How does the skill calculate the security score?

It assigns points for the presence and quality of headers like CSP and HSTS (up to 25 points each), while applying penalties for information leaks or insecure cookie settings.

Which specific headers does this tool analyze?

It checks for HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and Cross-Origin policies (COEP/COOP/CORP).

Does it check for cookie security?

Yes, it analyzes response headers for cookies and flags those missing essential security attributes like Secure, HttpOnly, or SameSite.

Can I get code to fix the security issues found?

Yes, the skill provides specific configuration snippets for popular web servers like Nginx and Apache, as well as Cloudflare Workers, to help you address identified gaps.

Security Headers Analyzer

Name: Security Headers Analyzer
Author: madsstoumann

bymadsstoumann

•

Seguridad y Pruebas

Analyzes website HTTP response headers to evaluate security posture and provide a comprehensive security score from A+ to F.

Acerca de

This skill allows Claude to perform an automated security audit of any URL's HTTP response headers. It evaluates critical security controls including HSTS, CSP, X-Frame-Options, and Permissions-Policy, calculating a numerical score based on industry best practices. Beyond just identifying missing headers, it examines directive quality, identifies information disclosure risks like 'X-Powered-By' tags, and checks cookie security attributes. The skill concludes with actionable recommendations and production-ready configuration snippets for Nginx and Apache to help developers quickly harden their web applications.

Características Principales

Deep analysis of CSP directives and HSTS configuration.
Comprehensive scoring system (A+ to F) based on header quality and presence.
Detection of information disclosure leaks in Server and X-Powered-By headers.
11 GitHub stars
Cookie security validation including Secure, HttpOnly, and SameSite flags.
Ready-to-use fix examples for Nginx, Apache, and Cloudflare Workers.

Casos de Uso

Generating compliant Content Security Policies (CSP) based on real-world analysis.
Hardening a web application's security posture before a production release.
Performing a quick security audit of existing websites to identify vulnerabilities.

Acerca de

Características Principales

Deep analysis of CSP directives and HSTS configuration.
Comprehensive scoring system (A+ to F) based on header quality and presence.
Detection of information disclosure leaks in Server and X-Powered-By headers.
11 GitHub stars
Cookie security validation including Secure, HttpOnly, and SameSite flags.
Ready-to-use fix examples for Nginx, Apache, and Cloudflare Workers.

Casos de Uso

Generating compliant Content Security Policies (CSP) based on real-world analysis.
Hardening a web application's security posture before a production release.
Performing a quick security audit of existing websites to identify vulnerabilities.