Some domain extensions require an SSL/TLS certificate if you plan to host a website on them. This is a registry level policy, not a restriction imposed by Unstoppable Domains.
What this means
The 19 TLDs listed below are on the Chromium HSTS (HTTP Strict Transport Security) preload list. This means major browsers including Chrome, Edge, Brave, and Safari will refuse to load any website on these domains over plain HTTP. If you want to host a website on one of these TLDs, an SSL/TLS certificate is mandatory.
Affected TLDs
All of the following are operated by Google Registry:
• .app
• .boo
• .dad
• .day
• .dev
• .esq
• .foo
• .how
• .ing
• .meme
• .mov
• .new
• .nexus
• .page
• .phd
• .prof
• .rsvp
• .soy
• .zip
This is registry policy. For more information, see Google Registry's registration policies.
How to get an SSL certificate
You don't need to purchase an expensive certificate. Here are the most common options:
- Hosting providers with free SSL included: Platforms like Cloudflare, Vercel, and Netlify automatically provision SSL certificates for domains connected to them.
- Let's Encrypt: A free, widely used certificate authority for self-hosted setups.
- Purchased certificates: Available from any major certificate authority (CA) if your hosting setup requires one.
We recommend checking with your hosting provider first. Most modern hosts include SSL at no extra cost.
What you can still do without an SSL certificate
An SSL certificate is only required if you're hosting a website. You can still:
- Park your domain
- Use your domain for email-only DNS (MX records, etc.)
- Point DNS records to services that handle SSL on their end
FAQ
Will my non-Google TLD also need HTTPS?
Most browsers strongly encourage HTTPS for all websites, but only HSTS-preloaded TLDs enforce it at the browser level. If your domain ends in a non-Google TLD (like .com or .crypto), you won't be blocked from loading over HTTP, though HTTPS is still best practice.