Hi,
I just tested the HSTS feature in various browsers. HSTS is a nice feature that forces browser to use HTTPS for all requests on given domain and prohibits overriding the "wrong certificate" warning.
It works fine in current Chrome, Firefox, IE11 or Opera, butit looks like it does not work in latest Edge 13, Windows 10 v10586.29, both on Desktop and Mobile.
I've tested it here: https://hsts.badssl.com/
The web has HSTS header and all resources should be then loaded using HTTPS, but no matter what I do Edge loads the image on path
http://hsts.badssl.com/hsts-test/status.svg
instead of the proper image on
https://hsts.badssl.com/hsts-test/status.svg
Am I doing something wrong or HSTS is really broken here? I’ve tested Edge 13 on multiple devices with the same result.