Sorting out HSTS preloading on my websites today. I’d started the work a while back, but got distracted midway and didn’t finish. I’m a little surprised there’s not more verification in the process that the site is ready for preloading, such as a TXT record at the domain level. I imagine they want most folks’ TLS journey to be one-way.
The thinking work I put in yesterday is paying off, and I suspect I’ll have all operational issues with my sites dealt with for the next couple of years by end-of-year. The next step is beefing up the Lighthouse scores, which are already pretty decent thanks to the work done with WebPageTest.
Package Thief vs. Glitter Bomb Trap