To address the reported headers and issues on your website, you may need to work with a developer or use website hosting services that support the required security headers like Strict-Transport-Security, Content-Security-Policy, Frame-Options, Content-Type-Options, Referrer-Policy, and Permissions-Policy, while also ensuring proper SSL certificate installation for resolving the “No HSTS header” and “Certificate issue” problems.
Many of those online test/tools will display errors because they do not support javascript and cookies
So it’s best to test through browser dev. tools (F12)
and you can see which headers were returned by the server
Since you are the owner of the domain, it is easier for you to do it through Cloudflare
but it can also be done via .htaccess or php etc…
now it all depends on what kind of website you have
but I remind you, don’t just copy the values if you don’t know what you’re doing, because the wrong settings can make your website inaccessible to someone
(CF offers somewhere in its options to put some of these security headers itself)
i am unable to understand properly and can yo also tell me how to enable mod_headers and i am not able to add cloudflare ssl and many other problems happen
The TL;DR is: security scanners are blocked on our hosting. So even if you have setup the security headers correctly, those scanners won’t be able to see them.
mod_headers is enabled by default. The issue here is not that your website is not returning the right headers, it’s that the header scanner is unable to access your website in the first place.