The EM Jetty is locked down to HTTPS only, but responds to HTTP request and returns "P". Our Security Team is flagging this as a "Strict-Transport-Security HTTP Header missing on port".
If the EM Jetty responds to HTTP request when disabled, we need this updated to follow HTTP Strict Transport Security or disable HTTP response.
Release : 10.7.0
Component : APM Agents
This is resolved in HF61
DE434288 - 20068181-Security vulnerabilities in Jetty (EM/WV,APMSQLServer, jetty
9.4.11-2 upgraded to 9.4.27)