Apps make the mobile world go round, and now they have their own more secure home on the web: the .app domain, the most relevant TLD for mobile apps.
You can use your .app name to showcase a unique and trustworthy destination, as a relevant download link, for deep linking, or for sharing screenshots, release notes, and reviews. Get your .app domain now to start sharing your app with the world.
Key points about the TLD:
The App-Domain is an open TLD with a focus on improved security.
The entire .app TLD has been added to the HSTS preload list, which means registrants will have to provision and set up SSL certificates in order for their content to be loaded in modern browsers
The App-Domain is a secure namespace, meaning that HTTPS is required for all .app
websites. You can buy your App-Domain now, but in order for it to work
properly in browsers you must first configure HTTPS serving. You can acquire webspace with pre-configured encryption at us without any additional costs or SSL Certificates.
Whether you're building a website for school, launching a side project, or expanding your
business's online presence, there are basic steps to take to protect your website's content and
your users' information (especially if you are collecting personal or financial information).
1. Install a SSL certificate. As a website creator, you should ensure that traffic to your
website is HTTPS-encrypted. By encrypting traffic to a website, you ensure that any
communications to or from that website cannot be seen by an eavesdropper. If you were
to mail a letter that contains a private message or your personal information, would you
rather send it on a postcard or in an envelope? The envelope is the physical equivalent of
HTTPS because it prevents parties who have access to the envelope on its way to the
recipient from reading or changing its contents.
Installing SSL allows you to encrypt data on your website. Websites that have an SSL
certificate use HTTPS, as opposed to HTTP (which means that a connection is not
encrypted). Major browsers may also show a lock sign next to a secure connection and
warn users if the website is not secure.
How to get SSL:
You can buy webspace at us and get at one click installed SSL for free or you fetch yourself free certificates at Let's Encrypt
2. Make sure your entire website is encrypted.
Many website owners donft realize that a single page that isnft encrypted could
potentially be used to gain access to the rest of the website. To avoid this, you need
encryption on your entire website, not just for pages that are collecting credit card
numbers or log-in info. Even unencrypted landing pages that redirect to an HTTPS page
can pose risks. A single page that is unencrypted can become a backdoor for bad
actors to snoop on the rest of the site.
How to ensure encryption:
Use a top-level domain that is HSTS-preloaded. The HSTS preload list is a list of
websites which modern browsers will only load over an encrypted connection.
The fastest way to get on this list is to use a top-level domain that's already on
the HSTS preload list, like .app, .dev, or .page. Any website on those extensions
gets the security benefits of HSTS-preloading from day one, so all you need to do
is install your SSL certificate.
Alternatively, you can add your website to the HSTS preload list yourself.
Websites can be individually added to the HSTS preload list by the website owner
at hstspreload.org . Keep in mind this can be a slow process because the list is
manually built into the browser. That means updates to the list are made as new
browser releases come out, which can take months to occur for all browsers.
The standard App-domain costs 49 US-Dollars per domain and year at General Availability. In addition to the standard App-Dmains, Premium App-Domains are also offered. The price for the Premium App Domains is not only due in the first year, but annually.