Did you happen to RTFA, in which the author specifically mentions HSTS preloading--helpfully styled as a bold, underlined, bright blue link--in the second paragraph? If you manage to then get to the third paragraph, a concise and compelling reason is given for why it's not applicable in the scenario the author is examining.

That works for browsers but I doubt any non-browser HTTP clients (e.g. curl and wget) or HTTP library (e.g. Python requests lib) will check the HSTS preload list.

In fact if they do follow HSTS headers, a simple `Strict-Transport-Security: ...; preload` would have fixed the issues mentioned in the article.

Is the HSTS preload list used by anything other than browsers? I'd expect it to be minimally useful for an API.

Please look into the myriad scenarios in which HSTS is not honoured.

As usual, any comment stating that people should “just” do x, is wrong.