This is what ChatGPT ("Sam") told me:
You mean HSTS, not HTSP.
HSTS = HTTP Strict Transport Security
It tells the browser:
“Always use HTTPS for this domain. Never use plain HTTP.”
So even if someone types:
the browser forces:
It also makes certificate problems stricter, so users cannot easily bypass bad HTTPS warnings.
Why we hold off
Because once enabled hard, especially with preload, it can lock the domain into HTTPS behavior. That is good later, but dangerous while server, SSL, Cloudflare, redirects, or subdomains are still being fixed.
My call
Hold off on HSTS preload for now.
Use normal HTTPS first.
Add HSTS only after AngryPages is stable.
