security-headers

Original：🇺🇸 English

Translated

Verify and configure HTTP security headers (CSP, HSTS, CORS, X-Frame-Options, etc). Checks current configuration and generates framework-specific fixes.

1installs

Sourcefusengine/agents

Added on2026-02-28

NPX Install

npx skill4agent add fusengine/agents security-headers

SKILL.md Content

View Translation Comparison →

Security Headers Skill

Overview

Audit and configure HTTP security headers for web applications.

Required Headers

Header	Purpose	Severity if Missing
Content-Security-Policy	Prevent XSS/injection	HIGH
Strict-Transport-Security	Force HTTPS	HIGH
X-Content-Type-Options	Prevent MIME sniffing	MEDIUM
X-Frame-Options	Prevent clickjacking	MEDIUM
Referrer-Policy	Control referrer info	LOW
Permissions-Policy	Control browser features	LOW
X-XSS-Protection	Legacy XSS filter	LOW

Workflow

Detect framework (Next.js, Laravel, Express, etc.)
Check current header configuration
Compare against security best practices
Generate framework-specific configuration
Validate headers are properly set

Detection Points

Framework	Config Location
Next.js	`next.config.js` headers, `middleware.ts`
Laravel	`SecurityHeaders` middleware
Express	`helmet` middleware
Django	`SECURE_*` settings

References

Headers Reference
Config Templates