Nimbostratus
AdminThis is really interesting, thanks for posting. The good news is that you can accomplish most all of this by simply forcing every request through an SSL enabled virtual server. You can force any non-https request to that VS address back over to the SSL enabled VS. Also, stream profiles can rewrite non-https references for you on the fly.
I'm not saying that this is a superfluous concept at all, but it seems that with an ADC you can actually enforce much of this behavior so you're ahead of the game before you've even started. As far as inserting the header, I agree that this looks totally possible.
-Matt
This assumes all traffic goes through an F5 BIG-IP. Yes, we can do that, but not all appliances can. Maybe this std is to protect users who deploy "the other guy?" Just a little early Monday humor, folks, no need for flames...