I need an experienced security-minded developer to create a strict yet non-breaking Content Security Policy for my WordPress website and to correctly enable HTTP Strict Transport Security. My site loads scripts, stylesheets, and images, and it pulls in several third-party services. The goal is to catalogue every call the pages make, translate that inventory into a CSP header that blocks nothing essential, and then verify—across all modern browsers—that no console errors appear once the policy is active. For HSTS, I want the header configured with an appropriate max-age, includeSubDomains, and preload directive (if advisable), followed by a test to confirm the redirect and header are behaving exactly as intended. Deliverables • Report of all resource origins discovered during the audit • Final CSP header (with comments explaining each directive) • Implemented HSTS header and confirmation screenshots • Short testing checklist so I can reproduce your results I’ll provide server access and current response headers as soon as we start.