We force TLS with HSTS headers, and we're preloaded as HTTPS-only in modern browsers

HTTPS is great, except it doesn't work when you don't type the scheme all the way out. And who has time for that these days? We protect you when browsing our site and account management interface using the Strict-Transport-Security HTTP header, to make sure your browser does the right thing no matter how careless you are when typing URLs. Our domain is even preloaded as HTTPS-only in Chrome and other modern browsers.