A feature that we were considering is enabling HSTS (in the Secure mode) and gradually increasing the max-age over time, so that if something went wrong at the outset the administrator would be able to reverse the process without affecting clients for very long (perhaps starting with a one hour max-age, then doubling the max-age on every subsequent day?).