The .app domain is a generic top-level domain from Google Registry, built for apps and software products. Like its sibling .dev, it is on the browser HSTS preload list, so every .app site must serve over HTTPS. It is open to anyone and reads as friendly and consumer-facing.
If .dev is for the people who build software, .app is for the software itself — the product, the download page, the thing users actually open. It pairs descriptive branding with a security guarantee baked into the browser.
What is the .app domain?
A .app domain is any name ending in .app, such as example.app. It is one of Google Registry’s new generic TLDs, opened to general registration in 2018. The extension is descriptive: it instantly signals that the site is about an application, whether mobile, desktop or web.
An application-focused generic TLD operated by Google Registry. HSTS-preloaded, so browsers require HTTPS for every .app address.
Secure by default: the HTTPS requirement
Because the whole .app TLD sits on the browsers’ HSTS preload list, every .app address is forced to load over HTTPS. The browser upgrades the connection automatically and refuses plain HTTP. In practice that means one rule to remember: have a valid TLS certificate in place before you launch. With free certificates and one-click HTTPS now standard, that is a small step — and the payoff is a site that is encrypted by default.
Same security model as .dev
.app and .dev share the HSTS-preload requirement. The difference is tone: .app is consumer- and product-facing, while .dev speaks to the engineers building things.
Who is .app for?
The extension fits anyone shipping software: mobile and web app makers, SaaS products, indie developers, and startups that want a descriptive, on-brand home for a product. Because it is unrestricted, it also works for marketing pages, app directories, or any site that benefits from the “app” signal and free default encryption.
A particularly natural use is the dedicated product address. A company with a broad .com can give an individual app its own crisp home — productname.app — that is shorter, more memorable and instantly self-explanatory in an app-store listing, a download button or an ad. Because every .app visitor is on HTTPS by definition, that product page also carries the security reassurance users increasingly expect before they install or sign up, with nothing extra to configure.
.app vs the alternatives
| Extension | Best for | HTTPS forced? |
|---|---|---|
| .app | Apps & software products, consumer-facing | Yes |
| .dev | Developer tools, docs, engineering brands | Yes |
| .io | Startups & tech generally | No |
| .com | Anything; maximum recognition | No |
For a software product specifically, .app often beats a long-gone .com: it is descriptive, widely available, and secure out of the box. For broader ventures, weigh it against .io and the ever-safe .com — see best TLD for startups.
What does a .app address signal?
Because the word is so concrete, a .app address sets an expectation before a visitor reads anything: there is software here, and it is probably modern and well-built. That works in your favor for a product, but it also means the extension carries an implicit promise. A bare marketing page on a .app can feel slightly off if there is no actual application behind it — the name leads people to expect something to use, not just read about.
The forced HTTPS adds a quieter signal too. Every .app visitor connects securely by definition, so the padlock is always present and there is never a “not secure” warning to undermine trust. For a software brand — where users are increasingly security-aware — baking that guarantee into the address is a small but real reassurance, and one less thing to configure or get wrong.
When should you choose .app?
Choose .app when you are launching an application or software product and want the name to say so; when secure-by-default HTTPS is welcome (it almost always is); and when an exact, available .app beats a compromised or unavailable .com. Skip it only if “app” would mislead visitors about what you offer — the extension promises something to use, so make sure there is.
★ Key takeaways
.appis a Google Registry gTLD for apps and products, public since 2018.- It is HSTS-preloaded: every
.appsite must use HTTPS. - Open to anyone; just enable a (free) TLS certificate before launch.
- Descriptive and secure-by-default — strong for software product brands.
Frequently asked questions
Does .app require HTTPS?
Yes. Like .dev, the entire .app extension is on the browser HSTS preload list, so browsers will only load .app sites over HTTPS. You need a valid TLS certificate for the site to work — there is no HTTP option.
Is a .app domain only for mobile apps?
No. The branding suits mobile and web apps, but .app is unrestricted and works for any site — product landing pages, SaaS tools, web apps, or even a regular website that likes the modern, secure connotation.
Who runs the .app domain?
.app is operated by Google Registry, which won it at auction and opened it to the public in 2018 — making it one of the first widely available TLDs to be secure-by-default.
Can anyone register a .app domain?
Yes. .app has no eligibility restrictions — you do not need to publish an app or be a developer. Register it through any accredited registrar, ensure HTTPS is enabled, and you are live.
Is .app good for a product landing page?
Very. For a software product, .app is descriptive, available and secure by default, which fits a modern product brand. The forced HTTPS also means your landing page is encrypted from day one with no extra thought.
What is the difference between .app and .dev?
Both are Google Registry extensions and both force HTTPS, so technically they behave alike. The difference is audience and tone: .app is consumer- and product-facing — the software itself — while .dev speaks to developers and engineering work. Choose by who you want the name to address.