It is required for the scanner to properly support redirect for the server HTTP connections. For GET requests it
works out of the box thanks to okhttp doesn't work when server is secured because Authentication header is lost on redirect (for security reason), and it also doesn't work at all for POST requests (like uploading the scanner report) because POST doesn't follow redirects automatically.
For POST it has to be manually implemented. See for example what is done for webhooks:
For GET requests, one option could have been to switch from preemptive authentication to add an Authenticator in Okhttp client. But it doesn't work since many WS do not return authentication error, but instead adapt their response to the user permissions. So probably like POST requests, we may have to manually handle redirects, and set again Authentication header.