HSTS Preloading is a way for web hosts to enforce the use of SSL/TLS on their site by putting directly on browser information that specific web site uses HTTPS protocol only. This global list is maintained by Google and is used by Chrome, Firefox and Safari. Google, Facebook, Gmail, Twitter and PayPal implement HSTS. These sites do not depend on the HSTS response headers to enforce security. Instead, the browsers are already aware that particular domain name requires the use of HTTPS protocol only and pushes HSTS before any connection or communication even takes place. Read in our blog "How to Enforce HTTPS with Strict Transport Security" and HSTS preload.