security-headers
Installation
SKILL.md
Security Headers Skill
Overview
Audit and configure HTTP security headers for web applications.
Required Headers
| Header | Purpose | Severity if Missing |
|---|---|---|
| Content-Security-Policy | Prevent XSS/injection | HIGH |
| Strict-Transport-Security | Force HTTPS | HIGH |
| X-Content-Type-Options | Prevent MIME sniffing | MEDIUM |
| X-Frame-Options | Prevent clickjacking | MEDIUM |
| Referrer-Policy | Control referrer info | LOW |
| Permissions-Policy | Control browser features | LOW |
| X-XSS-Protection | Legacy XSS filter | LOW |