I just ran an online scan on my site and every security header came back with a big red “FAIL.” I want those warnings gone and the proper directives in place without breaking any existing functionality. Headers currently missing or incorrectly configured: • Content-Security-Policy (CSP) • Strict-Transport-Security (HSTS) • X-Content-Type-Options • X-Frame-Options • Referrer-Policy • Permissions-Policy Scope – Analyse the current response headers, server configuration and any CDN or reverse-proxy layer I’m using. – Implement each header with sensible, industry-standard values (I’ll review before go-live). – Make sure the site still renders correctly on modern browsers after CSP is tightened. – Re-run the same scanner and provide a screenshot or report showing PASS for every header above. Tech environment is typical LAMP/NGINX; if you need SSH or cPanel access I can provide it. You’re free to use tools such as curl, SecurityHeader.com, Observatory, etc., during testing. Deliverable A short change log of what you edited (virtual host, .htaccess, Nginx block, Cloudflare rules, etc.) and the final passing report.