There still appears to be a common configuration that cannot be made compliant to the HSTS preload standard in Netlify where the apex domain redirects to a subdomain via a primary domain redirect.
If a site’s apex domain https://example.com redirects to a subdomain, e.g., https://www.example.com, then the HSTS preload standard requires the apex domain response to return the preload HSTS header: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, where max-age is >= 31536000.
As far as I can tell, this cannot be accomplished using Netlify because the HSTS header served on primary domain redirects appears to be hardcoded to Strict-Transport-Security: max-age=31536000, which is missing the HSTS preload standard includeSubDomains and preload directives.
If my understanding above is correct, can Netlify please provide a method for primary domain redirects to be compliant with the HSTS preload standard?