“Not Secure” Warning for IE Mode

A customer recently wrote to ask whether there was any way to suppress the red “/!\ Not Secure” warning shown in the omnibox when IE Mode loads a HTTPS site containing non-secure images: Notably, this warning isn’t seen when the page is loaded in modern Edge mode or in Chrome, because all non-secure “optionally-blockable” resourceContinue reading ““Not Secure” Warning for IE Mode”

Q: Why do tabs sometimes show an orange dot?

Sometimes, you’ll notice that a background tab has an orange dot on it in Edge (or a blue dot in Chrome). If you click on the tab, the dot disappears. Why? The dot indicates that the tab wants “attention” — more specifically, that there’s a dialog in the tab asking for your attention. This mightContinue reading “Q: Why do tabs sometimes show an orange dot?”

Capturing Logs for Debugging SmartScreen

The Microsoft Edge browser makes use of a service called Microsoft Defender SmartScreen to help protect users from phishing websites and malicious downloads. The SmartScreen service integrates with a Microsoft threat intelligence service running in the cloud to quickly block discovered threats. As I explained last year, the SmartScreen service also helps reduce spurious securityContinue reading “Capturing Logs for Debugging SmartScreen”

HTTPS Goofs: Forgetting the Bare Domain

As I mentioned, the top failure of HTTPS is failing to use it, and that’s particularly common in in-bound links sent via email, in newsletters, and the like. Unfortunately, there’s another common case, whereby the user simply types your bare domain name (example.com) in the browser’s address bar without specifying https:// first. For decades, manyContinue reading “HTTPS Goofs: Forgetting the Bare Domain”

Badware Techniques: Notification Spam

I tried visiting an old colleague’s long-expired blog today, just to see what would happen. I got redirected here: Wat? What is this even talking about? There’s no “Allow” link or button anywhere. The clue is that tiny bell with a red X in the omnibox– This site tried to ask for permission to spamContinue reading “Badware Techniques: Notification Spam”

Edge’s Super-Res Image Enhancement

One interesting feature that the Edge team is experimenting with this summer is called “SuperRes” or “Enhance Images.” This feature allows Microsoft Edge to use a Microsoft-built AI/ML service to enhance the quality of images shown within the browser. You can learn more about how the images are enhanced (and see some examples) in theContinue reading “Edge’s Super-Res Image Enhancement”

Understanding Browser Channels

Microsoft Edge (and upstream Chrome) is available in four different Channels: Stable, Beta, Dev, and Canary. The vast majority of Edge users run on the Stable Channel, but the three pre-Stable channels can be downloaded easily from microsoftedgeinsider.com. You can keep them around for testing if you like, or join the cool kids and setContinue reading “Understanding Browser Channels”

Certificate Revocation in Microsoft Edge

When you visit a HTTPS site, the server must present a certificate, signed by a trusted third-party (a Certificate Authority, aka CA), vouching for the identity of the bearer. The certificate contains an expiration date, and is considered valid until that date arrives. But what if the CA later realizes that it issued the certificateContinue reading “Certificate Revocation in Microsoft Edge”

New Recipes for 3rd Party Cookies

For privacy reasons, the web platform is moving away from supporting 3rd-party cookies, first with lockdowns, and eventually with removal of support in late 2023 the second half of 2024. Background: What Does “3rd-Party” Mean? A 3rd-party cookie is one that is set or sent from a 3rd-party context on a web page. A 3rd-partyContinue reading “New Recipes for 3rd Party Cookies”

Edge URL Schemes

The microsoft-edge: Application Protocol Microsoft Edge implements an Application Protocol with the scheme microsoft-edge: that is designed to launch Microsoft Edge and pass along a web-schemed URL and/or additional arguments. A basic invocation might be as simple as: microsoft-edge:http://example.com/ However, as is often the case with things I choose to write about, there’s a bitContinue reading “Edge URL Schemes”