Security Headers are enabled but are missing from the Response Headers:
X-Content-Type-Options, X-XSS-Protection and Content-Security-Policy
Go to F12 (Developer tools) - Network - Header Section
Check for below information
Web.xml was customized.
Replace $PPM_HOME/webroot/WEB-INF/web.xml with the Original File.
If you don't have a copy of the original file, please create a Broadcom Support case.