HSTS isn't a protocol, it bascailly a flag that tells a browser to only use TLS to connect to a specfic domain. It normally does require one successful connection for the server to tell it, but both chrome [0] and firefox [1] have a list of sites built-in so that even the first time they connect they'd be TLS.