Penetration test shows that HSTS Missing From HTTPS Server (OCR Server )
OCR server use Tomcat to handle the REST request sent by Detection server.
This vulnerability does not affect the OCR server.
This is a false positive since this HSTS header is required for browser clients communication.
In this communication OCR system is “Server” and DLP detection server is “Client”.
DLP detection server is not browser-based client. Hence above vulnerability does not affect OCR detection server.