Call it a factoid, or perhaps administrivia. Whatever you call it, this info come thanks to the eagle-eyed folks at DeskModder.de.  Indeed, it’s now clear that the venerable Microsoft Update Catalog is using the secure version of HTTP (namely, HTTPS) for downloads. The lead-in graphic shows lookup and resolution of yesterday’s CU preview URL for Windows 10 (KB5011543) by way of proof. When I say Microsoft Catalog Goes HTTPS, you can see it at the outset of the URL I pasted into Notepad, plain and simple.

If Microsoft Catalog Goes HTTPS, So What?

It’s 2022. HTTPS made its debut in 1994, in the earliest days of the web. It comes to us courtesy of Netscape from the same folks who brought us Navigator. And as far as I can recall, MS has been using HTTPS on its websites since the mid-2000s.

So why is MS making the catalog switch only now, either 28 or perhaps only 17 years later? The answer appears on a recent (April 1, 2022) Microsoft Docs page. It’s entitled “Site compatibility-impacting changes coming to Microsoft Edge.” Among other things it states that “downloading of files from HTTP urls will be blocked on HTTPs pages.”

I guess it just wouldn’t do, if Edge couldn’t download catalog entries for that reason. Note that the catalog itself has this URL for KB5011543: https://www.catalog.update.microsoft.com/Search.aspx?q=KB5011543. If the catalog download stayed at HTTP only, starting with v94 of Edge, it would no longer deliver the goods. And that kind of defeats its purpose, right?

So there’s your explanation. Enjoy the improved security, while you use any browser of your choosing. Cheers!