The vCenter VAMI service must implement HTTP Strict Transport Security (HSTS).
HSTS instructs web browsers to only use secure connections for all future requests when communicating with a website. Doing so helps prevent SSL protocol attacks, SSL stripping, cookie hijacking, and other attempts to circumvent SSL protection.
If the output does not match the expected result, this is a finding.
Note: The command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash". Refer to KB Article 2100508 for more details:
Fix Text (F-62806r935374_fix)
Navigate to and open:
Locate the "setenv.add-response-header" parameter and add or update the following value: