"RESPONSE_Strict_Transport_Security" server variable for forcing SSL in IIS

Question

So, I've seen this solution (http://www.hanselman.com/blog/HowToEnableHTTPStrictTransportSecurityHSTSInIIS7.aspx) used in other answers and other sites, but I don't understand HOW the HSTS header is being added. I assume it has a lot to do with this:

<match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />

Could someone explain where "RESPONSE_Strict_Transport_Security" is coming from?

Full code:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP to HTTPS redirect" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
                        redirectType="Permanent" />
                </rule>
            </rules>
            <outboundRules>
                <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
                    <match serverVariable="RESPONSE_Strict_Transport_Security"
                        pattern=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="on" ignoreCase="true" />
                    </conditions>
                    <action type="Rewrite" value="max-age=31536000" />
                </rule>
            </outboundRules>
        </rewrite>
    </system.webServer>
</configuration>

Answer 1

I think I found it. From the "URL Rewrite Module 2.0 Configuration Reference":

If a server variable starts with "RESPONSE_", then it stores the content of an HTTP response header whose name is determined by using the following naming convention:

1. All underscore ("_") symbols in the name are converted to dash symbols ("-").
2. "RESPONSE_" prefix is removed

Then later in the doc:

Outbound rewrite rules in URL Rewrite Module 2.0 can be used to set new or modify existing response HTTP headers. The response HTTP headers are accessed within the outbound rules by using the same syntax as for server variables and by using the naming convention as described in Accessing Response Headers from Rewrite Rules. ... The pattern of the rewrite rule will be applied on the content of the specified response header and if the rule's pattern and optional conditions evaluates successfully then the value of that response header will be rewritten.

So the code in that example is expressing, "if the Strict-Transport-Security response header has any value (.*), including undefined, rewrite the value to max-age=31536000 (if the condition is met).