@bb1
I dont think IEXP does HSTS in the first place, not forgetting thatunless a site is visited via HTTPS AND trusted, HSTS wont enable.
@jackpixley you might consider also redirecting firefox even on XP since firefox does its own security and should have no problem whatsoever in LE certs.
@ both of you:
be advised that this is susceptible to MITM, because of the flash of HTTP at the start.