How to configure pa-agent to use HSTS? 

CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C/I/A:N)

Issue is described in RFC 6797:


The HSTS is required to tell browsers that the server should only be accessed using HTTPS instead of HTTP. 

pa-agent is a web server that accepts and processes HCL requests over HTTPS. 

It is not intended to communicate with pa-agent using a browser.

For the reason above there is no need to add HSTS.