Literally the entire point of HSTS is to allow websites to communicate to browsers that they can only be loaded in a valid TLS session. It's a defense against TLS-stripping. If you turn that on for your blog, that's on you. Serious question: what could they be "overloading" about HSTS here? What other purpose do you think it had?