A vulnerability scanner is returning "HSTS Missing From HTTPS Server" when scanning the Enforce server.

Data Loss Prevention Enforce (versions 15.8.x, 16.0.x)

The base Tomcat site does not require HSTS to be enabled.

DLP uses Strict-Transport-Security from the "ProtectManager" sub-domain of the DLP Enforce Management Console.

https://<Enforce server>/ProtectManager which is where Enforce Console access (UI) portal landing page begins.

Retest vulnerability scan from the Enforce UI landing page: https://<Enforce server>/ProtectManager

Confirm HSTS is in place once the Enforce console webpage loads.