# HSTS Preload List Submission Submit your domain to browser HSTS preload lists for strict transport security. ## Tool **[HSTS Preload](https://hstspreload.org/)** ### Requirements - Valid SSL/TLS certificate - Redirect HTTP to HTTPS - `Strict-Transport-Security` header with: - `max-age` of at least 31536000 (1 year) - `includeSubDomains` directive - `preload` directive ### Process 1. Configure HSTS headers on your server 2. Test with [SecurityHeaders.com](https://securityheaders.com) 3. Submit via [hstspreload.org](https://hstspreload.org/) 4. Monitor removal status if needed ### Important Notes - Removal from preload list can take months - Use `max-age` carefully before preload submission - Consider testing with lower `max-age` first