security-headers
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseSecurity Headers Skill
安全标头Skill
Overview
概述
Audit and configure HTTP security headers for web applications.
审计并配置Web应用的HTTP安全标头。
Required Headers
必需标头
| Header | Purpose | Severity if Missing |
|---|---|---|
| Content-Security-Policy | Prevent XSS/injection | HIGH |
| Strict-Transport-Security | Force HTTPS | HIGH |
| X-Content-Type-Options | Prevent MIME sniffing | MEDIUM |
| X-Frame-Options | Prevent clickjacking | MEDIUM |
| Referrer-Policy | Control referrer info | LOW |
| Permissions-Policy | Control browser features | LOW |
| X-XSS-Protection | Legacy XSS filter | LOW |
| 标头 | 用途 | 缺失时的严重程度 |
|---|---|---|
| Content-Security-Policy | 防止XSS/注入攻击 | HIGH |
| Strict-Transport-Security | 强制使用HTTPS | HIGH |
| X-Content-Type-Options | 防止MIME类型嗅探 | MEDIUM |
| X-Frame-Options | 防止点击劫持 | MEDIUM |
| Referrer-Policy | 控制引用信息 | LOW |
| Permissions-Policy | 控制浏览器功能 | LOW |
| X-XSS-Protection | 旧版XSS过滤器 | LOW |
Workflow
工作流程
- Detect framework (Next.js, Laravel, Express, etc.)
- Check current header configuration
- Compare against security best practices
- Generate framework-specific configuration
- Validate headers are properly set
- 检测框架(Next.js、Laravel、Express等)
- 检查当前标头配置
- 对比安全最佳实践
- 生成针对特定框架的配置
- 验证标头是否正确设置
Detection Points
检测位置
| Framework | Config Location |
|---|---|
| Next.js | |
| Laravel | |
| Express | |
| Django | |
| 框架 | 配置位置 |
|---|---|
| Next.js | |
| Laravel | |
| Express | |
| Django | |
References
参考资料
- Headers Reference
- Config Templates
- 标头参考文档
- 配置模板