The preload directive is not actually part of the specification, but it is in wide use and there’s already a mechanism for adding the directive to the Strict-Transport-Security response header. The directive requires that the includeSubDomains directive be set, and although the ‘main’ HSTS Preload list parses the header right regardless (as it should!), these directives should probably be appended in that order as a just-in-case.
The
preloaddirective is not actually part of the specification, but it is in wide use and there’s already a mechanism for adding the directive to theStrict-Transport-Securityresponse header. The directive requires that theincludeSubDomainsdirective be set, and although the ‘main’ HSTS Preload list parses the header right regardless (as it should!), these directives should probably be appended in that order as a just-in-case.