Please provide support to utilize HSTS headers directly from Bitbucket's container Tomcat/Springboot.

The HSTS is an IETF draft standard being developed by Google. It has a number of existing supported browsers like Firefox4 and Chrome (though I note both these are unsupported browsers). http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

A sample HTTP configuration is here and the HTTPS would involve the same "Header Always set" directive in the Apache HTTPS virtual host (though strictly "Always" isn't required except on HTTP):
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security

NOTE

• If Bitbucket is behind a reverse proxy/load balancer, the HSTS header needs to be added directly on the proxy.
• If SSL is directly terminated in Bitbucket, add server.hsts.enabled=true (8.9 or higher)