The x-xss-protection header is designed to enable the cross-site scripting (XSS) filter built into modern web browsers. Explicitly setting X-XSS-Protection header to "0" will allow an attacker to perform XSS attack on your users..

The recommended configuration is to set this header to the following value, which will enable the XSS protection and instruct the browser to block the response in the event that a malicious script has been inserted from user input, instead of sanitizing. x-xss-protection: 1; mode=block.

SameSite attribute present on the Cookies set by your site is invalid. SameSite value must be either unset, Strict, or Lax..

Follow this guide to fix this, find the guide here.

Referrer-Policy header controls how much referrer information should be included with requests. Referrer-Policy header is set unsafely to "origin", "origin-when-cross-origin", or "unsafe-url". "unsafe-url" header will send the origin, path, and query string as referrer when performing any request, regardless of security..

Follow this guide to fix this, find the guide here.

X-Content-Type-Options header indicates that MIME Type specified by server should not be changed and should be followed. X-Content-Type-Options header is not implemented..

Follow this guide to fix this, find the guide here.

Our scanners were not able to detect Content Security Policy (CSP) header amongst the header returned by your site..

Follow this guide to fix this, find the guide here.

Multiple HTTP to HTTPS redirections were found on your site. It Redirects to HTTPS eventually, but initial redirection is to another HTTP URL..

Follow this guide to fix this, find the guide here.