Changing our testing requirements for Internet Explorer 8, 9 and 10
Note: This post was originally posted on the GDS Technology blog. It can be viewed here.
Service team developers no longer need to test on Internet Explorer 8, 9 and 10 (old versions of IE) when following our ‘designing for different browsers and devices’ guidance.
As users upgrade the devices they use to access the web, older browsers become less common. Your service must be universally accessible, but there are 3 big downsides to supporting older browsers once they have fallen out of use for most people. Below we explain why we’ve made this decision.
Why we no longer require teams to test older versions of Internet Explorer
Microsoft stopped regularly supporting older versions of Internet Explorer on 12 January 2016. Since then, old IE browsers have received a few critical security updates but they don’t support all the latest security standards. This means these browsers are not secure for users and departments who continue to use them.
The National Cyber Security Centre (NCSC) currently recommends using the Transport Layer Security 1.2 protocol to provide privacy between communicating applications and their users, and also between services. However, TLS 1.2 is either not supported or not enabled by default in old IE browsers (depending on operating system in use). This means that certain services, such as GOV.UK Pay which require a minimum of TLS 1.2 due to PCI compliance (PCI DSS), won’t work. Other services, such as GOV.UK Notify and GOV.UK PaaS, also plan to require TLS 1.2 in the future.
Older versions of Internet Explorer don’t support the latest HTML5 features either. This means they won’t benefit from security features like:
- Punycode identification
- Cross-Origin Resource Sharing (CORS)
- Content Security Policy (CSP)
- HTTP Strict Transport Security (HSTS)
These features are all available in ‘evergreen’ browsers like Microsoft Edge, Google Chrome and Mozilla Firefox. Browsers like these update automatically without user interaction.
Poor user experience
Browser technology has evolved and no matter how much user testing is done, people with old IE browsers will have a poor user experience when accessing government websites. Although the pages will work thanks to the progressive enhancement techniques we use, old browsers will not provide as good an experience as with modern browsers.
Webpages take longer to load and may even look broken in many cases, due to a lack of support for the latest browser standards. If the very small percentage of users (or the IT teams in their departments) relying on old browsers make an upgrade, their overall experience of government services will improve.
Supporting older browsers creates code complexity for developers. The codebase is harder to maintain which can lead to technical debt, making things harder for future developers who inherit the project. The additional testing required to enable a service to work in these older browsers also adds to development timelines. This extra development effort costs time and money which isn’t cost-effective when old IE has known security and performance issues.
What this change means for GOV.UK users
The number of users visiting GOV.UK using old IE browsers has fallen dramatically in the past 12 months, from 1.11% to 0.16% of total users in May 2018.
This means the number of users affected by the change to the guidance is small, compared to the overall traffic we receive. And, according to our Service Manual guidelines and Google Analytics data, we should focus on supporting the browsers and devices that are in use.
The change to our guidance doesn’t mean that GOV.UK pages will stop working on older browsers. We still recommend that your service teams use the progressive enhancement development approach. By doing this we can help to make sure that the small number of users who use old IE browsers will still be able to access government content but some services may have limited functionality.
When users use old browsers to access GOV.UK they will also see a banner with a link to a page to help them upgrade.
If you provide internal-facing services, you should look at your analytics data and check the percentage of users that use these older browsers. You can then make an informed decision about whether to support or drop old IE from your browser matrix.
Continuing to support these older browsers beyond their life cycle ultimately costs the taxpayer more time and money. This money would be better spent on creating and improving services for the other 99.8% of users who access GOV.UK and services that sit beneath it. It’s time to say goodbye to these legacy browsers and move towards a more standards-compliant future.
To make sure you stay up to date with all the latest developments, you can sign up to alerts from the GDS Technology blog.