Self-signed certificates (the SEPM default configuration) do not support HSTS.
The root certificate installed on each SEPM in the Trusted Root Certification Authorities.
Enabling HSTS will cause the following items to not function properly.
Built-in Help pages in the SEPM. Clicking Help -> Help Topics within the SEPM will display a browser page indicating “This content cannot be displayed in a frame.”
SEPM Web Console (port 8443) when using the SEPM IP address.
Using the SEPM Hostname to access the Web Console remains unaffected.
Java remote console is unaffected.
Steps to enable HSTS in the SEPM
Stop the SEPM services.
Symantec Endpoint Protection Launch
Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager API Service
Symantec Endpoint Protection Manager Webserver
Open …\<SEPM install directory>\tomcat\conf\web.xml with a text editor.
Navigate to the section “Built in Filter Definitions”. The first filter is httpHeaderSecurity, it is commented out. On the next line below the closing comment (-->) copy and paste in the following filter configuration.
Navigate to the section “Built in Filter Mappings". The first filter is httpHeaderSecurity, it is commented out. On the next line below the closing comment (-->), copy and paste in the following filter-mapping configuration.