Vulnerability "84502 - HSTS Missing From HTTPS Server" is found in Wildfly (port 8443).

CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C/I/A:N)

Issue is described in RFC 6797:


HSTS is required to tell the browser that the server should only be accessed using HTTPS. 

Adding HSTS to wildfly endpoint won't break anything.

Configure the /usr/local/pem/wildfly-16.0.0.Final/standalone/configuration/standalone-full-ha.xml file under the /filters section:

<response-header name="strictTransportSecurity" header-name="Strict-Transport-Security" header-value="max-age=31536000; includeSubDomains"/>