Second level domains under .dev, .foo and more that have SSL will automatically get benefits of HSTS preload list.
Google is adding more of the top level domain names it operates, including some that allow second level domain registrations by the public, to the HTTPS Strict Transport Security (HSTS) preload list.
This list is used by major browsers to automatically enforce HTTPS-secured connections to domain names that are on the list. This prevents browsers from making unsecure connections (HTTP) to sites that should be secure (https). Even though landing on HTTP will forward to HTTPS, this relay can be intercepted.
Second level domains are generally added individually to the list. This requires an extra step by site owners, and it takes a few months for updates to propagate to all browsers.
By adding an entire top level domain to the list, any website under the top level domain that has an SSL certificate activated will get the benefits of being on the preload list without submitting the second level domain individually.
Google operates a number of closed dot-brand domains, such as .google, as well as top level domains that people can register domains under (e.g. .how and .soy). As of today, the domains now on the HSTS preload list are .google, .dev and .foo.
This story has been corrected to reflect that Google has not added all of its TLDs to the list. It added two more and will add more over time.