List of secure websites

Note that adding your site to the HSTS whitelist in Chrome (from which Firefox, Safari, and Edge will follow) is very easy:<p><a href="https:&#x2F;&#x2F;hstspreload.appspot.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;hstspreload.appspot.com&#x2F;</a>

Better title: &quot;The Chromium Built-In HSTS Whitelist&quot;.<p>Search for &quot;noisebridge&quot;, which is right around where all the small sites start.

So all applications to the HSTS preloaded list are hardcoded in that json.<p>How big will that file get in a few years? Looks like the first addition of user submitted websites was done over a year ago.<p>I wonder how ubiquitous HTTP&#x2F;2 (TLS mandatory) will affect this.

I couldn&#x27;t find a single mainstream media website in this list. Only the Washington Post and RT are accessible through HTTPS, but no HSTS headers are provided.<p>edit: removed acronym

It it me, or does a hard-coded json file that is manually maintained and compiled-in seem like a terrible idea?<p>Couldn&#x27;t Chrome just phone home to a secure server to retrieve HSTS data every once and awhile (just like updates).