Preload govinfo.gov

[konklone]

I see that https://govinfo.gov and https://www.govinfo.gov both use an HSTS header, and in general govinfo.gov is a relatively new domain that I would expect to have fewer legacy internal services at subdomains of govinfo.gov that might rely on plain HTTP.

Could govinfo.gov be preloaded into browsers as HTTPS-only, as the executive branch is doing with all new .gov domains and offering as an opt-in to other new .gov domains?

This would enforce HTTPS-only at all times, even if the user has never been to govinfo.gov at all, no matter what subdomain or URL they may visit within the zone.

[jonquandt]

@konklone Good idea -- we'll add this to our backlog and see how we can prioritize it.

[jonquandt]

Currently not on the list. We will revisit this in the future. I believe the only potential blocker would be some internal subdomains, but need to verify.