Loading...
Loading...
Found 13 Skills
Configure HTTP security headers including CSP, HSTS, X-Frame-Options, and XSS protection. Use when hardening web applications against common attacks.
Configures HTTP security headers to protect against XSS, clickjacking, and MIME sniffing attacks. Use when hardening web applications, passing security audits, or implementing Content Security Policy.
Configure security headers to defend against clickjacking, XSS, MIME confusion, and SSL stripping attacks. Use this skill when you need to set up Content-Security-Policy, X-Frame-Options, HSTS, configure middleware headers, or understand browser security features. Triggers include "security headers", "CSP", "content security policy", "X-Frame-Options", "HSTS", "clickjacking", "MIME confusion", "middleware headers".
Validate and implement HTTP security headers to protect web applications.
Verify and configure HTTP security headers (CSP, HSTS, CORS, X-Frame-Options, etc). Checks current configuration and generates framework-specific fixes.
Analyze HTTP security headers of web domains to identify vulnerabilities and misconfigurations. Use when you need to audit website security headers, assess header compliance, or get security recommendations for web applications. Trigger with phrases like "analyze security headers", "check HTTP headers", "audit website security headers", or "evaluate CSP and HSTS configuration".
Security Headers Generator - Auto-activating skill for Security Fundamentals. Triggers on: security headers generator, security headers generator Part of the Security Fundamentals skill category.
**CONTENT SECURITY POLICY (CSP) GUIDE** — Assist with configuring Syncfusion ASP.NET Core EJ2 components to work with strict Content Security Policy (CSP) headers. Use when: implementing CSP headers, generating and applying nonces to inline scripts/styles, configuring external font allowlists, or troubleshooting CSP violations.
Implements security headers and Content Security Policy with safe rollout strategy (report-only → enforce), testing, and compatibility checks. Use for "security headers", "CSP", "HTTP headers", or "XSS protection".
Configure Cross-Origin Resource Sharing (CORS) and security headers. Use for APIs accessed from browsers on different domains.
OWASP security guidelines and Top 10 vulnerabilities USE WHEN: user mentions "OWASP", "security audit", "vulnerability scan", asks about "injection", "XSS", "CSRF", "access control", "authentication security" DO NOT USE FOR: OWASP Top 10:2025 specific - use `owasp-top-10` instead
Configures SSL/TLS certificates, implements secure protocols and ciphers, and sets up security headers. Use when setting up HTTPS, SSL certificates, TLS configuration, or web security hardening.