Security

HSTS Preload

Hardcodes 'always HTTPS' for your domain into every major browser. The strongest possible HSTS posture.

Authority: Chromium / Google
Version: Chromium preload list
Jurisdiction: Global
Source: hstspreload.org
Last reviewed: 2026-04-28
Last verified: pending

What it is

A list maintained by Chromium and adopted by Firefox, Safari, Edge, and Opera. Domains on it are always loaded over HTTPS — no first-visit downgrade window.

Why it matters

Eliminates the trust-on-first-use gap in vanilla HSTS. Required for finance, healthcare, and any site where a single MITM at first visit is unacceptable.

Who it applies to

Sites that have committed to HTTPS-only forever (preload removal can take months).

How WQI scores it

Web Quality Index considers this standard satisfied when the supporting factor passes.

#	Factor	Status
26	HSTS preload list inclusion	planned

0 of 1 supporting factors are currently collected. Sites where the remaining 1 haven't been measured will show as partial or unknown on this standard until the data lands.

Related standards

Requires: HSTS
See also: Security headers , TLS 1.2+

Other references

rfc RFC 6797 — HSTS
tooling Chromium HSTS preload submission form