Microsoft Patch Tuesday adds support for HTTPS Strict Transport Security

News by Danielle Correa

Microsoft has revised the web browsers Internet Explorer and its new Edge that will make it simpler for sites to encourage visitors to use secure HTTPS encryption.

It has added support for HTTP Strict Transport Security (HSTS) to its browsers as part of this month's Patch Tuesday batch of security updates that will include the release of eight bulletins covering a total of 45 vulnerabilities. 

Other web browsers such as Chrome, Firefox, Opera and Safari all support HSTS, but Redmond is only now getting around to administering it. 

Websites can use HSTS to deflect visitors who access their pages via HTTP and bump them over to HTTPS—this can be done in two ways.  The first is to have their sites explicitly send the Strict-Transport-Security header to trigger HSTS.  The second is to opt in to an HSTS preload list.  Microsoft bases its preload list on the list gathered by Google's Chromium Project, according to a blog post by Microsoft Edge programme manager Kyle Pflug. 

This move by Microsoft is the latest in an industry-wide push to make secure browsing the default. 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews