Accoring to KB40348, HSTS should be enabled in 8.2r6+ I have tried 8.2r6 and the newest 8.2r7 of PCS. Neither seem to have the correct term in the http header. (Strict-Transport-Security: max-age=31536000)
That makes us fail a homeland security check.
What is the true status of this? I have heard 8.3 should fix it, but no concrete data can be found.
Info on HSTS: https://pulse.cio.gov/https/guidance/
After further testing, what I have found is if I include the entire login URL (including welcome.cgi) the header is there. But if I enter in the root url of the device, the header is not present on the redirect.