Internet Explorer 11 adds support for HTTP Strict Transport Security standard

About this update
The HTTP Strict Transport Security (HSTS) standard helps protect against variants of man-in-the-middle attacks that can strip Transport Layer Security (TLS) out of communications with a server and leave the user vulnerable.

Starting with the June 9, 2015, cumulative security update (KB 3058515), we’re bringing the protections that are offered by HSTS to Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, Windows 7, and Windows Server 2008 R2 SP1. HSTS is also available in both Internet Explorer 11 and Microsoft Edge on Windows 10.

Site developers can use HSTS policies to help secure connections by opting in to an HSTS preload list that registers websites to be hardcoded by Microsoft Edge, Internet Explorer, and other browsers to redirect HTTP traffic to HTTPS. Communications with these websites from the initial connection are automatically upgraded to be more secure, whereas sites that are not on the list and that send HSTS headers will be more secure after the first visit. Like other browsers that implemented this feature, Microsoft Edge and Internet Explorer 11 base their preload list on the Chromium HSTS preload list. Microsoft plans to update the preload list on a quarterly basis and deliver it in the corresponding Internet Explorer cumulative update. Customers who want to have their public websites included on the list should follow the procedures that are defined on the HSTS preload list site.

Sites that are not on the preload list can enable HSTS through the Strict-Transport-Security HTTP header. After an initial HTTPS connection from the client that contains the HSTS header, any later HTTP connections are redirected by the browser to be secured through HTTPS.

Important By default, this feature is turned on, because this is an important security improvement. However, you can turn it off. To do this, follow these steps, depending on the architecture of your system. 

For x86-based systems
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\
  3. On the Edit menu, point to New, and then click Key.
  4. Type FEATURE_DISABLE_HSTS, and then press Enter.
  5. Click FEATURE_DISABLE_HSTS.
  6. On the Edit menu, point to New, and then click DWORD value.
  7. Type iexplore.exe.
  8. On the Edit menu, click Modify
  9. In the Value data box, type 1, and then click OK.

    Note
    The valid values for the iexplore.exe subkey are 0 and 1. A value of 1 disables the feature, and 0 enables the feature.
  10. Exit Registry Editor.

For x64-based systems
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\
  3. On the Edit menu, point to New, and then click Key.
  4. Type FEATURE_DISABLE_HSTS, and then press Enter.
  5. Click FEATURE_DISABLE_HSTS.
  6. On the Edit menu, point to New, and then click DWORD value.
  7. Type iexplore.exe.
  8. On the Edit menu, click Modify
  9. In the Value data box, type 1, and then click OK.

    Note
    The valid values for the iexplore.exe subkey are 0 and 1. A value of 1 disables the feature, and 0 enables the feature.
  10. Locate the following registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\
  11. On the Edit menu, point to New, and then click Key.
  12. Type FEATURE_DISABLE_HSTS, and then press Enter.
  13. Click FEATURE_DISABLE_HSTS.
  14. On the Edit menu, point to New, and then click DWORD value.
  15. Type iexplore.exe.
  16. On the Edit menu, click Modify.
  17. In the Value data box, type 1, and then click OK.

    Note
    The valid values for the iexplore.exe subkey are 0 and 1. A value of 1 disables the feature, and 0 enables the feature.
  18. Exit Registry Editor.
Update information
To enable this update, install the most recent cumulative security update for Internet Explorer. To do this, go to Microsoft Update. Additionally, see the technical information about the most recent cumulative security update for Internet Explorer.

Note This update was first included in the cumulative security update for Internet Explorer: June 9, 2015 (MS15-056).
References
See the terminology that Microsoft uses to describe software updates.

Properties

Article ID: 3071338 - Last Review: 06/25/2015 23:56:00 - Revision: 4.0

Internet Explorer 11

  • kbqfe kbfix kbexpertiseadvanced kbsurveynew KB3071338
Feedback