[whatismyip]

HSTS is not something you can realistically implement until every path under the domain can be served via HTTPS. For the BBC this is problematic because there are hundreds of products and inter-dependencies under the bbc.co.uk/bbc.com endpoints. The amount of work required to do this is non-trivial, and not something that can be done in blanket - each product needs to test their product, its dependencies etc. There's also other issues like CDN endpoints (and the BBC uses several providers, including its own CDN), a relatively large and complex traffic management set up and the politics that comes with a relatively large organisation running a very big website.