"security_headers": {
      "content_security_policy": "Present",
      "strict_transport_security": "Present",
      "x_content_type_options": "Present",
      "x_frame_options": "Missing",
      "referrer_policy": "Present",
      "permissions_policy": "Present",
      "score": 80,
      "grade": "B"
    },

X-frame-options is obsolete. Frame-ancestors option in content-secrity-policy is the way to go.