aeeble

Website administrators and security professionals can submit their domains to the HSTS Preload List, a list of sites that are hardcoded into browsers to enforce HTTPS connections. This service helps protect against protocol downgrade attacks and ensures a secure browsing experience.

What is HSTS?

HTTP Strict Transport Security (HSTS) is a mechanism that allows websites to instruct browsers to only access the site over HTTPS. HSTS is supported by most major browsers and is defined in RFC6797.

Benefits of HSTS Preloading

HSTS preloading provides an additional layer of security by ensuring that browsers will only connect to the site over HTTPS, even on the first visit. This prevents on-path attackers from downgrading the connection to HTTP.

Submission Requirements

To be accepted into the HSTS Preload List, a site must:

1. Serve a valid certificate.
2. Redirect from HTTP to HTTPS on the same host.
3. Serve all subdomains over HTTPS.
4. Serve an HSTS header on the base domain for HTTPS requests with a max-age of at least 31536000 seconds, includeSubDomains directive, and preload directive.

Instructions

1. Ensure your site meets the submission requirements.
2. Use the submission form on the website to request inclusion in the HSTS Preload List.
3. Monitor your site's status and ensure continued compliance with the requirements to avoid removal.