I've recently been doing some testing with HSTS headers and i think i have just spotted a slight gap in the method suggested here https://support.kemptechnologies.com/hc/en-us/articles/203915119-How-can-the-LoadMaster-set-HTTP-Strict-Transport-Security
If you have ESP configured for a virtual service this is not applied until after the pre auth is performed.
There is a limitation with the response content rules that they only apply to server responses. As the ESP authentication occurs within the LoadMaster prior to contacting the server the response rule will not apply until after the user has authenticated.
However since HSTS is designed to effect subsequent visits to the site, not the current session, you would still have the same results as long as the user is able to successfully log in. To catch these first time users who have not yet seen the HSTS flag, a traditional HTTP to HTTPS redirect on the load balancer is recommended whenever HSTS is used.