Why is HSTS important to audit?

HSTS ensures browsers only connect via HTTPS, preventing protocol downgrade attacks and SSL stripping that could compromise user data.

How are security findings presented?

Findings are categorized by severity (Critical, Major, Minor) and include the specific CWE/OWASP classification along with a code fix.

What headers does this skill check?

It audits CSP, X-Frame-Options, HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and Cache-Control headers.

Does it support PHP frameworks?

Yes, it scans common PHP patterns and YAML configuration files used in frameworks like Symfony and Laravel to detect security misconfigurations.

Can it detect weak CSP settings?

Yes, it identifies overly permissive policies such as 'unsafe-eval', 'unsafe-inline', or wildcard origins that defeat the purpose of a CSP.

PHP Secure Headers Audit

Name: PHP Secure Headers Audit
Author: dykyi-roman

bydykyi-roman

•

安全与测试

Audits and secures PHP applications by analyzing HTTP security header configurations to prevent XSS, clickjacking, and data leakage.

The Secure Headers Audit skill for Claude Code provides automated security analysis for PHP applications, identifying missing or misconfigured HTTP headers that protect against common web vulnerabilities. By scanning middleware, framework configurations, and response objects, it detects critical gaps in Content Security Policy (CSP), HSTS, and frame protection, ensuring your architecture aligns with OWASP A05:2021 standards and industry best practices for secure web communication.

主要功能

01Identifies missing HSTS and X-Frame-Options to prevent SSL stripping and clickjacking

02Provides severity-rated findings with actionable PHP code fixes

03Detects missing or weak Content Security Policy (CSP) directives

04Analyzes Referrer-Policy and Permissions-Policy for data privacy compliance

0545 GitHub stars

06Audits sensitive routes for insecure Cache-Control headers

使用场景

01Hardening existing legacy PHP projects against OWASP Top 10 vulnerabilities

02Pre-deployment security auditing for PHP web applications

03Verifying security middleware and framework configurations in Symfony or Laravel

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dykyi-roman/awesome-claude-code check-secure-headers

For use in Claude.ai and ChatGPT

Download Skill