May I ask did you disabled the REST API via Wordfence due to the security settings or via some other plugin, or it could be due to the Firewall Rules at Cloudflare (if you are using any)?
From the above screenshot, and the returned HTML, I cannot understand does the 403 error come from the Cloudflare, or rather from your origin host / server due to the HTTP request for the part /wp-json/wp/v2/.
I checked with Hostpapa hosting server, they said that this might be due to plugins. I deactivated each plugin one by one checked the site health scan each time. But no positive result. Same 3 errors displayed.
Also I have whitelisted wordfence ip address to cloudflare firewall as a rule. But still no effect to scan.
I think this might be due to cloudflare, as it doesn’t allow wordfence scan at CDN level.
I have checked the ssl at cloudflare and it works fine. Please refer the screenshot.
I have also updated the setting in WordFence plugin as “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.” Also added cloudflare firewall rules for whitelisted IPs.