Adding Security Headers or Proxy Domain Setup for Pickaxe-Published Subdomain

I’m running into an issue where my Pickaxe-published subdomain (sensaitriad.writerswithoutwalls.com) is being flagged during security checks for missing security headers (e.g., Content-Security-Policy, X-Frame-Options, etc.). Since the content is directly published by Pickaxe, I’m unable to modify the .htaccess file or inject the necessary headers myself.

I explored the option of creating a .htaccess file manually, but since Pickaxe handles the publishing, changes there won’t apply. My hosting provider suggested using a proxy domain setup to manage these headers externally.

Could you provide guidance on:

  1. Whether Pickaxe supports injecting custom security headers for published sites?
  2. If not, any best practices or recommendations for setting up a proxy domain to resolve this issue while keeping the site functional?

Your advice would be greatly appreciated!