Optimizing Sprites

Today, I’m writing about a topic I personally know little about, but I’ve heard experts mention it in passing for years. I couldn’t find any good references, hence the post below. The first rule for building high performance web sites is to make fewer requests, and using CSS sprites is one key and commonly-deployed means…

4

Strict Transport Security

Ivan Ristic’s meticulously researched Bulletproof SSL & TLS book spurred me to spend some time thinking about the HTTP Strict Transport Security (HSTS) feature under development by the Internet Explorer team and already available in other major browsers. HSTS enables a website to opt-in to stricter client handling of HTTPS behavior. Specifically: All HTTP connections to…

2

URL Length Limits

Today’s question is a simple one: “What is the maximum URL length supported by Internet Explorer?” And the answer, as befitting an IEInternals post, is surprisingly complicated.  The simplistic answer is that WinINET.h defines INTERNET_MAX_URL_LENGTH as 2083 characters, and this limit remains in force in a number of places. However, the true limit can be…

1

Bolstering Protected Mode

Internet Explorer 7 introduced Protected Mode, a defense-in-depth security feature which relied upon the Windows Vista Integrity Levels (IL) system to mitigate drive-by attacks against the browser. Internet Explorer 10 introduced a stronger version of that feature, called Enhanced Protected Mode (EPM), which goes beyond the legacy IL system and provides isolation using the Windows…

0