fTLD Registry Services, the operator of the .bank and .insurance new gTLDs, has announced it is implementing a first-of-its-kind security policy to help protect .bank and .insurance websites from network attacks. The security policy, known as HTTP Strict Transport Security (HSTS) will enforce secure connections between web browsers and all websites across .bank and .insurance.
HSTS works by adding .bank and .insurance to a browser-based preload list that will declare to web browsers to permit only secure access to .bank and .insurance websites. All .bank and .insurance websites with a digital identity certificate (i.e., Transport Layer Security (TLS) certificate) will be accessible only via secure connections (HTTPS), and major browsers will prevent any unsecure (HTTP) connections. As a result, registrants and customers will automatically receive the security benefits of HSTS without needing to take any additional steps to be covered.
fTLD’s new gTLDs were added to the preload list on 18 January 2018. Leading web browsers will now begin to honour the policy in subsequent updates, including Chrome, Firefox, Internet Explorer/Edge and Safari.
The .bank and .insurance new gTLDs will become the first TLDs, outside of Google’s, to implement an HSTS security policy at the top level.