Clik here to view.
IE and the Accept Header
RFC 2616 describes the Accept request header as follows:The Accept request-header field can be used to specify certain media types which are acceptable for the response. Accept headers can be used to...
View ArticleClik here to view.
Friendly HTTP Error Pages
Internet Explorer 5 and later will show a “Friendly” HTTP Error page if the server returns certain HTTP Error status codes with a short message body. The intent is to replace a terse server message...
View ArticleClik here to view.
Content-Length in the Real World
Earlier in IE9, we tried to change the WinINET networking component to reject as incomplete any HTTP responses for which the Content-Length header specified more bytes than the server actually sent...
View ArticleClik here to view.
HTTPS and Keep-Alive Connections
As we explore network performance on the “real-world web”, one bad pattern in particular keeps recurring, and it’s not something that our many IE9 Networking Performance Improvements alone will...
View ArticleClik here to view.
IE9 Standards Mode Accepts only text/css for stylesheets
I recently encountered a blog that isn’t looking right in IE9:The site renders just fine in other browsers, and when the page is put into Compatibility View by ticking the icon in the address...
View ArticleClik here to view.
Warnings on Incomplete Downloads
Recently, a user sent in the following screenshot of a security warning they encountered when attempting to download the Microsoft Zune software:Obviously, we immediately attempted to reproduce the...
View ArticleClik here to view.
Proxy-Authentication breaks many applications
When I first joined Office, I worked on the team responsible for delivering Help, Templates, and ClipArt into the client applications. As we were testing our work in various simulated customer...
View ArticleClik here to view.
URL Length Limits
Today’s question is a simple one: “What is the maximum URL length supported by Internet Explorer?” And the answer, as befitting an IEInternals post, is surprisingly complicated. The simplistic answer...
View ArticleClik here to view.
Strict Transport Security
Ivan Ristic’s meticulously researched Bulletproof SSL & TLS book spurred me to spend some time thinking about the HTTP Strict Transport Security (HSTS) feature under development by the Internet...
View ArticleClik here to view.
Optimizing Sprites
Today, I’m writing about a topic I personally know little about, but I’ve heard experts mention it in passing for years. I couldn’t find any good references, hence the post below. The first rule for...
View ArticleClik here to view.
Caveats for Authenticode Code Signing
Back in 2011, I wrote a long post about Authenticode, Microsoft’s Code Signing technology. In that post, I noted: Digitally signing your code helps to ensure that it cannot be tampered with, either on...
View ArticleNew Microsoft Message Analyzer Released
If you want to monitor extremely low-level network traffic (e.g. TCP/IP packet flags, HTTPS alert records, etc), then Fiddler typically cannot help you; you will need to use a packet capture tool like...
View ArticleClik here to view.
Compressing the Web
Be succinct. Virtually any network-based application can be made faster by optimizing the number of bytes transferred across the network. Taking advantage of caching is a great way to minimize transfer...
View ArticleClik here to view.
Script Polyglots
Lately, there’s been a resurgence of interest in hiding script inside files of other types; sometimes this is known as a polyglot file. On Twitter, there’s been some excitement about a new tool that...
View ArticleHTTPS In 2015
Last week at the CodeMash conference, I delivered a session titled HTTPS in 2015: Securing your websites and services using HTTPS has never been more important, or more complicated. In this talk, a...
View ArticleIn Case You Missed It
A random collection of noteworthy links: Spartan PM Jacob Rossi wrote about the new Project Spartan rendering engine. Spartan Developer Justin Rogers has a great new blog on development in general,...
View ArticleClik here to view.
Authenticode in 2015
Back in 2011, I wrote a post explaining why and how software developers should use Authenticode to digitally sign their applications. While the vast majority of the original post remains relevant, in...
View Article