A vulnerability scanner is returning "HSTS Missing From HTTPS Server" when scanning the Enforce server.
Data Loss Prevention Enforce
The base Tomcat site does not require HSTS to be enabled.
DLP does implement Strict-Transport-Security - but only from the "ProtectManager" sub-domain of the DLP Enforce Management Console.
Console access starts from this page.
You can retest vulnerability scan against the Enforce page:
Confirm HSTS is in place once the Enforce console webpage loads.