I ran that curl command on 9443 and got the header
< HTTP/1.1 200
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
However the scanner still shows the vulnerability on 9443
Did you mean that the scanner must be adjusted instead of adding this to /etc/httpd/httpd.conf ?
<VirtualHost www.example.com:80>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
</VirtualHost>
Thanks in advance