The government URL
Anatomy of a proper government website address.
By: Luke Fretwell
Posted: February 27, 2024
Estimated read time: 3 minutes
With disinformation on the internet a continual given and website spoofing always a black hat option, it’s critical that government leaders adopt proper government URL configuration.
A proper government URL is important, because it ensures users are visiting an official website and that it effectively protects privacy. It also shows government is holistically considering the digital user experience.
The URL
URL, or Uniform Resource Locator, is the technical term for a website address, such as https://usa.gov. Using this example, the basic components of a URL are:
- Protocol/scheme (
https://
) - Second level domain (
usa
) - Top-level domain (
.gov
)
Properly configured public sector URLs include:
https
www
and non-www
resolution.gov
/.edu
/.mil
top-level domain
HTTPs
According to cio.gov, “Hypertext Transfer Protocol Secure (HTTPS) is the strongest privacy and integrity protection currently available for public web connections.”
HTTPS is usually indicated by a lock icon and/or https
in the browser bar and ensures users that their privacy is protected when visiting a government website. While this is becoming less and less of an issue, as most adopt secure protocols, there are still government websites, particularly local, that do not enforce HTTPS.
All government domains must use HTTPS.
www and non-www resolution
Resolving for www
(www.usa.gov) and non-www
(usa.gov) URLs allows access to the intended second level domain website address. Improper resolution will direct users to an error, like “server not found” or “Warning: Potential Security Risk Ahead”.
For example, at the time of this writing, to name just a few, america.gov and connect.gov don’t work without www
and business.gov, governmentjobs.gov, and smithsonian.gov, don’t work with a www
.
All government domains must have proper www
and non-www
resolution.
Top-level domain
Generic top-level domains (gTLD), such as .com
and .org
, are non-country web address extensions that indicate the purpose or source of the website.
Sponsored top-level domains (sTLD) are a subgroup of gTLDs administered by designated organizations and restricted to specific registrant types.
Public sector sTLDs include .gov
, .edu
and .mil
. The .gov
sTLD is managed by the Cybersecurity and Infrastructure Security Agency at get.gov. The Department of Defense manages .mil
registration.
A government sTLD verifies that the website is managed by a United States government organization (federal, state, local, tribal). Government non-.gov gTLDs can potentially confuse users and create opportunities for non-government entities to spoof official government services. Adopting a government sTLD ensures users are visiting an official government website. It also reinforces the work and value of government services.
Many governments employ .com
or .org
TLDs, particularly the latter at the local level. Two major examples are Florida (myflorida.com) and the U.S. Postal Service (usps.com).
All U.S. government websites must have an sTLD.
Get your government URL
While a standard government URL may seem unnecessary and non-HTTPS, improper www
resolution or non-sTLD usage is seemingly trivial, failing to address these could be the difference between a fluid government experience or a dead end. Worse, it could lead citizens unknowingly down a nefarious path, all the while thinking government is taking all the proper precautions to protect them.
At a time when disinformation and domain spoofing is easier than ever, the details are in the government URL.
Contributors
Special thanks to the following for contributing to this page: Elias Fretwell