Security News > 2020 > June > United States wants HTTPS for all government sites, all the time
The US government just announced its plans for HTTPS on all dot-gov sites.
As well as saying all dot-gov sites should be available over HTTPS, the government wants to get to the point that all of its web servers are publicly committed to use HTTPS by default.
As a result, HTTPS has steadily been winning out over plain old HTTP, with Google estimating that about 95% of users visiting its sites and services now "Talk" HTTPS. Website operators don't even need to pay for web certificates any more - certificate authorities such as Let's Encrypt let you acquire certificates for free, and with almost none of the bureaucratic hassle that used to be involved.
There's a surprisingly easy way to do that, called Strict Transport Security, also known as HSTS. That's a way that websites can tell your browser, "Next time you visit, use HTTPS even if the user wants to connect using HTTP.".
If we did that, some government websites that don't offer HTTPS would become inaccessible to users, and we don't want to negatively impact services on our way to enhancing them! [G]etting there will require concerted effort among the federal, state, local and tribal government organizations that use a common resource, but don't often work together in this area.