In the face of ever-increasing cyber-attacks, tech major, Google wants to further strengthen security on its platform. The company is now taking a step ahead of HTTPS and implementing HSTS mechanism on its domain.Google is boosting up the encryption of data transferred between its users and the servers. With the use of HSTS — HTTP Strict Transport Security — on the google.com domain, the company wants to prevent users from accidentally accessing insecure HTTP URLs. It will now inherently convert any insecure HTTP URLs into secure HTTPS URLs protect websites (and users) against man-in-the-middle attacks and cookie hijacking.
HTTP Strict Transport Security(or HSTS) is a web security policy mechanism which helps to protect websites against reported hijacks. It allows you to declare to web browsers that it should only interact with your service using a secure HTTPS connection, and never via the insecure HTTP protocol.
The company also says that even though it is implementing HSTS, users still have the freedom to navigate to unsecure HTTP URLs by manually typing it in the address bar or by clicking some external link.
This move will not only affect Google search (which has already received the HSTS treatment) but will also be available for a host of services, including Google Alerts, Analytic and, Maps among others on the google.com domain.
Though implementing HSTS is an ordinary process if you’re doing it for just one website. But the core website with its many complexities and the slew of external services attached to it, the company will require doing some preparation to implement the same on the whole domain.