Description
With new release v1.1.0 a STSPreload feature was required with #45 and introduced with e944b63.
When using DefaultConfig() function where currently
STSIncludeSubdomains: true,
STSPreload: true,are present, the resulting header will be Strict-Transport-Security: max-age=315360000; preload. This does not follow the syntax described in MDN Web docs or in HSTS Preload site. The string should be appended instead of replaced, which will result in correct behaviour looking like Strict-Transport-Security: max-age=315360000; includeSubDomains; preload.
Additionally HSTS Preload site strongly argues, that preload should not be used as default, saying:
If you maintain a project that provides HTTPS configuration advice or provides an option to enable HSTS, do not include the preload directive by default.
With that said, I would suggest having it only as a option, but not as a part of DefaultConfig() function.
If the STSPreload will stay as a part of the DefaultConfig() function, it should be added into the function documentation.