PCI scanning reported the vulnerability, "HSTS Missing From HTTPS Server".
This blog addresses the problem but specifically states that native HSTS support only became available in Server 2016 version 1709 so it does not apply to my server: https://blog.ollischer.com/microsoft-exchange-2016-and-iis-8-5-enable-http-strict-transport-security-hsts
How do it eliminate this vulnerability from Server 2016 build 1607?
Note that it is a production Exchange server at a small business so removing 1607 and rebuilding with 1709 is not an option.
Thank you in advance!