November 3, 2021
What’s Important to know about URL Redirection for .BANK and .INSURANCE Domains
URL Redirection (also referred to as URL forwarding) is a technique which is used to redirect a domain’s visitors to a different URL. In the case of .BANK and .INSURANCE domains, there are various reasons to use URL Redirection and here are some common examples:
- The owner of BANKNAME.BANK has set up their new .BANK website and to ensure customers reach the bank’s new website, it sets up a redirect so visitors to BANKNAME.COM are automatically taken to BANKNAME.BANK.
- The owner of NAMEBANK.BANK and THENAMEBANK.BANK wants to redirect these sites to their primary URL of NAME.BANK to ensure its multiple .BANK domains refer customers to its primary website.
Regardless of the reason for using URL Redirection, when .BANK and .INSURANCE are used to serve content on the Internet they must be secured with a Transport Layer Security (TLS) certificate that meets fTLD’s Digital Identity Certificate and TLS version requirements.
What Method of URL Redirection is More Secure
What else is Unique about .BANK and .INSURANCE Domains
They are on the HSTS Preload list (read more here: https://www.register.bank/january-8-2018/), which means browsers such as Google Chrome and Microsoft Edge will automatically take a visitor to the secure version of the domain provided it’s secured with a TLS certificate. In contrast, HSTS prevents non-compliant, insecure HTTP sites from loading at all.
All domains are regularly monitored for compliance with fTLD’s Security Requirements. When a domain is out of compliance with any of the requirements, the owner will receive an email from compliance@fTLD.com that identifies the issue(s) to be resolved.
How to Check your URL Redirection Setup
There are a variety of publicly available tools to help owners check the status of their domain(s). A couple of tools fTLD finds to be instructive are Redirect Detective: https://redirectdetective.com/ and Redirect Checker: https://www.redirect-checker.org/index.php. By entering a URL on Redirect Detective you can see the path of the redirection(s), and if none are set up, it will say so. An example of this, for “http://nic.bank”, is shown below. In this case, NIC.BANK is compliantly redirecting because it’s secured with a TLS certificate, which causes the browser to take visitors to https://nic.bank and ultimately to https://www.register.bank. All .BANK and .INSURANCE websites must have a TLS certificate.
It’s important to remember that because .BANK and .INSURANCE are HTTPS-only domains, a failure to comply with the URL redirection requirement will generate a failure notice to the owner. The following URL Redirects and testing results are examples of what you may receive:
- http://bankname.bank redirects to https://bankname.bank (compliant)
- http://bankname.bank redirects to https://www.bankname.bank (compliant)
- http://bankmame.bank redirects to http://www.bankname.bank (not compliant as the redirect must be to the HTTPS version of a .BANK domain)
- http://bankname.bank redirects to https://bankname.com (not compliant as a redirection to a non-.BANK domain must only be made from the HTTPS version of a .BANK domain)
Compliance with the .BANK and .INSURANCE security requirements requires adding a TLS certificate to the domain, which has been commonplace for most financial services providers for decades. Once a certificate has been added to the domain, a variety of redirections can be put in place to ensure visitors to it are taken to the intended location. TLS certificates come in all shapes and sizes and are available from a variety of service providers, including from most fTLD-Approved Registrars. There are even free options such as Let’s Encrypt.