HTTP Strict Transport Security ([HSTS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)) preload is used to instruct browsers to always use HTTPS for your website. Browsers will initiate and connect to any site in the preloaded HSTS list through HTTPS only. The list is currently maintained by [Chromium](https://cs.chromium.org/chromium/src/net/http/transport_security_state_static.json) (GitHub mirror [link](https://github.com/chromium/chromium/raw/master/net/http/transport_security_state_static.json)) and the list is utilised by all [supported](https://caniuse.com/stricttransportsecurity) browsers. Eligible website can request to be included at [hstspreload.org](https://hstspreload.org/). In order to be accepted to the HSTS preload list through this form, your site must satisfy the following set of requirements:
1. The max-age must be at least 31536000 seconds (1 year).
2. The includeSubDomains directive must be specified.
3. The preload directive must be specified.
4. If you are serving an additional redirect from your HTTPS site, that redirect must still have the HSTS header (rather than the page it redirects to).
After enabling HSTS, you can proceed submit your website to [hstspreload.org](https://hstspreload.org/). To check current status, you can either query hstspreload.org or Chromium-maintained list,
You can use either use your origin server or Page Rules to handle the redirect; when combining with "Always Use HTTPS" feature, you only need to add the following redirect:
This website is now included in the Chromium's preload list after I submitted a [request](https://hstspreload.org/) a month ago. The list hasn't been deployed to browsers' (Chrome and Firefox) stable version yet, that may take another month or two.