Elite HSTS — preload + includeSubDomains + max-age >= 1 year

Your site has an elite HSTS (HTTP Strict Transport Security) configuration — it includes the preload flag, covers all subdomains, and sets a maximum age of at least one year. This means browsers are told never to connect to your site over unsecured HTTP. This is the strongest HTTPS enforcement available. It protects visitors even on their very first visit by ensuring the browser will only ever connect securely, and the preload flag means this protection is built into browsers before users even reach your site. Keep it up. Check periodically that your domain remains on the HSTS preload list at hstspreload.org, and make sure any new subdomains are set up for HTTPS before they go live — since includeSubDomains means they are covered by this policy.