Domain Naming Standard
All MOJ services should be served from *.service.gov.uk
or
*.service.justice.gov.uk
domains. MOJ infrastructure or justice-wide services
may be eligible for a *.justice.gov.uk
domain.
Getting a domain
Please refer to How to get, register or manage a domain name.
Which domain do I need?
service.gov.uk
The GOV.UK service manual sets out when
and how to get a *.service.gov.uk
subdomain.
In short, *.service.gov.uk
subdomains are for public-facing services which
have passed their beta assessment.
service.justice.gov.uk
All other MOJ services should use a *.service.justice.gov.uk
subdomain.
This includes:
- public-facing services which haven’t yet passed a beta assessment (but may be in private beta)
- internal-facing services
However, cloud-hosted software-as-a-service used by MOJ staff (like Google
Workspace or Microsoft365), or on which MOJ has a corporate presence (like
GitHub or Trello) are not required to be served from a
*.service.justice.gov.uk
subdomain.
Cloud Platform and Modernisation Platform
If you’re using the Cloud Platform or Modernisation Platform to host your service, you will get a subdomain that uses the service name of the platform. These domains aren’t for production use, but will be a variation of:
*.cloud-platform.service.justice.gov.uk
, or*.modernisation-platform.service.justice.gov.uk
When your service is ready to go live, we will work with you to get a
production-ready <application>.service(.justice).gov.uk
domain.
justice.gov.uk
Only services which are core, MOJ-wide infrastructure, like email or
videoconferencing, or are otherwise applicable to users across the entire
justice system (like the intranet) can use a *.justice.gov.uk
subdomain.
Contact the Operations Engineering team to find out if your service is eligible.
Staff-facing sites
Any staff-facing sites should also use *.service(.justice).gov.uk
domain.
For example staff.prisonvisits.service.gov.uk
is the staff-facing side of
www.prisonvisits.service.gov.uk
.
Non-production environments
This standard includes non-production environments. For those, use this domain naming pattern:
<application>.<environment>.<service-name>.service(.justice).gov.uk
For example: staff.staging.prisonvisits.service.gov.uk
.
This pattern makes the relationships between domains clear, grouping environments by service and applications by shared environment.
Non-production environments and hosted prototypes should also use authentication (such as HTTP basic auth) to prevent public users who come across them thinking they’re real.
Non-production environments can also use different styling as a way of making it clear to users which environment they’re in - but that’s more useful for people working on the service to not modify data in production than to keep users out. GOV.UK publishing apps do this, for example compare GOV.UK Signon in their Staging and Production environments.
Welsh language versions of sites and domain naming
Services funded by the Welsh Government can apply for a .llyw.cymru and .gov.wales domain. This doesn’t apply to most services using *.service.justice.gov.uk
or *.justice.gov.uk
domains.
If you are hosting a Welsh language version of your service you would still use your current registered domain. Any Welsh language pages should be handled at an application level, rather than having Welsh language in the domain name.
For example the Welsh language version of magistrates.judiciary.uk
should be magistrates.judiciary.uk
, not ynad.judiciary.uk
.
Non .gov.uk
domains
Domains that don’t end in .gov.uk
should not be used for MOJ services.
If you use one, please refer to How to get, register or manage a domain name. The Operations Engineering team will provide
you with a .gov.uk
domain as set out above, and will help you deprecate your
old domain.
You should use a .gov.uk
subdomain, as above, for these reasons:
- Public government things should on principle be on government domains
- The ownership of a gov domain can be tracked to a government body by a member of the public
- By using .gov.uk we never have the problem that a domain’s control is lost to a previous supplier or staff member who set it up and moved on
- Domain renewals are easier to keep on top of when centralized. When the domain is not renewed, it can be bought by a squatter and used for phishing and scams
- The Service Manual says not to use the crown, New Transport font etc
if your service isn’t on a
gov.uk
domain - Unfamiliar domains look untrustworthy, putting off users including internal staff from using the service
- Normalizing the use of unfamiliar domains increases the risk of phishing
- NCSC’s Takedown Service will likely take down the site if you’re using GOV.UK Design System, the crown, New Transport font etc; and it’s not on a .gov.uk domain
- Google’s anti-phishing protection could at any time flag a site as ‘deceptive’ if it looks like a GOV.UK site but is served on a non .gov.uk domain. We’ve experienced several occasions when this happens, likely because of the use of the crown, New Transport font or “GOV.UK” text at the top left. Chrome users cannot use the site - instead they see this error:
Exemptions (where you can use a non-gov.uk
domain)
The GOV.UK Proposition
sets out an exemption criteria to use a non-gov.uk
domain.
If your service falls into What does not go on GOV.UK:
- follow the GOV.UK exemptions guidance
- request an exemption from GOV.UK
- once approved, forward the approval to the Operations Engineering team
The Operations Engineering team will then:
- work with you to register your domain
- manage renewals for the domain
- set up the domain to adhere to the MOJ’s Security Guidance