Symptoms
Vulnerability "84502 - HSTS Missing From HTTPS Server" is found in Wildfly (port 8443).
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C/I/A:N)
Issue is described in RFC 6797:
https://tools.ietf.org/html/rfc6797
Resolution
HSTS is required to tell the browser that the server should only be accessed using HTTPS.
Adding HSTS to wildfly endpoint won't break anything.
Configure the /usr/local/pem/wildfly-16.0.0.Final/standalone/configuration/standalone-full-ha.xml file under the /filters section:
<response-header name="strictTransportSecurity" header-name="Strict-Transport-Security" header-value="max-age=31536000; includeSubDomains"/>