We are using Tenable to identify security vulnerabilities. Missing HSTS was identified recently. Our server is Apache for ui and spring boot for backend .
The HSTS header is present in the response headers but in the security tab it indicated disabled.
My config for the virtual host in httpd.conf is as follows:
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Question: How do I make this change show up for Firefox and Tenable?
Thank you.