Google is strengthening data encryption on its website by implementing a new security measure, the HTTP Strict Transport Security (HSTS). Now, instead of https://www.google.com, it’ll be hsts://www.google.com.
HSTS is a web security policy mechanism that makes website accessible only via secure connections for users. All interactions and communications carried over the site will be over secure connections only. Through this policy, websites protects websites against cookie hijacking and protocol downgrade attacks.
“HSTS prevents people from accidentally navigating to HTTP URLs by automatically converting insecure HTTP URLs into secure HTTPS URLs,” Jay Brown, senior technical program manager for security at Google, wrote in a blog post. “Users might navigate to these HTTP URLs by manually typing a protocol-less or HTTP URL in the address bar, or by following HTTP links from other websites.”
Even though Google’s data encryption techniques are already top notch, the leading technology giant is implementing this as an additional measure of security. Another reason behind this changeover is to avoid confusion between HTTP and HTTPS.
For instance, when a user types in the URL for Google, they might accidentally type in http instead of https, that would not load the security protocol implemented by https. The HSTS prefix will help curb these issues, especially among users that are not aware of the differences between http and https.
Currently, Google has made HSTS active on www.google.com only. However, it is expected that Google will deploy the changes to all its domains and products soon.