How does the skill calculate the security score?

It assigns points for the presence and quality of headers like CSP and HSTS (up to 25 points each), while applying penalties for information leaks or insecure cookie settings.

Which specific headers does this tool analyze?

It checks for HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and Cross-Origin policies (COEP/COOP/CORP).

Does it check for cookie security?

Yes, it analyzes response headers for cookies and flags those missing essential security attributes like Secure, HttpOnly, or SameSite.

Can I get code to fix the security issues found?

Yes, the skill provides specific configuration snippets for popular web servers like Nginx and Apache, as well as Cloudflare Workers, to help you address identified gaps.

Security Headers Analyzer

Name: Security Headers Analyzer
Author: madsstoumann

bymadsstoumann

•

安全与测试

Analyzes website HTTP response headers to evaluate security posture and provide a comprehensive security score from A+ to F.

This skill allows Claude to perform an automated security audit of any URL's HTTP response headers. It evaluates critical security controls including HSTS, CSP, X-Frame-Options, and Permissions-Policy, calculating a numerical score based on industry best practices. Beyond just identifying missing headers, it examines directive quality, identifies information disclosure risks like 'X-Powered-By' tags, and checks cookie security attributes. The skill concludes with actionable recommendations and production-ready configuration snippets for Nginx and Apache to help developers quickly harden their web applications.

主要功能

01Deep analysis of CSP directives and HSTS configuration.

02Comprehensive scoring system (A+ to F) based on header quality and presence.

03Detection of information disclosure leaks in Server and X-Powered-By headers.

0411 GitHub stars

05Cookie security validation including Secure, HttpOnly, and SameSite flags.

06Ready-to-use fix examples for Nginx, Apache, and Cloudflare Workers.

使用场景

01Generating compliant Content Security Policies (CSP) based on real-world analysis.

02Hardening a web application's security posture before a production release.

03Performing a quick security audit of existing websites to identify vulnerabilities.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add madsstoumann/browser-style security-headers

For use in Claude.ai and ChatGPT

Download Skill