Google.com gets safer with HTTP Strict Transport Security (HSTS)
For any site you visit nowadays, HTTPS should be offered by default. I don't care about the content of the site -- there is no reason to go HTTP only in 2016. Security matters, folks.
Google.com -- one of the world's most popular domain names -- is aiming to get even safer by implementing HSTS. The search giant has recently enabled this technology for the benefit of its users, and it should start paying security dividends immediately.
"We've taken another step to strengthen how we use encryption for data in transit by implementing HTTP Strict Transport Security -- HSTS for short -- on the www.google.com domain. HSTS prevents people from accidentally navigating to HTTP URLs by automatically converting insecure HTTP URLs into secure HTTPS URLs. Users might navigate to these HTTP URLs by manually typing a protocol-less or HTTP URL in the address bar, or by following HTTP links from other websites", says Jay Brown, Sr. Technical Program Manager Security.
Brown also shares, "encrypting data in transit helps keep our users and their data secure. We’re excited to be implementing HSTS and will continue to extend it to more domains and Google products in the coming months".
If you are wondering why Google is slow to roll out HSTS across the board for all products, it isn't as easy as just flipping a switch. Actually, in testing last year, implementation on the search-giant's famed 'Santa Tracker' rendered it temporarily broken -- almost ruining the much-celebrated app during Christmas. Since this is such a significant change, Google is smart to be a bit gun-shy.
Does Google's continued focus on safety and security increase your confidence regarding its products? Tell me in the comments.