Jira: force hsts on all port requests (including 8443)

Any ideas / assist ?

It seems, must write (or find a pre-written ) filter to force hsts header on all jira requests for all/any ports on which request is made. jira site fails security scans for hsts port 8443. And, upon inspection, indeed hsts is not in header on :8443 requests.

adding “strict” hsts config settings in tomcat web.xml (see solutions all over web & nginx .conf file ) do place hsts in header for ports 80 & 443 ( good). But, no web.xml entry forces port 8443 to have hsts header (bad).

bad:
curl -IL http://:8443
HTTP/1.1 400
Content-Type: text/plain;charset=ISO-8859-1
Connection: close

bad:
curl -IL https://:8443
HTTP/1.1 404
Transfer-Encoding: chunked

good:
curl -sSL -D - | egrep -i strict
Strict-Transport-Security: max-age=31536000; includeSubDomains

Since no config answer works, only code solution (in form of filter) may work. Failing security scans is the problem. thx for assist.