Issue: Missing HTTP Strict-Transport-Security Header

Description:

The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS and that any future attempts to access it using HTTP should automatically be converted to HTTPS.

Remediation:

In the ZIETrans application, this can be addressed by configuring HSTS in the deployed runtime servers.

Refer to below link to configure HSTS in WebSphere:

https://www.ibm.com/support/pages/resolving-missing-hsts-or-missing-http-strict-transport-security-websphere