.app domains explained: HTTPS-only by design
A generic TLD operated by Google, launched 2018. Notably the first TLD with HSTS preload-list enforcement — every .app domain must serve HTTPS or it will not load in modern browsers.
Quick facts
- Registry
- Google Registry
- Introduced
- 2018
- Typical price
- $14.00 – $20.00 / year
- Restrictions
- HTTPS required (HSTS preload at TLD level — browsers refuse plain HTTP).
What is .app?
.app is a generic top-level domain (gTLD) operated by Google Registry, launched in 2018 as part of ICANN’s New gTLD Program. It is intended for software applications, mobile apps, and developer products.
The HTTPS-only design
.app is on the HSTS preload list at the TLD level — meaning every browser that ships HSTS preloading (Chrome, Firefox, Safari, Edge) will refuse to load any .app site that doesn’t serve a valid HTTPS certificate. This was deliberate: Google wanted .app to signal trustworthy, secure-by-default app endpoints.
Registration + operational notes
Open global registration through any ICANN-accredited registrar. Typical pricing is $14-$20/year. Plan for HTTPS from day one — you cannot serve plain-HTTP content on a .app domain even for testing without browser warnings.
Famous examples
-
Mailchimp (mailchimp.app)
Mobile app companion.
-
Slack (status) (status.slack.app)
Demo URLs.
-
Zoom (zoom.app)
Video product subdomain.
-
Figma (figma.app)
App distribution surface.
-
Linear (linear.app)
Issue tracking app primary.