Want to up your TLS game? Already have your domain setup with HSTS (HTTP Strict Transport Security), which prevents browsers from being tricked into downgrading? What about that very first connection?
It turns out there is a a list. A special list. An elite list. You can put your domain on it here at hstspreload.org. Once on this list, the browsers are shipped with a file that automatically forces them to *only* talk to your site via HTTPS.
And that is a good thing. If you care about your end users, go all in on TLS. Get on the list, and you’ll never worry about one of your systems getting downgraded, or a new host getting exposed
in the clear