How to add your website to Google Chrome’s preload list.

Now that you have HSTS setup you should submit your site for inclusion into the Google Chrome’s preload list. This same list is also included in Firefox, IE, and Safari.

  1. Setup HSTS
  2. Visit the Chrome preload list website and submit your site.
  3. Wait, this will take weeks if not months.

Chrome preload list has the following requirements:

  1. Have a valid certificate.
  2. Redirect all HTTP traffic to HTTPS—i.e. be HTTPS only.
  3. Serve all subdomains over HTTPS, specifically including the www subdomain if a DNS record for that subdomain exists.
  4. Serve an HSTS header on the base domain for HTTPS requests:
    1. Expiry must be at least eighteen weeks (10886400 seconds).
    2. The includeSubDomains token must be specified.
    3. The preload token must be specified.
    4. If you are serving an additional redirect from your HTTPS site, that redirect must still have the HSTS header (not the page it redirects to).Lucas Garron

Was this article helpful?

Related Articles