Google is strengthening data encryption on its website by implementing a new security measure, the HTTP Strict Transport Security (HSTS). HSTS is a web security policy mechanism that makes website accessible only via secure connections for users. All interactions and communications carried over the site will be over secure connections only. Through this policy, websites protects websites against cookie hijacking and protocol downgrade attacks.
Even though Google’s data encryption techniques are already top notch, the leading technology giant is implementing this as an additional measure of security. Another reason behind this changeover is to avoid confusion between HTTP and HTTPS.
When a user types in the URL for Google, they might accidentally type in http instead of https, that would not load the security protocol implemented by https. The HSTS policy will help curb this issue, especially for users that are not aware of the differences between http and https. With this in place, users will always be automatically redirected to Google’s secure HTTPS webpage.
Currently, Google has made HSTS active on its core domain, www.google.com, only. However, it is expected that Google will deploy the changes to all its domains and products soon.