented this feature, Internet Explorerís preload list is based on the Chromium HSTS preload list.

■ Serving a HSTS header: Sites not on the preload list can enable HSTS via the Strict-Transport-Security HTTP header. After an initial http connection from the client containing the HSTS header, any subsequent HTTP connections are redirected by the browser to be secured via http.

Read more about it here.

via:microsoft-news
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page May 30, 2020, 05:39:25 PM