By default, we perform an extended monitoring scan of your site 2 times a day. However, we currently do not perform a new scan yet when the WordPress plugin has been installed on your site.
It is also possible that the .htaccess file on your webserver does not have the proper CHMOD permissions setup so we can write to it. We need to be able to write to the .htaccess file in order to inject the security headers to the response.
After plugin installation, you can also manually check your security headers by using a tool such as https://securityheaders.com/.