https://cloudflareworkers.com for Security Headers - https://developers.cloudflare.com/workers/about/

worker.js

// https://developers.cloudflare.com/workers/about/ 
// https://tutorial.cloudflareworkers.com
//
// A Service Worker which adds Security Headers.
// Checks:
//     https://securityheaders.io/
//     https://observatory.mozilla.org/
//     https://csp-evaluator.withgoogle.com/
//     https://hstspreload.org/
//     https://www.ssllabs.com/ssltest/
//
addEventListener("fetch", event => {
  event.respondWith(fetchAndReplace(event.request))
})

async function fetchAndReplace(request) {
  // Fetch the response.
  const response = await fetch(request)

  // Make sure we only modify text, not images.
  let type = response.headers.get("Content-Type") || ""
  if (!type.startsWith("text/")) {
    // Not text. Don't modify.
    return response
  }

  // Add the Security Headers to the response
  let newHeaders = new Headers(response.headers)
  
  // ❤️ emoji
  newHeaders.append('X-emoji', '😎')

  // Please set the HSTS header from the Cloudflare dashboard
  // -> https://support.cloudflare.com/hc/en-us/articles/204183088-Does-Cloudflare-offer-HSTS-HTTP-Strict-Transport-Security-
  // https://wiki.mozilla.org/Security/Guidelines/Web_Security#HTTP_Strict_Transport_Security
  // https://scotthelme.co.uk/hsts-the-missing-link-in-tls/
  // Preload list -> https://hstspreload.org/
  //newHeaders.set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
  //newHeaders.set("Strict-Transport-Security", "max-age=31536000")

  // https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-Content-Type-Options
  // https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options
  // This header can be set through the Cloudflare dashboard where the HSTS header can be configured.
  //newHeaders.set('X-Content-Type-Options', 'nosniff')

  // Expect-CT header -> https://scotthelme.co.uk/a-new-security-header-expect-ct/
  // Cloudflare already sets it if you you use their certs: expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
  // newHeaders.set('expect-ct', 'max-age=604800, report-uri="https://yourdomain.report-uri.com/r/d/ct/enforce"')

  // https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-Frame-Options
  // https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options
  newHeaders.set("X-Frame-Options", "deny")

  // https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-XSS-Protection
  // https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection
  newHeaders.set('X-XSS-Protection', '1; mode=block')

  // https://wiki.mozilla.org/Security/Guidelines/Web_Security#Referrer_Policy
  // https://scotthelme.co.uk/a-new-security-header-referrer-policy/
  // "no-referrer", "same-origin", "strict-origin" or "strict-origin-when-cross-origin"
  newHeaders.set('Referrer-Policy', 'strict-origin')

  // https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
  // https://developers.google.com/web/fundamentals/security/csp/
  // https://wiki.mozilla.org/Security/Guidelines/Web_Security#Content_Security_Policy
  // https://scotthelme.co.uk/content-security-policy-an-introduction/
  // CSP Builder -> https://report-uri.com/home/generate
  // Check CSP -> https://csp-evaluator.withgoogle.com/
  //newHeaders.set("Content-Security-Policy", "default-src 'self'") // You need to modify and enable this so suit your website
  
  // https://developers.google.com/web/updates/2018/06/feature-policy
  // https://scotthelme.co.uk/a-new-security-header-feature-policy/
  // https://github.com/WICG/feature-policy
  // https://docs.google.com/document/d/1k0Ua-ZWlM_PsFCFdLMa8kaVTo32PeNZ4G7FFHqpFx4E/edit
  // Demo: https://feature-policy-demos.appspot.com/
  // List of browser APIs to limit or disable.
  //newHeaders.set("Feature-Policy", "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; usb 'none'; vibrate 'none'; document-write 'none'; sync-xhr 'none'")
  
  // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
  // https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/
  // https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/
  // https://seirdy.one/2021/04/16/permissions-policy-floc-misinfo.html
  // https://web.dev/floc/
  newHeaders.set("Permissions-Policy", "interest-cohort=() microphone=()")
  
  // Remove the 'Server' and the 'X-Powered-By' header
  // Cloudflare sets their own 'server' header so don't use this, It will do nothing.
  // https://scotthelme.co.uk/hardening-your-http-response-headers/#removingheaders
  //newHeaders.delete("Server")
  newHeaders.delete("X-Powered-By")
  
  // Further recommendations to consider:
  // Check the status of the TLS connection  -> https://www.ssllabs.com/ssltest/
  // Set a CAA DNS record -> https://scotthelme.co.uk/certificate-authority-authorization/

  // Return modified response
  return new Response(response.body, {
    status: response.status,
    statusText: response.statusText,
    headers: newHeaders
  })
}

hi how to make own casino website?

First get a license and legal advice before opening an online casino. Depending where you are, gambling is heavily regulated. Next get a dev team or use an existing framework to develop the site and start a company.