- Home
- Skills
- Jeremylongshore
- Claude Code Plugins Plus Skills
- Analyzing Security Headers
analyzing-security-headers_skill
- Python
1.4k
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill jeremylongshore/claude-code-plugins-plus-skills --skill analyzing-security-headers- SKILL.md1.9 KB
Overview
This skill analyzes HTTP security headers for web domains to identify vulnerabilities and misconfigurations. It produces a concise report that scores header coverage, highlights risky settings, and recommends concrete remediation steps. Use it to verify CSP, HSTS, and other critical header controls across production, staging, or CDN-fronted sites.
How this skill works
The skill fetches HTTP(S) responses and follows redirects to capture final headers, cookies, and transport details. It compares observed headers against recommended baselines (CSP, HSTS, X-Frame-Options, Referrer-Policy, Strict-Transport-Security, Permissions-Policy, and others), scores gaps, and generates prioritized remediation guidance. Optional verification steps re-check endpoints after fixes to confirm improvements.
When to use it
- Before deploying a web application to production
- During security assessments or penetration tests
- After configuring a CDN, WAF, or reverse proxy
- To validate CSP and HSTS implementation and preload readiness
- When auditing third-party integrations or subdomains
Best practices
- Run tests from locations representative of real users and CDN edges
- Test both HTTP and HTTPS endpoints and follow redirects
- Record baseline reports before changes to measure improvement
- Validate fixes on staging first, then re-scan production
- Document accepted deviations and compensating controls for legacy systems
Example use cases
- Audit a new web service to ensure HSTS and HTTPS-only enforcement are correct
- Evaluate a CMS deployment for unsafe default headers and weak CSP rules
- Scan multiple subdomains to identify inconsistent header policies across environments
- Verify that CDN or reverse proxy preserves or injects required security headers
- Create a remediation checklist for developers and operations teams based on scan output
FAQ
Any reachable HTTP or HTTPS domain or URL where you have permission to run scans, including hostnames behind CDNs or load balancers.
Will this tool change site configuration?
No. The skill only fetches responses and analyzes headers; it does not alter server or CDN settings. Remediation steps must be applied manually or via your deployment tooling.