The preload directive is not actually part of the specification, but it is in wide use and there’s already a mechanism for adding the directive to the Strict-Transport-Security response header. The directive requires that the includeSubDomains directive be set, and although the ‘main’ HSTS Preload list parses the header right regardless (as it should!), these directives should probably be appended in that order as a just-in-case.
The
preload
directive is not actually part of the specification, but it is in wide use and there’s already a mechanism for adding the directive to theStrict-Transport-Security
response header. The directive requires that theincludeSubDomains
directive be set, and although the ‘main’ HSTS Preload list parses the header right regardless (as it should!), these directives should probably be appended in that order as a just-in-case.