Surfing federal websites just got a little bit safer.
The group at 18F helped agencies hardcode 19 .gov sites with the HTTPS protocol, a more secure version of HTTP gaining wider use across the Internet.
HTTPS sites – identified by the lock icon that appears in the URL window – ensure that the information a user sends to or requests from a website is the information that ultimately gets transferred.
In a blog posted Monday, 18F member Eric Mill explained that the 19 sites are not the first to be secured using HTTPS but are the first to do so as a default, including all subdomains. This means users trying to access the HTTP version – or leaving out the opening protocol altogether – will automatically be redirected to the HTTPS site without any gaps in security.
The first .gov sites to be fully coded as HTTPS are:
- FTC's donotcall.gov, ftccomplaintassistant.gov and hsr.gov;
- A cluster of OMB sites, including cio.gov, cao.gov, cfo.gov, max.gov, itdashboard.gov, paymentaccuracy.gov, earmarks.gov, bfelob.gov, save.gov and saveaward.gov;
- Postal Service IG website uspsoig.gov;
- AIDS.gov;
- Administrative Conference of the U.S. acus.gov;
- D.C. legislature's dccode.gov;
- Federalregister.gov; and
- Notalone.gov, which helps victims of sexual assault.
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.