Scanners keep flagging missing headers, but the fix is scattered and the syntax differs per server. This site collects the configs that actually work into one library — one copy-paste block per header for every common server, plus the curl command to confirm it's live.
Recipes target current Nginx, Apache (mod_headers), Caddy v2 and Cloudflare (Workers and Pages _headers), following current browser behaviour and the relevant specs.