Microsoft Edge Developer

Hi, are you a web developer or designer?

“No, I just want to share feedback on Microsoft Edge.”

Please use the Feedback Hub (requires Windows 10) to submit your feedback in the Microsoft Edge category. This site is for web developer and designer feedback only. Other feedback will be closed without action.

“Yes, I’m a web developer or designer with feedback for the Microsoft Edge platform.”

Great! This site is where the Microsoft Edge team collects feature requests from the web developer and designer community in the categories listed to the right. For bugs on existing features, please log an issue on the Issue Tracker.

Your feedback will help us with planning and to better understand how web developers and designers are using the platform. Top standards-based feature requests will also be copied over to status.microsoftedge.com, where you can track its development status.

For the most actionable feedback, please search and up vote for existing suggestions before submitting a new suggestion, and create a separate suggestion per idea. Note that off topic or inappropriate suggestions may be moderated. The Microsoft Edge team will use suggestions as an important input, but there are several additional factors that inform the final roadmap.

A note from our lawyers: Please do not send any novel or patentable ideas, copyrighted materials, samples or demos which you do not want to grant a license to Microsoft. See the Terms of Service for more information.

How can we improve the Microsoft Edge developer experience?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Content Security Policy Level 2

    CSP Level 2 bring with it the ability the whitelist inline script tags using the `script-src: nonce-<nonce>` directive.

    This allows applications that rely on a small set of inline scripts to still reap the xss-fighting benefits of disallowing all other inline scripts and inline event handlers.

    624 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
    • 398 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
      • Support ChaCha20/Poly1305 cipher suites in Edge/Schannel

        ChaCha20/Poly1305 cipher suites are considered as the best stream cipher replacement for the obsolete RC4 stream cipher suites. It's also the only AEAD alternative to AES-GCM cipher suites right now.

        It's already supported by Google Chrome, Android and Opera and just recently patch with ChaCha20/Poly1305 landed in OpenSSL library.
        https://github.com/openssl/openssl/commit/bd989745b7a4796dceff89d93b6b7ac1561c6227

        I think it would be helpful to support it in Schannel and Edge as well.

        129 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
        • Allow server detection of Integrated Windows Authentication (IWA) support

          Allow detection (from server side) of web clients which are being managed by domain and for which we know the IWA authentication (SPNEGO, NTLM, Kerberos) is available.

          The goal is to send IWA authentication request only to supported web clients, but NOT for web clients in which it is not handled (non domain edge, mobile and such) as sending a status code 401 + WWW-Authenticate HTTP header for those client leads to a very bad user experience with a login popup. Users with a web client without IWA support are proposed other classic authentication methods.

          In previous IE version, such…

          62 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
          • Support TLS_FALLBACK_SCSV for preventing protocol downgrade attacks

            As described in this article:
            http://www.exploresecurity.com/poodle-and-the-tls_fallback_scsv-remedy/
            TLS_FALLBACK_SCSV is an effective remedy for protocol downgrade attacks on TLS. Without it possible MITM can force the server to use weaker protocol version instead of the best supported protocol signaled by the client.

            Chrome and Firefox support it on client-side, except Edge and IE, and lot of top web sites support it on server-side as well.

            59 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
            • UWP WebView should support HSTS and Mixed Cotnent Blocking

              Just like HSTS and Mixed Content blocking works in Edge, there should be option to enable it in Windows 10 UWP WebView as well.
              This is an important security feature that should not be omitted in WebView.

              48 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
              • Don't open the same websites when I used Task Manager to end Microsoft Edge Process

                In previous version of Internet Explorer, if I enter any websites that bombarding me with popups or trying to trick users to click on confirm buttons before allowing to leave the site. I would just simply end the process in task manager and reopen explorer. However, this does not seem to work with Edge, once I end the process in task manager and start Edge again, it remembers the sites that I was on, and the popup continues! Please fix this by either prompt me the options if I want to restore the sites I was viewing or just open…

                34 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                • Support the OCSP Must Staple TLS Extension

                  As described in this post by Mozilla:
                  https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/
                  or here:
                  https://www.grc.com/revocation/ocsp-must-staple.htm

                  OCSP Must-Staple makes use of the recently specified TLS Feature Extension. When a CA adds this extension to a certificate, it requires the browser to ensure a stapled OCSP response is present in the TLS handshake. If an OCSP response is not present, the connection will fail and the browser will display a non-overridable error page.

                  24 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                  • 23 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                    • support XML transformation with XSLT from file:// url

                      With IE6/7/8/9/10/11 it is possible to transform XML with XSLT by double-clicking on the XML file, i.e. from file:// url.

                      If you try the same with Microsoft Edge (RMB click, open with Microsoft Edge), it wont' work. But if the same XML/XSLT files are served from some http:// url, it will work in Edge too.

                      This demonstrates that the XSLT rendering is working fine.

                      It would seem that Edge enforces the same-origin limitation as Google Chrome/Chromium, see Chromium issue https://bugs.chromium.org/p/chromium/issues/detail?id=47416 "Allow a directory tree to be treated as a single origin (loosen file: URL restrictions)". But this is only a…

                      22 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                      • How to add specific site under trusted sites

                        In IE, we have trusted sites option where we can add specific site under trusted sites. on Edge browser, This feature is missing. How can we add specific site under trusted sites?

                        22 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                        • Support TLS 1.3 with 1-RTT

                          TLS 1.3, the next version of security protocol for private and authenticated communication, is in the final phase of specification.
                          Cloudflare already supports it, Chrome 56 plans to support it January 2017 and Firefox in March 2017.
                          Edge should not stay behind and support TLS 1.3 with 1-RTT as well, ideally in the upcoming Creator's Update already.

                          21 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add "__Secure-" and "__Host-" cookie prefix support

                            This allows a website to ensure that cookies are set with the "secure" attribute (only used over HTTPS), and optionally only be allowed for the current host (set without a Domain attribute, and the path is set to "/").

                            This has been implemented in Chrome 49:
                            https://googlechrome.github.io/samples/cookie-prefixes/

                            Explanation:
                            https://chloe.re/2016/04/27/cookieprefixes/

                            Spec:
                            https://tools.ietf.org/html/draft-west-cookie-prefixes-05

                            15 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                            • 9 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                              • Chipcard support

                                Almost all german banks support the authentication via chipcards. To do this, access to the PC/SC Interface would be needed to sign the orders. All these banks accept orders via TCP/IP with port 3000. We use a plugin to do this, but we can't do it on edge.

                                7 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                • Support "SameSite" cookie option

                                  The "SameSite" cookie prevents CSRF attacks by telling the browser not to send the cookie in requests that originate from sites other than the one that created it.

                                  Read the spec draft here:

                                  https://tools.ietf.org/html/draft-west-first-party-cookies-07

                                  Chrome already supports it as declared here:

                                  https://www.chromestatus.com/feature/4672634709082112

                                  7 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                  • 5 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                    • block all hackers

                                      so no one can get your information

                                      4 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Limit mobile Edge browser to a whitelist of URLs

                                        It will limit Edge browser to a whitelist of URLs.
                                        It could be done by using the 'Windows Imaging and Configuration Designer' (WICD) provisioning package policies.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                        • 3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base