When you get the security headers are invalid message it almost always means that you are using credentials for the wrong end point. If you have live credentials but are testing in the sandbox or the other way around you will get this error. Are the credentials you are using live or SandBox? Are you testing this live or in the SandBox?
As for the values getting to the pp_confirm page the wizard should create these pages with the proper values included for you.