Google starts using HTTPS Strict Transport Security (HSTS) for all its 45 TLDs

Google announced that they want the internet more secure and because of that they have added another tool in their toolbox, the HTTPS Strict Transport Security (HSTS) preload list.

The HSTS preload list is built in to all major browsers (Chrome, Firefox, Safari, Internet Explorer/Edge, and Opera). It consists of a list of hostnames for which browsers automatically enforce HTTPS-secured connections.

For example, gmail.com is on the list, which means that the aforementioned browsers will never make insecure connections to Gmail; if the user types http://gmail.com, the browser first changes it to https://gmail.com before sending the request.

This provides greater security because the browser never loads an http-to-https redirect page, which could be intercepted. The HSTS preload list can contain individual domains or subdomains and even top-level domains (TLDs), which are added through the HSTS website. The TLD is the last part of the domain name, e.g., .com, .net, or .org. Google operates 45 TLDs, including .google, .how, and .soy.

In 2015 Google created the first secure TLD when they added .google to the HSTS preload list, and they are now rolling out HSTS for a larger number of our TLDs, starting with .foo and .dev. The use of TLD-level HSTS allows such namespaces to be secure by default. Registrants receive guaranteed protection for themselves and their users simply by choosing a secure TLD for their website and configuring an SSL certificate, without having to add individual domains or subdomains to the HSTS preload list. Moreover, since it typically takes months between adding a domain name to the list and browser upgrades reaching a majority of users, using an already-secured TLD provides immediate protection rather than eventual protection. Adding an entire TLD to the HSTS preload list is also more efficient, as it secures all domains under that TLD without the overhead of having to include all those domains individually. Google hopes to make some of these secure TLDs available for registration soon, and would like to see TLD-wide HSTS become the security standard for new TLDs.

Google has taken many actions to make the use of HTTPS more widespread, both within Google and on the larger Internet.

Google began in 2010 by defaulting to HTTPS for Gmail and starting the transition to encrypted search by default. In 2014, they started encouraging other websites to use HTTPS by giving secure sites a ranking boost in Google Search. In 2016, thhry became a platinum sponsor of Let’s Encrypt, a service that provides simple and free SSL certificates. Earlier this year Google announced that Chrome will start displaying warnings on insecure sites, and thry recently introduced fully managed SSL certificates in App Engine.

One of the most powerful tools in the Web security toolbox is ensuring that connections to websites are encrypted using HTTPS, which prevents Web traffic from being intercepted, altered, or misdirected in transit.

Sold.Domains

About Konstantinos Zournas

Konstantinos studied Computer Engineering and Computer Science in London and lives in Athens, Greece. He works on domain names, websites and software development. Has been online since 1995 & domaining since 2002.

4 comments

  1. I encrypted a website the other day and used https://www.ssls.com/ and with all their instructions it was was pretty easy! I will probably check out that free site to see how that works, free and easy would be even better 🙂

  2. And I totally agree with Google that everything needs to be encrypted because people don’t understand that their passwords are flying thru the air in plain English!

  3. Hello Konstantinos, This Marketing Intelligence report just released can help your readership navigate the moves of the really smart money.
    ENJOY!

    Part 1

    Published on Published onSeptember 30, 2017
    Edit article
    View stats

    jeff schneider
    jeff schneider

    6
    0

    Edit article

    The Google/Alphabet Trafficking Monopoly and its inevitable Disruption !

    (Alphabets Googleopoly)

    Google/Alphabets Renegade Cartel ambitions and its current losing battle with the E.U. Anti-Trust Ruling cannot stop Google/Alphabets ambitions achieved through Traffic controlled Digital Manipulation.Any ongoing algorithm changes they offer will surely foil any policing authorities Radar. The mere design of any algorithm is to accomplish dominant control of Traffic patterns to some recipients advantage, while at the same instant, forcing competitors to an extreme disadvantage, all the while effectively excluding others from the free market place. This is how Monopolies price fix and bury their competitors access to free and open markets.

    Googles incessant gaming of algorithms is easily cameflauging unscrupulous skewing, in the favor of high paying Incumbent Monopolistic giants.This smothers the free open market places access to compete effectively. Squelching New Small Business’s right to compete. Making Google/Alphabet the ring leader in standing in the way of Economic Expansion.

    The Google/Alphabets Traffic platform consists of a vast all encompassing Network of Manipulated Algorithm controlled Digital code operating under the radar of detection. Google/Alphabets Traffic platforms function is to effectively intercept All its incoming traffic and reroute traffic to its Googleopoly’s competitive advantage. This devious Enigma plot has become even more treacherous for competitors by Google/Alphabets introduction of New Gtlds they have added to their anti-Competitive Cartels Arsenals effectiveness in the hijacking of the internet’s traffic.

    Bottom Line: Google/Alphabets glaring anti-competitive business platforms strangle hold, is ominously standing in the way of our nations Economic Prosperity. Ultimately, standing in the way of our national security interests striving for Small business expansion. Small Business Expansion has been languishing in the lower 1/3 tranche of historical efficiency. The worlds competing economies that wake to these realities and reinstate free economy laws and regulations enforcement, to curb these fundamental barriers to progress, will be the free Worlds Global leaders.Will the U.S. awake soon enough? Someone will take the baton if not. JAS 9/29/17
    Former (Rockefeller I.B.E.C. Marketing Intelligence Analyst/Strategist) (Licensed C.B.O.E. Commodity Hedge Strategist.)
    Thanks Konstantinos

    • Hello Konstantinos,
      The signifigance of your perceptive post here may be lost in today’s Buzzfeed generations inability to focus on underlying Truths. We have experienced a serious inflow of carpetbagging hucksters in our Industry, that prey on our Industries inexperienced entrants. You have helped Domainers get the facts and that’s why my followers as well as yours remain glued to your Blog. We all sincerely appreciate your efforts. Your timely post has created an opportunity to put the Googleopoly under scrutiny. We have addended our Marketing Intelligence release in part because of you. Thank you for your unbiased Professionalism. We are adding the addendum to our release here. JAS/Contact Group ( This devious Enigma plot has become even more treacherous for competitors by Google/Alphabets introduction of New Gtlds they have added to their anti-Competitive Cartels Arsenals effectiveness in the hijacking of the internet’s traffic, giving algorithm concealed preferences to their new Tlds.

      SEO, SEM(Search Engine Manipulation), is a cesspool of Digital Thieves employed to steel businesses lifesblood traffic through the SEM Platform. Its the largest assemblage of Bad Actors ever assembled in history. All supported and coddled by the (Googleopoly SEM culture). Are you willing to expose your Online business to this SEM Culture of dishonor, set in an atmosphere of criminal acts ? Get your valuable Brand out of the S.E.M. Platform before your Brands Reputation and Traffic are decimated.

      Former (Rockefeller I.B.E.C. Marketing Intelligence Analyst/Strategist) (Licensed C.B.O.E. Commodity Hedge Strategist.)
      Thanks Konstantinos

Leave a Reply

Your email address will not be published. Required fields are marked *