I know this question is almost a year old, but this was one of the top results in Google when I was attempting to do something similar, so I'll respond with my solution to potentially help someone who finds this question in the future:
We are using Apache, so I used this IBM article as a guide to change my Apache settings. The important part of that article is including "always set Strict-Transport-Security" string to your Header showed in section 2a.
It's a relatively simple fix.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot