You can specify a whitelist of trusted domains (ex. yourdomain.com) that are safe for redirects and embedding.
Specify one domain per line. Use * for wildcard matches.
We recommend starting with a max age of 1 week and then increasing it to 1 month then 1 year once you see your site works as expected.
When enabled, this rule applies to all of your site's subdomains as well.
Warning: Only enable this feature if you are sure all your subdomains are configured for HTTPS with valid certificates.
Warning: It's great to support HSTS preloading as a best practice. However, you must submit your site to hstspreload.org to ensure that it is successfully pre-loaded (i.e. to get the full protection for the intended configuration).