analyzing-security-headers_skill

This skill analyzes HTTP security headers of a target domain, identifying misconfigurations and actionable remediation steps to improve web app security.
  • Python

1.4k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill jeremylongshore/claude-code-plugins-plus-skills --skill analyzing-security-headers

  • SKILL.md1.9 KB

Overview

This skill analyzes HTTP security headers for web domains to identify vulnerabilities and misconfigurations. It produces a concise report that scores header coverage, highlights risky settings, and recommends concrete remediation steps. Use it to verify CSP, HSTS, and other critical header controls across production, staging, or CDN-fronted sites.

How this skill works

The skill fetches HTTP(S) responses and follows redirects to capture final headers, cookies, and transport details. It compares observed headers against recommended baselines (CSP, HSTS, X-Frame-Options, Referrer-Policy, Strict-Transport-Security, Permissions-Policy, and others), scores gaps, and generates prioritized remediation guidance. Optional verification steps re-check endpoints after fixes to confirm improvements.

When to use it

  • Before deploying a web application to production
  • During security assessments or penetration tests
  • After configuring a CDN, WAF, or reverse proxy
  • To validate CSP and HSTS implementation and preload readiness
  • When auditing third-party integrations or subdomains

Best practices

  • Run tests from locations representative of real users and CDN edges
  • Test both HTTP and HTTPS endpoints and follow redirects
  • Record baseline reports before changes to measure improvement
  • Validate fixes on staging first, then re-scan production
  • Document accepted deviations and compensating controls for legacy systems

Example use cases

  • Audit a new web service to ensure HSTS and HTTPS-only enforcement are correct
  • Evaluate a CMS deployment for unsafe default headers and weak CSP rules
  • Scan multiple subdomains to identify inconsistent header policies across environments
  • Verify that CDN or reverse proxy preserves or injects required security headers
  • Create a remediation checklist for developers and operations teams based on scan output

FAQ

Any reachable HTTP or HTTPS domain or URL where you have permission to run scans, including hostnames behind CDNs or load balancers.

Will this tool change site configuration?

No. The skill only fetches responses and analyzes headers; it does not alter server or CDN settings. Remediation steps must be applied manually or via your deployment tooling.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
analyzing-security-headers skill by jeremylongshore/claude-code-plugins-plus-skills | VeilStrat