exclude some requests from the redirect (and as such the HSTS header)
From the moment you set the HSTS header the browser will honor it for any endpoint not just for the one from where you sent it in a response.
The HTTP Strict Transport Security header informs the browser that it should never load a site using HTTP and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead.
Or am I misunderstanding your proposal?