Google’s New TLD .App Domains With Baked-In HTTPS And Are Now Open for General Registration

Starting last week, on May 8, Google has opened the .app top-level domain (TLD) to the general public, allowing anyone to register their desired .app domain name.

As its name implies, the domain is intended for app developers, but anyone can register a domain, may it be for an app or not.

.app becomes first HTTPS-only TLD

The .app domain is a milestone in the domain name industry because this is the first TLD that requires sites to hold an SSL certificate and serve content via HTTPS by default.

Domain owners serving their sites on HTTP connections will have the unpleasant surprise that users won’t be allowed to connect to their sites unless they secure it via HTTPS.

Google bought the exclusive rights over the .app TLD from ICANN in February 2015 for $25,001,000, the largest sum ever paid for ownership over a TLD.

Advertisements

This, in turn, has allowed Google to impose the rule that only HTTPS connections will be allowed for .app domains.

Over 100,000 .app domains already registered

Google formally announced the .app TLD on May 1, when it opened an Early Access Program, where for an additional fee, users could have registered their desired domain names ahead of general availability.

This was a success, as users registered over 100,000 domain names in the Early Access Program alone. More domain names flew off the shelve since May 8, when the general availability period started, and users and companies are advised to register their desired domains before they become unavailable.

After entering the general availability period, .app domains can now be registered with any major domain registrar, and some of them are even offering free SSL certs to help with the domain’s rollout.

It is no surprise that Google is enforcing HTTPS for its .app domain. The company has been pushing for HTTPS as the default connection type in Chrome. Google previously announced that starting with July 2018, Chrome will begin to mark all HTTP sites as “Not Secure.”