Now that you have HSTS setup you should submit your site for inclusion into the Google Chrome’s preload list. This same list is also included in Firefox, IE, and Safari.
- Setup HSTS
- Visit the Chrome preload list website and submit your site.
- Wait, this will take weeks if not months.
Chrome preload list has the following requirements:
- Have a valid certificate.
- Redirect all HTTP traffic to HTTPS—i.e. be HTTPS only.
- Serve all subdomains over HTTPS, specifically including the www subdomain if a DNS record for that subdomain exists.
- Serve an HSTS header on the base domain for HTTPS requests:
- Expiry must be at least eighteen weeks (10886400 seconds).
- The includeSubDomains token must be specified.
- The preload token must be specified.
- If you are serving an additional redirect from your HTTPS site, that redirect must still have the HSTS header (not the page it redirects to).Lucas Garron