Our cycber security have recommended the introduction of HTTP Strict-Transport-Security response headers, but cannot see anywhere in VisualSVN (or the configuration of it) to do this.
This is for VisualSVN Enterprise 4.2.2 (using Apache 1.10.6) running on Windows 2019 DataCenter.
I see no separate installation of Apache, no presence of a httpd.exe on the server and there's a header warning in the httpd.conf file which advises tha the conf will be overwritten when/if the VisualSVN service is started.
You can add the following line to the %VISUALSVN_SERVER%conf\httpd-custom.conf file and restart the VisualSVN Server service:
Header always set Strict-Transport-Security "max-age=31536000"
Note that you may need to replace the max-age value with another one depending on your requirements.