Looks like Google is pretty determined to make the web safer for you. To strengthen its data encryption, the company is now implementing HTTP Strict Transport Security (HSTS) on its primary google.com domain.
HSTS is a web security policy mechanism (RFC 6797) used by web servers, which lets you tell a browser that it should only interact with your service using a secure HTTPS connection, ditching the unsafe protocols like HTTP. This helps in repelling session hijacking and protocol downgrade attacks.
There are some unsecured HTTP URLs are cloaked in the cover of the HTTPS URLs that can be later used to redirect users to potentially harmful links. Once the HSTS encryption is established, Google will be able to detect such links and prevent them from being clicked by users.
Albeit, the implementation of HSTS is quite a basic process, complexities involved at Google’s end have made the company to do some preparation to implement the same on the whole domain.
“This process wasn’t without its pitfalls. Perhaps most memorably, we accidentally broke Google’s Santa Tracker just before Christmas last year (don’t worry — we fixed it before Santa and his reindeer made their trip),” Google wrote in its blog post.
As of now, only Google’s search website www.google.com has been HSTS encryption enabled. However, the company plans to spread the HSTS encryption to its other domain in the near future.