One giant leap for online security
If you’re shooting for the moon, making sure your spaceship’s built securely isn’t optional—it’s vital. Launching a website is no different, but some folks don’t take it seriously (or know they should) and that can cause some real problems.
Here, we’ll show you what we mean.
Meet Luna, the Web-Space Academy’s top grad. She’s gearing up for a galactic adventure, and knows she needs to secure her spaceship using encryption for a safe flight.
Skylar’s also taking the trip. His approach? Casual, and dangerously unprepared. He went to the Web-Space Academy, too, but skipped the class about security.
Protect your spaceship
Now, if Skylar had attended those classes, he’d know that launching a website without encryption is like going on a spacewalk without a space suit—you just shouldn't do it.
Protect your spaceship
Encryption stops people from intercepting information exchanged on websites. Those carrying an SSL certificate are protected with secure, HTTPS connections.
Here’s how Skylar can get his SSL certificate
Some major web builders make installing SSL as simple as checking a box.
He could apply for a free SSL certificate through LetsEncrypt, an open certificate authority.
His registrar may offer SSL in the registration process for his domain.
Lock all your points of entry
But Skylar's not out of danger yet—that unlocked door has compromised his ship's security, leaving him vulnerable, as a website with a single unencrypted page can be an access point for a bad actor.
If only he’d used HSTS preloading…
It’s the safest way for creators (and cosmonauts) to lock things down, ensuring users only access your site over a secure connection. The fastest way to do this is by launching on a domain like .app, .page, or .dev that's already preloaded. Unfortunately, Skylar missed that security class and, well, you’ll see what can happen.
In the clear
Not every launch has to be like Skylar’s—just look at Luna. She set herself up for a smooth, successful flight (with no leaks or intrusion) by securing her spaceship with SSL and HSTS preloading before takeoff.
Launch like Luna
play_arrow Learn more
Some top-level domains have HSTS preloading built-in, like .dev, .app, and .page.
You can also add your website to hstspreload.org at any point post-launch. (Just remember: the list is manually built-in to browsers, so it may take months to recognize that your spaceship's been upgraded.)
Winning the web-space race
Skylar’s finally caught up, but he could learn a lot from Luna. She fast-tracked her flight by choosing a domain with HSTS preloading built-in, then installing an SSL certificate to keep her safe and secure.
Hear from people who’ve launched projects and businesses on secure, encrypted websites.
Google Registry has several top-level domains that are HSTS preloaded (.app, .dev, .page, .day), so you’ll get the gold standard of website encryption from day one.