PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

New US Executive Branch Websites to Force HTTPS

Starting this spring, all new .gov websites will be served to Web browsers with HTTPS automatically enabled.

Tom Brant
 & Tom Brant Managing Editor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

The government missed the Obama administration's Dec. 31 deadline to enable HTTPS encryption on all federal websites using the .gov domain. But all new websites issued under the Trump administration will be served to Web browsers with HTTPS automatically enabled, the General Services Administration announced on Thursday.

SecurityWatchIt's a consolation prize that doesn't require any extra work: the GSA can flip the equivalent of a digital switch for all new websites, telling modern Web browsers like Google Chrome to only load the HTTPS version of the page. The process, known as HTTP Strict Transport Security (HSTS), is already widely used. You've probably seen it in action if you type in a website URL like "http://www.newegg.com," and your browser automatically translates the request into https://www.newegg.com.

The GSA will only enable HSTS by default for new executive branch websites starting this spring, although many existing websites in all three federal government branches already support it. In order for it to work, the site must ensure that all of its subdomains and associated Web services support HTTPS encryption, a task that's much easier for brand new sites than those that are decades old.

"Once preloading is in effect, browsers will strictly enforce HTTPS for these domains and their subdomains," the GSA explained in a blog post. "Users will not be able to click through certificate warnings. Any Web services on these domains will need to be accessible over HTTPS in order to be used by modern Web browsers."

The Obama administration announced in June 2015 that all federal websites must enforce HTTPS connections by Dec. 31, 2016. Out of approximately 1,000 .gov domains, only 61 percent enforced HTTPS by the deadline, TechCrunch reported.

Google last fall said it would display a conspicuous "not secure" label in its Chrome Web browser next to the URL of any website that doesn't support HTTPS. The label will roll out with Chrome 56, which is scheduled for release this month.

About Our Expert

Tom Brant

Tom Brant

Managing Editor

I’m a managing editor at PCMag.com focused on PC hardware. Reading this during the day? Then you've caught me testing gear and editing reviews of Wi-Fi routers, printers, laptops, and tons of other personal tech. (Reading this at night? Then I’m probably dreaming about all those cool products.) I’ve covered the consumer tech world as an editor, reporter, and analyst since 2015.

I've covered most major consumer tech events, including CES, Computex, Google I/O, and IFA. I've also appeared on CBS News, in USA Today, and at many other outlets to offer analysis on breaking technology news.

Before I joined the tech-journalism ranks, I wrote on topics as diverse as Borneo's rainforests, Middle Eastern airlines, and Big Data's role in presidential elections. A graduate of Middlebury College, I also have a master's degree in journalism and French Studies from New York University.

The Technology I Use

While most people buy a phone or laptop and stick with it for years, I’m lucky enough to use devices based on Android, iOS, macOS, and Windows daily as part of my job. As a result, I cycle through lots of tech in addition to my IT-issue work laptop. (Yes, that's a ThinkPad.) Personally, I’ve also owned a lot of tech products both cutting-edge and cringeworthy, from the Nintendo GameCube and the original MacBook to the Palm m105 and the CueCat.

Read the latest from Tom Brant

Read full bio