Google today said that it’s now automatically re-routing HTTP web requests for pages on the www.google.com domain through the more secure HTTPS protocol. The “S” at the end stands for “secure,” and it means your connection between your computer and Google is encrypted — more directly, this protects you from man-in-the-middle attacks and other hacks.
This move does not only affect Google searches. There’s a whole lot of services available from the www.google.com domain, including Google Alerts, Google Flights, Google Maps, Google Trends, and Google Voice. Google Search and Google Maps both have more than 1 billion active users.
To make this shift, Google is using the HTTP Strict Transport Security (HSTS) standard.
“HSTS prevents people from accidentally navigating to HTTP URLs by automatically converting insecure HTTP URLs into secure HTTPS URLs,” Jay Brown, senior technical program manager for security at Google, wrote in a blog post. “Users might navigate to these HTTP URLs by manually typing a protocol-less or HTTP URL in the address bar, or by following HTTP links from other websites.”
Google is doing this a few months after it announced that its search engine had started to index HTTPS pages by default. At the time Google suggested that webmasters start using HSTS, and now Google is doing just that for its own core domain.
Last year Microsoft started using HTTPS encryption by default for Bing.