Issues with security headers

Hi there
I hope I am submitting my concern in the right category.

I issues with security headers.

I have added the following headers into htaccess but there aren’t taking effect. Here is what i have done so far to make it work.

  • I have also disabled cloudflare.
  • Enable Rewrite is turned ON
  • cleared all cache
<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    Header always set Content-Security-Policy "default-src 'self';"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options "nosniff"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Permissions-Policy "geolocation=(), camera=(), microphone=()"

Can someone help to figure out the issue presented?

Can you please check our new feature of apche as reverse proxy