Google announced that 45 of the top-level domains (TLDs) it recently purchased, including .dev, .app, .eat, and so on, will enforce HTTPS security, guaranteeing that all connections to sites using those TLDs will be over encrypted channels.
What Is HSTS?
HTTP Strict Transport Security (HSTS) is a web security policy that ensures a user will always connect via an encrypted HTTPS channel to a website after the initial connection to that site. If the user then tries to connect to http://gmail.com, for example, the browser will automatically switch to https://gmail.com before sending out the request to Google.
Once the HSTS response header is received by the browser on the first connection, the user can no longer connect to that site using HTTP, which means any downgrade attacks (from HTTPS to HTTP) will also be prevented.
However, because HSTS still normally needs that first connection before it can be enabled in the browser for a given website, a small window of opportunity for an attacker can still exist to launch a man-in-the-middle attack against someone visiting a certain website.
This can be fixed for certain websites, if they are included in the HSTS preload list in the major browsers. Then, the browsers will be able to enforce HTTPS encryption from the very first connection.
HTTPS Enforcement For Entire Domains
Not just domains and subdomains can be included in the HSTS preload lists of a browser, but entire TLDs, too. For instance, if the .com TLD would be included in this list, then nobody would be able to connect to any existing .com website unless they were doing it over HTTPS.
Considering many websites still haven’t even adopted HTTPS yet, let alone mandated the use of HTTPS for their visitors, that’s not possible, at least for the time being. However, this can work for new TLDs, such as .dev and .app, and this is what Google is announcing today.
Google, which has recently purchased 45 TLDs, is now able to enforce HTTPS for those 45 TLDs. As the company has recently become a domain registrar as well, others will soon be able register domains with one of those secure-by-default Google-owned TLDs.
Google also hopes that all owners of other new TLDs will enable HSTS by default, which would ensure that all new websites using such TLDs will always connect via HTTPS.
Google Domains pricing and supported TLDs
What will a domain cost?
Domain purchase and registration
Google Domains offers domains at a price per year of registration determined by the domain ending or top-level domain (TLD), like “.com”, “.org”, or “.company”. See the table of supported TLDs and prices for the list of prices.
Renewing your domain
You can renew your domain manually before it expires, or automatically each year. If you set up automatic renewal, you will receive a notification email before each renewal with the opportunity to cancel.
You can buy up to ten years of registration in advance (five years for some domains, like .co and .io. See the list below for exceptions). For example, if you buy .com domain for $12 you can buy two years of registration for $24 or ten years for $120. You can auto-renew your domain every year for the same $12.
- If you purchase a domain at a one-time promotional price or with a coupon, the renewal price will still be the regular market price for the domain (for example, $12 for a .com).
- If your domain registration has been expired for longer than the grace period (30 days for most domains), there is usually an extra fee for restoring the expired domain.
See Domain renewal and restoration for more information on renewing and restoring your domain.
Features included at no additional cost
- Whois privacy
- Domain forwarding and subdomain forwarding
- Email forwarding (forwarding of email aliases @<your domain>)
- Google nameservers with 10 million DNS resolutions per year
- Support via help center, email, chat, or phone.
See Google Domains features for a list of features with descriptions.
Website building and web host partners
Google Domains offers you a choice of 3rd-party website building and web hosting companies. Each partner has their own list of plans and pricing. They are available on the Website tab for your domain. See Web presence for more information on choosing a website builder.
G Suite integration
You can create user accounts for your domain and provide them with email, Google Drive, Google Sites, and many more features. See the G Suite website for information on pricing. See Integrate with G Suite for instructions on integrating your domain with G Suite.
Premium domains are domains offered for sale or resale at a premium price. There are two kinds of premium domains:
- Aftermarket premium domains – These are domains offered for resale by owners for a premium price. Once you have purchased it, you can add multiple years of registration and renew at the regular price for the TLD of the domain (for example, $12 per year for a .com).
- Registry premium domains – These are domains the registry is offering for a premium price. In most cases transfer, additional years of registration, renewal, and restoration are charged at a different price from the base price for the TLD—usually the same as the initial premium price.
Supported Domains Endings (TLDs) and prices*
Google Domains supports the following top-level domains (TLDs):