By Sept. 1, all federal websites will use the HTTP Strict Transport Security, or HSTS, protocol. The protocol ensures that a user’s connection to a website is encrypted and can protect against man-in-the-middle attacks and cookie hijacking. The GSA, which oversees all the top-level domains for the U.S. federal government, acknowledges that it will take a “few years” for all government websites to adhere to this standard. The agency is working with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to ensure that all existing domains are capable of being preloaded.”]
Source: https://www.cuinfosecurity.com/enhancing-security-government-websites-a-14492