I have a vulnerability that is stating my Exchange server needs HSTS. Is this something new that vulnerability scanners are requiring now?
If so, how do I change my Exchange server (owa) to be set to HSTS and is there any consequences of doing so?
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). recommends configuring the remote web server to use HSTS.