Yeah, you may not realize all the places you use the base domain plip.com (development, test, at home, Google Apps, other services) and the includeSubdomains option really breaks things across the board without any clear way to fix it except to touch every browser that has ever visited plip.com :)
For your personal stuff, or a new site, it’s not a problem, but could be a big one if you use it on a busy established domain.

James – thanks for the tip about the wrong link – it’s fixed now. I’ll check out the ssllabs.com site as I definitely need to brush up on my ciphers!

I wasn’t sure about the subdomains for HSTS. The OWASP page says, “Before enabling includeSubDomains, also consider the impact of any existing DNS CNAME records for CDNs, email services, or other 3rd party services. Since includeSubDomains will force such CNAME subdomains to https:// it’s likely the browser will throw a domain-mismatch error, which is hard to reverse because of the browser caching nature of HSTS.” I take it you’ve had problems along these lines?

This is a great resource for evaluating your ciphers list to make sure you’re not using any old crypto options vulnerable to known attacks: https://www.ssllabs.com/ssltest/

And your first link to OWASP is actually linking to ithemes.com :)