Beginning September 1, 2020, new .gov websites will only be accessible via HTTPS as they will be automatically preloaded, as announced by the U.S Government’s DotGov Program. The U.S. General Services Administration (GSA) oversees the DotGov Program which handles the .gov TLD. For this purpose, it’s collaborating with the Cybersecurity and Infrastructure Security Agency (CISA).
“We believe the security benefits that come from preloading are meaningful and necessary to continue meeting the public’s expectation of safety on .gov services. We believe that government websites should always be secure,” said the registrar in a blog post.
The sites will get an additional security boost by using HSTS (HTTP Strict Transport Security), a standard that protects site visitors by ensuring that their browsers always enforce an HTTPS connection to the website.
The TLD will not be submitted to the HSTS preload list as of yet, as those .gov sites that which do not offer HTTPS would become inaccessible to users. “With concerted effort, we could preload .gov within a few years.” The registrar will announce a target preloading date after receiving feedback and inputs from its community of account holders and users.