Google today said that it’s now automatically re-routing HTTP web requests for pages on the www.google.com domain through the more secure HTTPS protocol. The “S” at the end stands for “secure,” and it means your connection between your computer and Google is encrypted — more directly, this protects you from man-in-the-middle attacks and other hacks.

This move does not only affect Google searches. There’s a whole lot of services available from the www.google.com domain, including Google Alerts, Google Flights, Google Maps, Google Trends, and Google Voice. Google Search and Google Maps both have more than 1 billion active users.

To make this shift, Google is using the HTTP Strict Transport Security (HSTS) standard.

“HSTS prevents people from accidentally navigating to HTTP URLs by automatically converting insecure HTTP URLs into secure HTTPS URLs,” Jay Brown, senior technical program manager for security at Google, wrote in a blog post. “Users might navigate to these HTTP URLs by manually typing a protocol-less or HTTP URL in the address bar, or by following HTTP links from other websites.”

Google is doing this a few months after it announced that its search engine had started to index HTTPS pages by default. At the time Google suggested that webmasters start using HSTS, and now Google is doing just that for its own core domain.

Last year Microsoft started using HTTPS encryption by default for Bing.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member