I know the .dev
top-level domain requires all sites to support only encrypted HTTPS connections, disallowing any HTTP connections.
Are there other such TLDs?
I know the .dev
top-level domain requires all sites to support only encrypted HTTPS connections, disallowing any HTTP connections.
Are there other such TLDs?
A direct answer to this would eventually become outdated if more top-level domains start enforcing HTTPS using HTTP Strict Transport Security (HSTS, RFC 6797). Technically this is an HSTS policy of a TLD submitted to the preloading list. It started with Google's new TLDs,
The HSTS preload list can contain individual domains or subdomains and even top-level domains (TLDs), which are added through the HSTS website. The TLD is the last part of the domain name, e.g.,
.com
,.net
, or.org
. Google operates 45 TLDs, including.how
, and.soy
. In 2015 we created the first secure TLD when we added.foo
and.dev
.
and there has even been preliminary thoughts on the possibility of protecting the entire .gov
in the future:
Zooming out even further: it’s technically possible to preload HSTS for an entire top-level domain (e.g. “
.gov
”), as Google first did with.gov
can get there.
To know the current situation, one must consult the Chromium HSTS Preloaded list.
The preloaded list is also available on Chromium's GitHub mirror; especially the raw version is best for curl
or wget
. The list is a non-standard JSON with comment lines. It is possible to analyse it with jq
after removing the comments with e.g. sed
.
Here, the jq
gives all domain names on the preloaded list and the grep
reduces it into TLDs:
cat transport_security_state_static.json \
| sed 's/^\s*\/\/.*//' \
| sed '/^$/d' \
| jq -r '.entries[]|select(.include_subdomains==true)|"\(.name)"' \
| grep -P "^\.?[a-z]*\.?$"
To search for public suffixes instead of TLDs:
cat transport_security_state_static.json \
| sed 's/^\s*\/\/.*//' \
| sed '/^$/d' \
| jq '.entries[]' \
| jq 'select((.policy=="public-suffix") and (.include_subdomains==true))' \
| jq -r '"\(.name)"'
This was generated using the procedure in Esa Jokinen's answer, but it seemed like it might be useful to have a literal list, even if it does need to be updated periodically.
(this portion of the answer is likely to go out of date faster)