[xg15]

Sorry for the lack of knowledge, but what is actually contained in the preload lists? Just a flag "force TLS and activate HSTS" or also a certificate pin?

I.e., could you actually use your own certificate for a .dev site or would the browser only accept Google's?

[CydeWeys]

We are only use certificate pinning for .google. The only requirement on any of the other TLDs is that you must have an SSL certificate and serve over HTTPS.