methodology / Security & Infrastructure / #26
HSTS preload list inclusion
#26 · Recommended · Web Quality · weighted · Security & Infrastructure · weight 0.7% · impl implemented · method v1.2.0
Web Quality factor
This factor is part of Web Quality — the weighted 0..100 score that sits above Web Standards. Its weight depends on what kind of site is being measured. Web Standards items take priority; this factor only enters the score once Web Standards passes.
- Base weight
- 0.5 applied to every site type unless overridden below
- Why this weight
- HSTS preload list inclusion is a strong signal but requires committing to HTTPS-only forever.
Per-site-type overrides
| Site type | Weight | Δ vs base |
|---|---|---|
| E-commerce | 0.8 | +0.3 |
| Government | 1.0 | +0.5 |
| SaaS / Product | 0.7 | +0.2 |
Site types not listed inherit the base weight.
What this means for your business
An opt-in list shipped inside Chrome, Safari, and Firefox themselves. Once your domain is on it, browsers will never let a visitor fall back to an unencrypted connection — even before they've ever visited you.
Plain title: Your site is on the browser-baked-in safe list
What we measure
When your domain is on the HSTS preload list, browsers refuse to ever connect over HTTP — eliminating downgrade attacks entirely. The strongest possible HTTPS guarantee.
How to improve your score
Set `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`, then submit at hstspreload.org.
Facts
When this applies
HSTS preload requires header control + a passing security-headers result; one or both is missing here.
- Requires a passing result on factor(s): #4.
- Marked n/a when the detected platform doesn't support canSetCustomHeaders (e.g., Squarespace and Wix can't set custom HTTP headers, so factor #4 becomes n/a there).
Scoring
Scoring formulas are versioned with the methodology. The current method (v1.2.0) maps raw measurements to pass, warn, fail. Factor weights determine how much each contributes to the composite — see the methodology index for the full table.
Cited by these standards
Standards in the Standards Library whose satisfiedBy requirement tree references this factor. Each link goes to the standard's full entry — methodology, scope, and the other factors it relies on.
Version history
| Version | Change | Date |
|---|---|---|
| v1.2.0 | Factor introduced. Status: live. Scoring impl: implemented. | 2026-04-25 |