Symptoms:

Vulnerability scanners may detect the web server is not enforcing HSTS in Aria Suite products such as Aria Suite Lifecyle Manager, VMware Identity Manager, Aria Automation, Aria Automation Orchestrator, Aria Operations or Aria Operations for Logs.

Some vulnerability scanners may flag a false positive for "HSTS MISSING FROM HTTPS SERVER" or similar vulnerabilities for the Aria Suite products. 

HTTP Strict Transport Security is a feature intended to prevent a man-in-the-middle from forcing a client to downgrade to an insecure connection. The way it is implemented is by a header that is placed in responses from the server, notifying the user's browser that it should only accept an HTTPS connection on subsequent visits to the site. The browser caches this information until it either expires according to the max-age specified in the header, or the user manually removes it.

The vulnerability reported is a generic vulnerability and all Aria Suite products are configured to adhere to HTTP Strict Transport Security which can be verified from the developer options in the browser as shown in the screenshot below.

So this is an false positive report from security scan application, which report only when there is no strict-transport-security header listed.