Interesting headers - 'content-security-policy' and 'x-permitted-cross-domain-policies' 

When the security header checkbox for "x-permitted-cross-domain-policies"  is enabled during the scan, this header is already getting validated and so it should *not* show up in the list of boring/interesting headers in the issue list and report. 

The same applies to 'content-security-policy' header as well.