From Now on Internet Explorer will support HSTS for secure connections
As a part of an ongoing effort to increase web security Internet Explorer now going to support HSTS ( HTTP Strict Transport Security ). This new feature should be available in Windows 10 Technical Preview, later there should be integration in Spartan.
Substantially HSTS can be defined as a security policy for which a Web server communicates with a browser using only HTTPS. This policy is transmitted via the user agent via the response header Strict-Transport-Security and should ensure a good level of protection against cryptographic type attacks, where a user might notice a strange access messages between two parties.
The HSTS can be particularly useful when a communication is initiated in the unencrypted version of a Web site and then redirected to a secure connection. Because then an attacker may be able to force the redirect so that it will lead to a page specially packaged for the attack. Internet Explorer will use the HSTS preload list of Chromium (about 2000 records in a JSON file) to ensure that the switch from HTTP to HTTPS, if a Web site is not present in this list you can still enable HSTS via the HTTP header Strict-Transport-Security.
If one part HSTS appears advisable choice from the point of view of safety, it nevertheless poses constraints. It is, in fact, a mechanism that does not support the “mixed content”. Reason for which all the contents to be transmitted through a secure connection. Moreover, such a policy does not bypass the notification of an insecure connection because after reporting an error in the certificate the current connection will be aborted.