Nick Harper

I think mentioning i18n is a bit too specific. The [Deployment Recommendations](https://hstspreload.org/#deployment-recommendations) mentions adding the Strict-Transport-Security header to all HTTPS responses. Would it help to clarify that by adding "including...

This appears to be a duplicate of https://github.com/chromium/hstspreload/issues/107.

From reading that thread, we might want to consider using https://github.com/weppos/publicsuffix-go, which is updated more frequently.

I don't think the hstspreload tool needs to specify its own UA. In general, I don't like servers sniffing UA strings.

If we want to change the UA string from the default golang string, we could also consider scanning using a few common UA strings from browsers. This way the behavior...

> The outbound scans used by hstspreload.org and the bulk updates to check for preloading eligibility have started to be blocked by several CDNs' spam/fraud detection. These CDNs only offer...

It's not clear to me what issue with this codebase you're trying to report. 301 (Moved Permanently) and 308 (Permanent Redirect) are the only permanent HTTP status codes for redirects....

I think that https://github.com/chromium/hstspreload.org/pull/195 will fix this issue.

https://github.com/chromium/hstspreload.org/commit/1f19c7f3b0e3b988cf349598e9eb4ed09e3863d0 made some changes to support python3, so this PR has merge conflicts with that commit. If this PR is still relevant (the .pylintrc and .style.yapf probably still are relevant),...

It looks like those instructions apply only to GCE resources, and don't apply to app engine flex (I can't configure GAE flex VMs). The internal bug is still open for...