From ffaf884570664c681a85483245b4ae190dcf7496 Mon Sep 17 00:00:00 2001
From: James Hilliard <james.hilliard1@gmail.com>
Date: Sat, 9 Apr 2016 15:07:28 -0500
Subject: [PATCH] add HSTS preload requirement for wallets

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b9a23d9e..2e9ae89a 100644
--- a/README.md
+++ b/README.md
@@ -719,7 +719,7 @@ Basic requirements:
 - No concerning bug is found when testing the wallet
 - Website supports HTTPS and 301 redirects HTTP requests
 - SSL certificate passes [Qualys SSL Labs SSL test](https://www.ssllabs.com/ssltest/)
-- Website serving executable code or requiring authentication uses HSTS with a max-age of at least 180 days
+- Website serving executable code or requiring authentication uses HSTS with a max-age of at least 180 days and is included in the [HSTS preload list](https://hstspreload.appspot.com/)
 - The identity of CEOs and/or developers is public
 - Avoid address reuse by using a new change address for each transaction
 - If private keys or encryption keys are stored online: