Improve HSTS documentation

Ref: https://github.com/h5bp/server-configs-apache/pull/196

h5bp/security/strict-transport-security.conf

@@ -2,42 +2,37 @@
 # | HTTP Strict Transport Security (HSTS)                              |
 # ----------------------------------------------------------------------
 
-# Force client-side SSL redirection.
+# Force client-side TLS (Transport Layer Security) redirection.
 #
 # If a user types `example.com` in their browser, even if the server redirects
 # them to the secure version of the website, that still leaves a window of
 # opportunity (the initial HTTP connection) for an attacker to downgrade or
 # redirect the request.
 #
-# The following header ensures that browser will ONLY connect to your server
+# The following header ensures that browser only connects to your server
 # via HTTPS, regardless of what the users type in the browser's address bar.
 #
-# (!) Be aware that this, once published, is not revokable and you must ensure
+# (!) Be aware that Strict Transport Security is not revokable and you
-#     being able to serve the site via SSL for the duration you've specified
+#     must ensure being able to serve the site over HTTPS for the duration
-#     in max-age. When you don't have a valid SSL connection (anymore) your
+#     you've specified in the `max-age` directive. When you don't have a
-#     visitors will see a nasty error message even when attempting to connect
+#     valid TLS connection anymore (e.g. due to an expired TLS cerfiticate)
-#     via simple HTTP.
+#     your visitors will see a nasty error message even when attempting to
+#     connect over HTTP.
 #
-# (!) Remove the `includeSubDomains` optional directive if the website's
+# (1) Preloading Strict Transport Security.
-#     subdomains are not using HTTPS.
+#     To submit your site for HSTS preloading, it is required that:
+#     * the `includeSubDomains` directive is specified
+#     * the `preload` directive is specified
+#     * the `max-age` is specified with a value of at least 31536000 seconds
+#       (1 year).
+#     https://hstspreload.org/#deployment-recommendations
 #
-# (1) If you want to submit your site for HSTS preload (2) you must
-#     * ensure the `includeSubDomains` directive to be present
-#     * the `preload` directive to be specified
-#     * the `max-age` to be at least 31536000 seconds (1 year) according to the
-#       current status.
-#
-#     It is also advised (3) to only serve the HSTS header via a secure
-#     connection.
-#
-# (2) https://hstspreload.org/
-# (3) https://tools.ietf.org/html/rfc6797#section-7.2
-#
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
 # https://tools.ietf.org/html/rfc6797#section-6.1
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
 # https://www.html5rocks.com/en/tutorials/security/transport-layer-security/
 # https://blogs.msdn.microsoft.com/ieinternals/2014/08/18/strict-transport-security/
+# https://hstspreload.org/
 
 add_header Strict-Transport-Security "max-age=16070400; includeSubDomains" always;
-# (1) or if HSTS preloading is desired (respect (2) for current requirements):
+# (1) Enable your site for HSTS preload inclusion.
 # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;