Just to add to this, I've started doing some packet captures at various points to be 100% sure that it's not an application/app server issue...
Running a tcpdump on the back-end application server, I can trace the TCP connection for my GET request, and confirm that the response returned DOESN'T have HTTPS in it.
So it looks like the F5 is doing the HTTP>HTTPS redirect...
Excerpt from the TCP dump is:
GET /Gateway-web HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: postgateway.go-aheadstaging.card.co.uk
Accept: */*
HTTP/1.1 301 Moved Permanently
X-Powered-By: Servlet/2.5
Location: http://postgateway.go-aheadstaging.card.co.uk/Gateway-web/
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Date: Mon, 16 Apr 2012 11:25:29 GMT
0
More to follow...
Gav