• About
    • History of Dallas SEO
  • Contact
  • Topics
    • Bing
    • Blogging
    • Branding
    • Domain Names
    • Google
    • Internet Marketing
    • Link Building
    • Local Search
    • Marketing
    • Public Relations
    • Reputation Management
    • Search Engine Marketing
    • Search Engine Optimization
    • Search Engines
    • Social Media
    • Tech
  • Advertise
  • Services
    • Search Engine Optimization
    • Ongoing SEO Services
    • SEO Expert Witness
    • Google Penalty Recovery
    • Mini SEO Audit
    • Link Audit
    • Keyword Research
    • Combine Websites SEO Services
    • PPC Management
    • Online Reputation Management
    • Domain Name Consultant
    • Domain Names & Expired Domains
    • Domain Name Appraisal

Bill Hartzer

GoDaddy Airo: Register your .com domain name today!
Home » Google » Moved To HTTPs? Get on the HSTS Preload List for Chrome

Moved To HTTPs? Get on the HSTS Preload List for Chrome

Posted on September 27, 2017 Written by Bill Hartzer

HSTS preload list

As you are well aware by now, I moved this site to HTTPs (a secure SSL site) back a few years ago when Google announced that HTTPs is, in fact, a search engine ranking factor. Google has announced that they’re making HSTS (HTTP Strict Transport Security) the default on all of the Google-owned TLDs, starting with .dev and .foo. This is really good news, as any domain name on those TLDs (Top Level Domains) will be secure and using HTTPs URLs.

Starting in October, Google Chrome will begin to show warnings to users that a website is not secure when they fill out a form on your website. Firefox already does this, but there’s an additional need to move your website to HTTPs immediately. If you haven’t moved your website to HTTPs yet, then contact me and I can help you move to HTTPs.

Google’s announcement on their blog announces the HSTS preload list:

Earlier this year we announced that Chrome will start displaying warnings on insecure sites, and we recently introduced fully managed SSL certificates in App Engine. And today we’re proud to announce that we are beginning to use another tool in our toolbox, the HTTPS Strict Transport Security HSTS preload list, in a new and more impactful way.

Well, in Google’s announcement, they also have set up a pre-load list for the Chrome web browser. That means that if your domain name complies with the necessary guidelines and requirements, then you can submit your domain name to the Chrome pre-load list. The domain names on this list are hard-coded into Google Chrome. This is something that you’ll want to do–which could be even more of a “trust signal” for Google. If I were Google, I would trust domain names on this list more than other domain names that are NOT on the list. But, that’s just me. I don’t know what Google is going to do.

So how do you get your domain name on the HSTS preload list so your domain name is hard-coded into Google Chrome? Here’s what you need to do:

  1. First, make sure your website is HTTPs and has a valid SSL certificate installed. If you’re wanting to do this on the cheap, then use a site like Cloudflare.com to cache your site and get your domain name a free SSL certificate.
  2. Go to https://hstspreload.org/ and check your domain name. If it’s valid, and set up properly, and meets the requirements, you’ll be able to agree to the terms, check the boxes, and submit your domain name.
  3. If you get a warning, then you’ll need to look at the warnings that you’re getting. The site should give you some indication of what you’ll need to do.

One of the warnings I received for my domain name was that the max-age wasn’t set up properly. There are a ways to deal with this: have your developer or web host fix the max-age setting on your site’s headers. If you’re comfortable enough, with editing your .htacess file (on a unix server) then you can add the max-age lines of code to the .htaccess file and you should be set to go.

Another option, which made it easy for me, was to set up HSTS on Cloudflare. I have a SSL certificate on my domain and on my host’s domain, and Cloudflare. I was able to go in and set up the HSTS properly so that it has the max-age setting as well as the other redirects required.

On Cloudflare, do this to set up the HSTS properly so that you can submit your domain to the HSTS preload list:

  1. Log into Cloudflare and select your domain.
  2. Select Crypto.
  3. On SSL, choose Full (strict).
  4. On Always Use HTTPs, turn it ON.
  5. On HTTP Strict Transport Security (HSTS), click Change HSTS Settings.
  6. Here’s what I have set for these settings:

    HSTS Cloudflare settings

    Status: On
    Max-Age: 12 months
    Include subdomains: On
    Preload: On
    No-sniff: On

  7. I also have “Automatic HTTPS Rewrites” turned ON, so that any requests to HTTP on my domain get redirected to HTTPs automatically.

Once you completed those steps on Cloudflare (assuming that you already have your domain set up there and you’re using it), then you should be able to immediately go on over to the preload website and submit your domain. When I did this, it immediately was accepted and went through.

