Scan of port 3128 does not return an HSTS header

root@vc [ ~ ]# curl -k -I -H -D- https://localhost:3128
curl: (35) error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate

VMware vCenter Server 7.0.x
VMware vCenter Server 8.0.x

vCenter Server 7.0 supports the HTTP/2 protocol. All modern browsers and applications, including the vSphere Client, connect to vCenter Server using HTTP/2. However, smart card authentication requires use of the HTTP/1.1 protocol. Activating smart card authentication deactivates Application-Layer Protocol Negotiation (ALPN, https://tools.ietf.org/html/rfc7301) for HTTP/2, effectively preventing the browser from using HTTP/2. Applications that use only HTTP/2, without relying on ALPN, continue to work.

See, Configure vCenter Server to Request Client Certificates

This is working as designed