We can investigate the topic further with our engineering team but we would love to know more about the security scan you are referring to. So we need just more context to understand what is the real issue you are facing
We have discussed that internally and we believe that we have to keep the HTTP listener active because it is needed to support redirection from HTTP to HTTPS. This is just an example of one of the use cases.
Regarding the scanner, it might be treated as the issue but in fact, it is not impacting Traefik itself.
It is needed to understand the report produced by such a scanner and consider that as a guide and not as a target.
Please let us know your thoughts in regards to that topic.