I need a PHP-savvy developer to harden an existing Core PHP website by reviewing the current HTTP response headers and adding or updating the ones that are still missing or outdated. The site is healthy—this is purely a compliance exercise—so please avoid touching areas that are already configured correctly and make sure no duplicate headers are introduced. Headers that definitely need attention include: • X-Frame-Options • X-XSS-Protection • X-Content-Type-Options • X-Permitted-Cross-Domain-Policies • Strict-Transport-Security • Referrer-Policy • Feature-Policy / Permissions-Policy • Expect-CT • Set-Cookie flags (Secure, HttpOnly, SameSite) • Content-Security-Policy Feel free to leave any header in place if it already follows best practice after discussion and approval from me; otherwise, update it to current OWASP/CIS benchmarks. Implementation can be done in .htaccess, a central header utility, or straight in the core controller—whatever is cleanest for our setup—so long as it works across every route and sub-domain. DO NOT ask for website / code before starting work. Website will be provided once task is assigned to you. You will receive ONLY FTP credentials as soon as we start. Once finished, please provide: 1. The modified files with comments marking your changes. 2. A quick before-and-after curl output (or similar) showing each header in place. 3. A brief note on any header we decided not to change and why. I will use third party tools to validate completion of correct and complete header setup.