HSTS preloading for torproject.net
I hope this is the correct place to report this.
To protect users from sslstrip type of attacks HSTS preloading is the best way to go when aiming for a broad coverage.
Unlike torproject.org, torproject.net is currently not covered by HSTS preloading:
If for some reason it is not possible to enable HSTS preloading on torproject.net, the next best thing is to submit all domains that support HTTPS to HTTPS-Everywhere https://github.com/EFForg/https-everywhere/blob/master/src/chrome/content/rules/Torproject.xml