I need to access some images and JS files through HTTP, but if I enable HSTS with add_header Strict-Transport-Security "max-age=31536000";, all files are served forcibly through HTTPS.
So I used add_header Strict-Transport-Security "max-age=0;".
Is there a method for accessing the files through HTTP with HSTS enabled?
HSTS is not a redirect: you'll have to redirect HTTP to HTTPS first, then the HSTS header tells your browser to never go back to HTTP. So that's its very purpose. If you have HSTS, you don't provide anything over HTTP.
You mentioned you need this for some images ja JavaScripts. However, if your site is on HTTPS, browsers shouldn't trust external resources via HTTP. Especially it would be dangerous to load JavaScript over HTTP to a TLS protected site: the script could be modified to expose data inside the protected connection.
If you need to provide static content outside the site, you could use a subdomain. As you haven't set includeSubDomains in you HSTS header, it doesn't get applied to subdomains. You can still have static.example.com/path/to/image.jpg served over HTTP.
