Currently the site is constrained by it's platform (Cloudfront) and cannot support sending the HTTP Strict Transit Security headers. This means:

1. We are out of full compliance with the Federal HTTPS policy
2. We cannot remain (and indeed have been removed from) the preload list on all major browsers.
3. We cannot guarantee a purely secure connection for our users. HTTP requests are still redirected to HTTPS, but not until after first making a complete HTTP request.

Unfortunately because this is a limitation imposed by Cloudfront, we cannot fix this until Amazon supports it. We should keep an eye on this feature and enable it for at least this site, if not all Federalist sites, when it is supported.

@konklone, please feel free to clarify if I got anything wrong here.