We should add the WMCS domains, toolforge.org, wmcloud.org and wmflabs.org to the HSTS preload list: https://hstspreload.org/
To be eligible, we need to add the includeSubDomains and preload directives to the HSTS header.
All 3 domains are on the publicsuffix list, so the web form doesn't work and someone will need to manually contact them, see https://hstspreload.org/#tld