HSTS Browser Preloading Check ( Like SSL Labs )

[Verequies]

Would be awesome if we could add an API check to see if a site is in preloaded in browsers.

API is available here: https://hstspreload.org
An example call would be: https://hstspreload.org/api/v2/status?domain=example.com

Which should return:
{ "name": "example.com", "status": "preloaded", "bulk": true }

The 'status' entry can have values "unknown" which we can take as not preloaded, "pending" meaning its being processed and "preloaded" which obviously means its preloaded.

As for the 'bulk' entry, on my own domain, it was false for a while, and doing an SSL Labs check it returned as only in Chrome. However today I checked and the 'bulk' entry showed true, and SSL Labs shows its preloaded into Firefox, IE and Edge as well as Chrome. So I'm willing to bet thats what 'bulk' means.

This shouldn't be a difficult addition to the great test that is testssl :)

[drwetter]

Thanks @Verequies for the suggestion / reminder. I thought it was already an issue here a long while back and I lost track but actually neither is the case. :-)

Likely a user check will need --phone-out though.