Update list of browsers using HSTS preload

[aitormendez]

Submit a feature request or bug report

• [x] I've read the guidelines for Contributing to Roots Projects
• [ ] This is a suggestion for new documentation
• [x] This is a suggestion for improving the current documentation
• [ ] This is a bug report
• [x] This request isn't a duplicate of an existing issue

---

Where is it?

https://github.com/roots/docs/blob/docs/trellis/ssl.md

L209

What should it say?

HSTS Preloading is a mechanism whereby a list of hosts that wish to enforce the use of SSL/TLS on their site is built into a browser. This list is compiled by Google and is utilised by Chrome, Firefox, Opera, Safari, IE11 and Edge. These sites do not depend on the issuing of the HSTS response header to enforce the policy, instead the browser is aleady aware that the host requires the use of SSL/TLS before any connection or communication even takes place. This removes the opportunity an attacker has to intercept and tamper with redirects that take place over HTTP. This isn't to say that the host needs to stop issuing the HSTS response header, this must be left in place for those browsers that don't use preloaded HSTS lists.

To ckeck the actual list:

Most major browsers (Chrome, Firefox, Opera, Safari, IE 11 and Edge) also have HSTS preload lists based on the Chrome list. (See the HSTS compatibility matrix.)

https://hstspreload.org/

[swalkinshaw]

Thanks, want to do a PR to update this?

[aitormendez]

Yes! hope I did it right. I have no experience with pull request.

https://github.com/roots/docs/pull/175

[swalkinshaw]

Closed by https://github.com/roots/docs/pull/175