A vulnerability scan of the Messaging Gateway (SMG) Control Center indicates that SMG does not include the optional HTTP Strict Transport Security (HSTS) header in its HTTP response headers.
The HSTS header is not present in the SMG Control Center HTTP response headers.
This does not represent a security issue.
The SMG Control Center, by default, will only communicate via HTTPS and does not allow HTTP connections or the downgrade of HTTPS to unencrypted communication. No HSTS header is needed as no unencrypted communication is allowed.
Unencrypted HTTP communication may be enabled by running the `cc-config http --on` command from the admin command line (CLI) but, in this configuration, it would not be appropriate to include the HSTS header as HTTP communication has been explicitly allowed by the site administrator.