I know this question is almost a year old, but this was one of the top results in Google when I was attempting to do something similar, so I'll respond with my solution to potentially help someone who finds this question in the future:
We are using Apache, so I used this IBM article as a guide to change my Apache settings. The important part of that article is including "always set Strict-Transport-Security" string to your Header showed in section 2a.
It's a relatively simple fix.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.