The government URL

With disinformation on the internet a continual given and website spoofing always a black hat option, it’s critical that government leaders adopt proper government URL configuration.

A proper government URL is important, because it ensures users are visiting an official website and that it effectively protects privacy. It also shows government is holistically considering the digital user experience.

The URL

URL, or Uniform Resource Locator, is the technical term for a website address, such as https://usa.gov. Using this example, the basic components of a URL are:

• Protocol/scheme (https://)
• Second level domain (usa)
• Top-level domain (.gov)

Properly configured public sector URLs include:

• https
• www and non-www resolution
• .gov / .edu / .mil top-level domain

HTTPs

According to cio.gov, “Hypertext Transfer Protocol Secure (HTTPS) is the strongest privacy and integrity protection currently available for public web connections.”

HTTPS is usually indicated by a lock icon and/or https in the browser bar and ensures users that their privacy is protected when visiting a government website. While this is becoming less and less of an issue, as most adopt secure protocols, there are still government websites, particularly local, that do not enforce HTTPS.

All government domains must use HTTPS.

www and non-www resolution

Resolving for www (www.usa.gov) and non-www (usa.gov) URLs allows access to the intended second level domain website address. Improper resolution will direct users to an error, like “server not found” or “Warning: Potential Security Risk Ahead”.

For example, at the time of this writing, to name just a few, america.gov and connect.gov don’t work without www and business.gov, governmentjobs.gov, and smithsonian.gov, don’t work with a www.

All government domains must have proper www and non-www resolution.

Top-level domain

Generic top-level domains (gTLD), such as .com and .org, are non-country web address extensions that indicate the purpose or source of the website.

Sponsored top-level domains (sTLD) are a subgroup of gTLDs administered by designated organizations and restricted to specific registrant types.

Public sector sTLDs include .gov, .edu and .mil. The .gov sTLD is managed by the Cybersecurity and Infrastructure Security Agency at get.gov. The Department of Defense manages .mil registration.

A government sTLD verifies that the website is managed by a United States government organization (federal, state, local, tribal). Government non-.gov gTLDs can potentially confuse users and create opportunities for non-government entities to spoof official government services. Adopting a government sTLD ensures users are visiting an official government website. It also reinforces the work and value of government services.

Many governments employ .com or .org TLDs, particularly the latter at the local level. Two major examples are Florida (myflorida.com) and the U.S. Postal Service (usps.com).

All U.S. government websites must have an sTLD.

Get your government URL

While a standard government URL may seem unnecessary and non-HTTPS, improper www resolution or non-sTLD usage is seemingly trivial, failing to address these could be the difference between a fluid government experience or a dead end. Worse, it could lead citizens unknowingly down a nefarious path, all the while thinking government is taking all the proper precautions to protect them.

At a time when disinformation and domain spoofing is easier than ever, the details are in the government URL.