All the headers checked by that website can be set into Options -> htaccess protection -> http headers protection. Some of them can be applied with one click (i.e. x-frame options) and others must be filled by you (i.e. csp). Can you please check if there is a green box next to each option with the text "this option is currently applied"?
Umm, that's odd. The site is using mod_rewrite, doesn't it? If so please send me credentials to access to ftp to check the .htaccess of root folder (use the email from which you receive forum notifications please).