In addition to $lang.m.wikipedia.org and $lang.zero.wikipedia.org (which are fine!), we also have $lang.wap.wikipedia.org and $lang.mobile.wikipedia.org. These latter two seem to be apache-level rewrites (rather than redirects) to $lang.m.wikipedia.org at https://github.com/wikimedia/operations-puppet/blob/production/modules/mediawiki/files/apache/sites/redirects/redirects.dat#L484 . From my desktop browser they appear equivalent to .m., but perhaps there are still hacks in place for WAP on special user-agents?
These subdomains are not compatible with our TLS certs, so it's a problem that blocks HSTS-preload for wikipedia.org indirectly. My understanding is they're intended to be deprecated going forward, in which case perhaps we can just hurry up plans for their demise?