The 'Upgrade-Insecure-Requests' specification <https://w3c.github.io/webappsec/specs/upgrade/> suggests an optimization to sending the header, limiting it to sites that are not known canonical HSTS targets. We should implement this check and avoid adding the header when it is not needed.
<rdar://problem/26374345>
There's a FIXME for this in FrameLoader::addHTTPUpgradeInsecureRequestsIfNeeded.