Google had revealed its latest intentions to enhance encryption level of its domains.
The same will be done by enabling HSTS encryption across various products preventing users from being redirected to unsafe links wrapped in the secure shell of HTTPS protocol.
Google is quite resolute to make the web safer you. A new update is making strides to enable HSTS (HTTP Strict Transport Security) encryption on its primary google.com domain.
Some unsafe HTTP URLs are wrapped in the cover of the safer HTTPS URLs which are then used to redirect users to potentially harmful links. After enabling HSTS encryption, Google would be able to track and prevent such links from being clicked by users.
Although implementation of “HSTS is a relatively basic process” but complexities involved at Google’s end have impeded the HSTS implementation process a bit.
“This process wasn’t without its pitfalls. Perhaps most memorably, we accidentally broke Google’s Santa Tracker just before Christmas last year (don’t worry — we fixed it before Santa and his reindeer made their trip),” – writes Jay Brown.
What is HSTS Protocol?
HSTS is an IETF protocol (RFC 6797) used by web servers to tell a web browser that it should only establish a connection to the server using secure protocols like HTTPS, ditching the unsafe protocols like HTTP. This helps in precluding protocol downgrade attacks and session hijacking.
As of now, the HSTS encryption has only been enabled on Google’s search website, www.google.com. Google plans to spread the HSTS encryption to its other domains in the coming future.