HSTS preload and requisites on domain – subdomains must be added too?

I found that the security header for protection against mitm attacks in first connection is to implement HSTS preload directive and add the list of google: https://hstspreload.org/

However the requisites to do that is to include all subdomains of the domain given. This makes a problem to websites that are really big, they just want to preload the domain and not the subdomains…

1)is there any way to make this work? 2) does the preload of the domain preloads subdomains too? i may be getting all wrong


personal example/experience:

i was doing pentesting against a website example.com and it was preloaded and added to the hstspreload list, however i found that vulnerable.example.com subdomain didn’t have HSTS header and it wasn’t preloaded, so of course it was vulnerable to mitm attacks, but how? it had the domain preloaded, and to add it there you need to add subdomains too… so was this an exeption or what happened here?