HTTP Security Headers

In looking at WP Cerber documentation and forums, I am unclear how your (free) plugin implements and options to handle HTTP Security Headers. I recently did a security audit for a specific client website (got an A grade) but it suggests a fix to hardened HTTP Security Headers by adding the following 1) strict-transport-security, 2)x-content-type-options, 3) x-frame-options, and 4) x-xss-protection OR content-security-policy (one required). My client’s website does not transmit sensitive data, so I might not add these, but my other websites do, so I would like to implement these headers to specific websites that would benefit from extra layer of security. I understand that these can be added to .htaccess file but I am wondering if I am missing something on the (free version) WP Cerber plugin or if there are reason that are not included in the plugin. I am considering the pro version for my other client’s website, so if the pro version has these HTTP Security Headers options, I would like to know, because it’s unclear this is included. Keep up the great work, I am really liking this plugin. I switched from WordFence.