2 Security Header inactive if Cloudflare is active

Hi you all! My security headers “Permission Policy” & “Content-Security-Policy” (correctly setted inside my server hosting) ,when Cloudflare is active, start to became inactive!

lf i try to scan online every these 3 websites here: https://securityheaders.com/.
(adslovunqueflat.com - banchedati.eu mobilimalandroneintoscana.com)

before and after having Cloudflare in pause i can notice the difference.

Do you kinow which is the Cloudflare function that can give that issue?
I’ve just clean every caching setting before to write here…without results.
Thanks for your help!

I’d suggest you adding the missing ones by using Transform Rules → Modify Response Header.

Helpful article:

They’re not inactive. You’re just blocking those tests:

4 Likes

Thank you very much for your help fritex!

Hi sdayman and thank you too for your suggestion. Do you think that’s could als been happend due a Cloudflare asn or ip bot blocked manually by my side?