I have written three headers for Content-Security-Policy, Referrer-Policy and Permissions-Policy on my master page inside header tag but still it is not identifying on “https://securityheaders.com/”. Please help me for them same.

Headers :

<meta http-equiv="Feature-Policy" content="ch-viewport-width *" src="javascript:'';" allow="geolocation 'src'">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; child-src 'none';" />
<meta name="referrer" content="origin" />

CodePudding user response：

You are claiming that they are headers, but you are setting meta tags, which are likely not checked by securityheaders.com. Try setting them as response headers instead.