When Google launched the .app top-level domain in 2018, it became the first open gTLD with a hard security requirement baked into the extension. For founders trying to name a new product, .app domain explained is simple: you get a short, relevant string, but every single visitor must connect over HTTPS. That constraint shapes pricing, availability, and how people trust your site.
The extension is managed by Charleston Road Registry, a Google subsidiary. It is not a country code. It is a generic top-level domain with one unusual rule baked into every modern browser.
The HTTPS-Only Lockdown
Every .app domain lives on the HSTS preload list. Chrome, Firefox, Safari, and Edge ship with this rule hardcoded. If someone types http://your.app, the browser upgrades the request to HTTPS before it ever hits your server. There is no way to serve unencrypted traffic.
This is not a redirect you control. It is enforced at the browser level, independent of your server headers.
For most indie hackers, this is invisible. Platforms like Vercel, Netlify, Render, and Cloudflare Pages provision free TLS certificates automatically. But if you run a raw VPS or test legacy hardware, you need a valid certificate before launch. Let's Encrypt solves this for free. Just do not expect to run a local HTTP prototype on a live .app name.
Before you point DNS to a .app domain, verify your origin responds on port 443 with a valid certificate. Browsers will not gracefully degrade to HTTP.
The upside is immediate trust. Users see a padlock without knowing why. The extension has become shorthand for software that takes security seriously.
.app domain explained: Availability and naming tactics
.com is exhausted. Common English words and short blends were claimed decades ago. .app entered general availability in 2018, so exact-match dictionary words and two-letter prefixes are still obtainable at standard wholesale prices.
A solo founder building a recipe tool might find recipe.app taken. But recipes.app, recipebox.app, or a coined term like reciply.app could be available at registration cost. Because the extension itself signals software, you can often go shorter on the left side of the dot without looking incomplete.
Here is how the landscape compares for a typical naming search across popular extensions. These figures are approximate and fluctuate by registrar, but the pattern is consistent.
| TLD | Typical retail price | Short-word availability | Brand signal | HTTPS enforcement |
|---|---|---|---|---|
.com |
$10–$15/yr |
Extremely low | Generic, trusted | Optional |
.app |
$12–$20/yr |
Moderate | Software-specific | Mandatory |
.io |
$35–$50/yr |
Low | Tech/startup | Optional |
.dev |
$15–$25/yr |
Moderate | Developer-focused | Mandatory |
Prices depend on registrar. Cloudflare Registrar sells at wholesale cost. Namecheap, Porkbun, and Squarespace Domains add modest markups. Premium dictionary words like insurance.app command five-figure prices, but standard registrations stay cheap.
Names that work well on .app tend to share a few traits:
- One or two syllables before the dot
- A clear action or category noun (
scan,budget,habit) - No hyphens or forced misspellings
Because .app is a Google-run gTLD, the namespace avoids the geopolitical risk of ccTLDs like .io or .ly. That stability matters if you plan to hold the asset for ten years.
.app domain SEO: The real ranking picture
Google’s search algorithms do not give .app a boost simply because Google runs the registry. John Mueller and the Search Relations team have confirmed that new gTLDs are treated the same as .com in core ranking. Your content, backlinks, and technical health matter far more than your extension.
That said, .app domain seo does pick up secondary benefits. The mandatory HTTPS is a confirmed lightweight ranking factor. Core Web Vitals and mobile usability are identical across TLDs, but .app removes the option to launch without encryption. You cannot accidentally ship an HTTP site and tank trust signals.
The real risk is direct navigation, not the algorithm. Some users still assume .com is the default. If a competitor owns yourbrand.com and you run yourbrand.app, you will leak type-in traffic. You may also receive misdirected email.
To protect your brand:
- Buy the
.comif it is cheap or unused, then 301-redirect it to your.app. - Make
.appyour canonical hostname in Google Search Console. - Choose a brand term unique enough that searchers do not confuse you with the
.comowner.
For software searches, the TLD itself can act as a relevance cue. A result for budgetplan.app inside a SERP full of .com and .org results signals instant intent match. That can improve click-through rate, which indirectly supports ranking.
Should I use .app domain? A founder's checklist
Not every project fits. A local bakery or accounting firm looks odd on .app. But for SaaS, mobile tools, CLI utilities, and developer products, the extension feels native.
Ask yourself a few questions before you register:
- Is the product actually software?
- Can I afford to secure the matching
.comfor redirect? - Will my audience trust a modern extension, or do they expect legacy TLDs?
- Is mandatory HTTPS acceptable from day one?
If you are a solo founder shipping a side project, .app often wins on availability and speed. You can register tonight and deploy tomorrow. There is no week-long negotiation with a domain squatter.
Enterprise-facing startups need to test email deliverability. Some corporate mail gateways still flag non-legacy TLDs. Set up SPF, DKIM, and DMARC records. Send test campaigns to Gmail, Outlook, and a few corporate Exchange servers before you print the .app address on pitch decks.
Here is a pre-launch verification sequence:
curl -I --http2 https://staging.yourapp.app
That header is redundant because .app is already preloaded, yet it covers any subdomains you add later. Better to set it once and forget it.
FAQ
Should I use .app domain if the .com is taken?
It depends on what sits at the .com. If an active competitor operates there, you risk trademark confusion and direct traffic loss. If the .com is a parked page with ads, or an unrelated blog, .app is generally safe. Always run a trademark search before you commit.
Is .app domain SEO worse than .com?
No. Google does not penalize .app or reward .com in core ranking. .app domain seo depends on the same inputs as any other extension: crawlability, content, and authority. The only caveat is user behavior. Some searchers still trust .com more in the abstract, but that bias does not alter your position in the results page.
Why does my .app site force HTTPS even without a redirect rule?
Because .app is on the browser HSTS preload list. Chrome, Firefox, Safari, and Edge ship with a hardcoded instruction to upgrade all .app requests to HTTPS. You cannot disable this with server configuration. The browser enforces the rule before it contacts your origin.
How much does a .app domain cost?
Standard registrations typically run $12–$20 per year at retail. Cloudflare Registrar charges closer to wholesale, usually around $10–$12. Premium dictionary words can cost thousands at initial registration, but most coined names and common compounds remain inexpensive.

