With the advent increase in the number of cyber-security attacks and the hijacking of user-data, Google is taking steps to further strengthen security on its platform. The company is now taking a step ahead of HTTPS and implementing HSTS mechanism on its domain.
The Internet giant is bumping up the encryption of data transferred between its users and the servers. With the use of HSTS — HTTP Strict Transport Security — on the google.com domain, the company wants to prevent users from accidentally accessing insecure HTTP URLs. It will now inherently convert any insecure HTTP URLs into secure HTTPS URLs protect websites(and users) against man-in-the-middle attacks and cookie hijacking.
To add to your knowledge, HTTP Strict Transport Security(or HSTS) is a web security policy mechanism which helps to protect websites against reported hijacks. It allows you to declare to web browsers that it should only interact with your service using a secure HTTPS connection, and never via the insecure HTTP protocol.
The Internet giant says that even though it is implementing HSTS, but users still have the freedom to navigate to unsecure HTTP URLs by manually typing it in the address bar or by clicking some external link.
And at this instant, your next question should be — But what all Google products(or services) does this affect? Good question!
This move will not only affect Google search(which has already received the HSTS treatment) but will also be available for a host of services, including including Google Alerts, Google Analytics, Google Maps, among others, on the google.com domain.
Though implementing HSTS is an ordinary process if you’re doing it for just one website. But the core website with its many complexities and the slew of external services attached to it, the company will require to do some preparation to implement the same on the whole domain. Jay Brown, Program Manager, Security concludes the blogpost by saying that,
Encrypting data in transit helps keep our users and their data secure. We’re excited to be implementing HSTS and will continue to extend it to more domains and products in the coming months.