When .com is taken, panic sets in. Should you grab .io, .ai, .dev, .app, .co, .xyz? Each carries baggage — pricing, audience expectations, spam associations, registration restrictions. This walks through the decision honestly so you can spend the $12 once and not regret it in year two.
Background
There are now over 1500 TLDs. Browsers, email clients, and search engines treat most of them equally — there is no SEO penalty for non-.com. But humans treat them very differently. Some TLDs ($45+) renew at prices that hurt at scale. Some have spam reputations. Some are tightly scoped — .dev and .app are on the HSTS preload list, which means HTTPS is mandatory, not optional. Pick deliberately.
How to tell
.comis taken at any reasonable price — time to evaluate alternatives.- Your audience is highly technical —
.dev,.io,.aiare fine and even signal “we are technical”. - Your audience is general public — stick to
.com,.co, or.app. Avoid niche TLDs they have not seen. - You are budget-conscious —
.comand.apprenew cheapest..aiis the most expensive of the popular ones. - You plan to do email-heavy outreach — deliverability is slightly better on
.comand other established TLDs.
Quick verdict
Default to .com. If taken, prefer .app, .co, or .dev for tech audiences and indie products. Use .ai if your product is AI-focused and you can absorb the higher renewal. Avoid .xyz, .online, .site, .top for anything that needs trust.
Pricing snapshot (registrar-typical, 2026)
TLD First-year Annual renewal Notes
.com $11 $15 default; safest
.app $14 $20 HTTPS-only (HSTS preload)
.dev $12 $15 HTTPS-only (HSTS preload)
.co $24 $30 often confused with .com
.io $35 $50 geopolitical news risk; popular with devs
.ai $50 $80 AI-product premium; renews high forever
.xyz $1 $12 cheap entry, spam reputation
.online $1 $30 trial pricing, renews highRenewal price compounds — .ai over 10 years costs more than a premium .com.
Before you start
- Decide budget for 10 years, not just year one — renewals are where TLDs really differ.
- Test pronunciation: say the full domain over the phone.
- Have a fallback name in case both
.comand your preferred TLD are taken.
Step by step
- Try
yoursite.com. Check availability and WHOIS via CLI:
# Availability + WHOIS check
whois yoursite.com | head -20
# Domain Name: YOURSITE.COM
# Registrar: ...
# Creation Date: ...
# Registrant Email: Redacted for Privacy
# If 'Domain Status: ok' is present, it's registered.-
If taken, investigate the owner. Parked sites can sometimes be acquired via broker for $500-5000. Worth it only if the exact name is critical.
-
Generate alternatives quickly. A short script:
NAME="yoursite"
for tld in com app dev co io ai; do
for prefix in "" "use" "get" "go"; do
cand="${prefix}${NAME}.${tld}"
avail=$(whois "$cand" 2>/dev/null | grep -ci 'no match\|not found')
echo "$cand $([ "$avail" -gt 0 ] && echo AVAIL || echo TAKEN)"
done
done-
Evaluate non-
.comTLDs in order of trust:.app,.dev,.co,.ai,.io. Each is fine for the right audience. -
Check renewal price, not just first-year price. Look at the registrar’s “renewal” column, not the headline number. Some TLDs renew at 4-7x their introductory price.
-
Test the name out loud. Phone, podcast, conference. If you have to spell the TLD, friction is real.
-
Buy and lock it down. Standard registrar settings to apply on day one:
Domain registrar settings (apply once)
─────────────────────────────────────
[x] Auto-renew ← never let it lapse
[x] WHOIS privacy ← block harvesters
[x] Transfer lock ← prevent unauthorized transfers
[x] Two-factor on the account
[x] Backup contact email outside the same domain- For
.devand.app, set up HTTPS before anything else. They are HSTS preloaded — HTTP requests are rejected by the browser, period:
# verify HSTS preload status:
curl -sI https://hstspreload.org/api/v2/status?domain=yoursite.devImplementation checklist
- Domain registered at a reputable registrar (Cloudflare, Porkbun, Namecheap).
- Auto-renew, WHOIS privacy, transfer lock all enabled.
- Renewal cost recorded in a calendar reminder.
- HTTPS / SSL provisioned (mandatory for
.dev/.app). - DNS records exist before you announce the domain anywhere.
After-launch verification
whois yourdomain.tld | grep "Expir"shows expiration > 1 year out.dig +short A yourdomain.tldreturns your host’s IP.curl -vI https://yourdomain.tldreturns a valid cert and HTTP/2 200.
Common pitfalls
- Picking
.xyzfor a serious project to save $5 — the spam association will dog you for years. - Ignoring renewal cost.
.aiat $80/year times 10 years is more than a high-quality.comdomain. - Buying a hard-to-spell variant
.cominstead of an easy-to-spell.app— pronounceability beats TLD prestige. - Going
.ioand then dealing with “is.iook?” worries every 18 months when a news cycle hits. - Picking a TLD with a registration requirement you do not meet (
.usrequires US presence, some country TLDs require local entity). - Forgetting auto-renew and losing the domain to a competitor or squatter.
FAQ
- Does Google rank
.comhigher than.io?: No. Google has stated repeatedly that TLD does not affect ranking for generic TLDs. Trust and CTR may differ — but ranking is the same. - Is
.aiworth the price?: For AI-related products where the name matches, yes. For everything else, the $80/year renewal is hard to justify. - What about country TLDs like
.deor.co.uk?: Great if you target one country — Google treats them as country-specific. Bad for global ambition. - Should I buy multiple TLDs of the same name?: Only if you have a real brand to protect. Most indies are fine with one TLD until the project is established.
- What is HSTS preload and why does it matter?: Browsers know that
.devand.appare HTTPS-only and refuse HTTP. You must ship valid SSL on day one or visitors see error pages.