TLD included in HSTS preload list

HSTS preload list

• https://hstspreload.org/ "Owners of gTLDs, ccTLDs, or any other public suffix domains are welcome to preload HSTS across all their registerable domains. This ensures robust security for the whole TLD, and is much simpler than preloading each individual domain."

News

Two TLDs, months apart, declared "first" by Liam Tung on zdnet.com

• 2017-09-28: Google to place all its TLD on the list https://www.zdnet.com/article/google-heres-why-were-putting-all-our-top-level-domains-on-forced-https-list/
  • "Ben McIlwain, a software engineer for Google Registry, explains that .google became the first TLD to join the HSTS preload list."
• 2018-05-01: "Because .app will be the first TLD with enforced security made available for general registration, it’s helping move the web to an HTTPS-everywhere future in a big way." https://blog.google/technology/developers/introducing-app-more-secure-home-apps-web/
• 2018-05-02: "Google: Our new .app domain is first to bake in HTTPS to make browsing safer" https://www.zdnet.com/article/google-our-new-app-domain-is-first-to-bake-in-https-to-make-browsing-safer/