− | .App and .dev are the first TLDs to make HTTPS mandatory on all websites in the zone by enforcing [https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HSTS] compliance. Google maintains a list known as the [https://hstspreload.org/ HSTS Preload List] which is honored by Chrome and most other modern browsers. Anyone can submit their site to the list, which tells browsers: “insecure HTTP is disabled for this domain”. Non-HTTPS-protected sites on the list therefore not load at all, rather than the typical fallback behavior of displaying an insecure site. The entire .app zone has [https://hstspreload.org/?domain=app been added to the HSTS Preload List.] | + | .App is the first TLD to reach GA to make HTTPS mandatory on all websites in the zone by enforcing [https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HSTS] compliance. Google maintains a list known as the [https://hstspreload.org/ HSTS Preload List] which is honored by Chrome and most other modern browsers. Anyone can submit their site to the list, which tells browsers: “insecure HTTP is disabled for this domain”. Non-HTTPS-protected sites on the list therefore not load at all, rather than the typical fallback behavior of displaying an insecure site. The entire .app zone has [https://hstspreload.org/?domain=app been added to the HSTS Preload List.] |