Google has made accessing www.google.com a little more secure by turning on HSTS (HTTP Strict Transport Security).
With HSTS, Google ensures its servers are telling browsers that all future attempts to connect should be over HTTPS, Jay Brown, senior technical program manager of security at Google, wrote on the Google Security blog.
When the user connects to a site for the first time, it typically uses a regular connection. Even if users don’t manually type http:// in the address bar, browsers tend to treat the address as going over HTTP. The server can be configured to redirect to HTTPS, but the initial communication over HTTP happens every time the user attempts to connect.
To read this article in full or to leave a comment, please click here