The TL;DR is: security scanners are blocked on our hosting. So even if you have setup the security headers correctly, those scanners won’t be able to see them.
mod_headers is enabled by default. The issue here is not that your website is not returning the right headers, it’s that the header scanner is unable to access your website in the first place.
Why not?
Such as?