As I mentioned, I recommend that you set up HSTS and make sure it’s set up properly by submitting it to the pre-load website. This way your domain name will be hard-coded into Google Chrome as one that is fully HTTPs.

Filed Under: Google

About Bill Hartzer

Bill Hartzer is the CEO of Hartzer Consulting and founder of DNAccess, a domain name protection and recovery service. A recognized authority in digital marketing and domain strategy, Bill is frequently called upon as an Expert Witness in internet-related legal cases. He's been sharing insights and research here on BillHartzer.com for over two decades.

Bill Hartzer on Search, Marketing, Tech, and Domains.

Recent Posts

  • Metricool Brings Real Analytics to Personal LinkedIn Profiles July 8, 2025
  • This Cleveland Agency Found a Smarter Way to Rank in Every Suburb—Without Opening More Offices July 8, 2025
  • Survey: Gen Z Reuses Passwords but Demands Bank-Level Security From Small Businesses July 8, 2025
  • Liftoff Reveals What’s Actually Working in Mobile Ads July 7, 2025
  • EasySend’s Big Move: AI Tools That Make Static Forms Obsolete July 7, 2025
  • Is Social Media Failing Small Businesses? New Survey Reveals a Hidden Blind Spot July 7, 2025
  • Why Cloudflare’s Pay Per Crawl Is a Trap for 99% of Websites July 2, 2025
  • The Hidden Risk of Double Letters in Brand and Domain Names July 2, 2025
  • GEO Verified™ Launches to Help Brands Survive the AI Search Shakeup July 1, 2025
  • RetailOnline.com Hits the Market After 25 Years—And It’s Built for the Future of E-Commerce July 1, 2025
  • AI-Powered Task Planning: The Future of Business Efficiency and Personal Productivity June 30, 2025
  • New Yoast Add-On Turns Google Docs Into an SEO Power Tool June 26, 2025
  • Simon Data Flips the Script on Marketing with AI Agents June 26, 2025
  • IAB Lays Down the Law for Gaming Ads—Here’s What Brands Need to Know June 26, 2025
  • Google Review Extortion Text Message – Scam Warning for Business Owners June 25, 2025
  • Google Names SearchKings Top AI Innovator for Transforming Lead Quality June 24, 2025
  • Marketing Exec Buys Social Media Firm in Deal That Signals Big Plans June 24, 2025
  • Amsive Takes on ChatGPT and Gemini with Next-Gen SEO for the AI Search Era June 23, 2025
  • Reddit Sued After Google’s AI Overviews Allegedly Gutted Traffic June 19, 2025
  • Globant Unleashes FUSION: AI Marketing Agents Built to Do the Work June 18, 2025

Hartzer Domains

Bare-Metal Servers by HostDime

DFWSEM logo

Bill Hartzer is a Brand Ambassador for:

Industry Friends

I Love SEO
WTFSEO
SEO By the Sea
Brian Harnish
Jeff Lenney
Jeff Gabriel
Scott Hendison
Dixon Jones
Brian Hartzer
Navah Hopkins
DNAccess
SEO Dallas
Confirmed Stolen

Connect With Bill Hartzer

Bill Hartzer on Twitter
Bill Hartzer on BlueSky
Bill Hartzer on Instagram
Hartzer Consulting on Facebook
Bill Hartzer on Facebook
Bill Hartzer on YouTube

Categories

  • Advertising (109)
  • AI (201)
  • Bing Search Engine (8)
  • Blogging (43)
  • Branding (19)
  • Domain Names (315)
  • Google (260)
  • Internet Marketing (51)
  • Internet Usage (95)
  • Link Building (53)
  • Local Search (63)
  • Marketing (232)
  • Marketing Foo (34)
  • Pay Per Click (9)
  • Podcast (19)
  • Public Relations (9)
  • Reputation Management (14)
  • Search Engine Marketing (46)
  • Search Engine Marketing Events (60)
  • Search Engine Marketing Firms (93)
  • Search Engine Marketing Jobs (33)
  • Search Engine Optimization (189)
  • Search Engines (223)
  • Social Media (302)
  • Social Media Marketing (58)
  • Tech (16)
  • Web Analytics (21)
  • Webinars (1)

Note: All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only, and are mentioned only to help my readers. All other trademarks cited herein are the property of their respective owners. Use of these names, logos, and brands does not imply endorsement.

 

Hartzer Consulting

Website, Content, and Marketing by Hartzer Consulting, LLC.

Disclaimer - Privacy Policy - Terms of Use

Copyright © 2025 ·