[rabidsnail]

It's actually kind of a pain to enable HSTS because it makes you fix all the places where you're downgrading to HTTP. You should definitely do it if you care whether your users' sessions get hijacked, but it's not _just_ flipping a switch.

[harshreality]

Pages with http://yoursite links work seamlessly. The browser will access those via https when you click. As long as the SSL version of your site is serving the same resources, there's no problem.