HSTS preload checker

Why preload? Without preload, the first HTTP request to a new browser/device is still vulnerable to SSL strip. Preload bakes the HSTS promise into Chrome (and downstream browsers) so the FIRST connection is HTTPS too. Once you commit, removal takes months — verify every subdomain serves HTTPS first.