Agent-Skills.md

Agent Skills: Security Headers Skill

Verify and configure HTTP security headers (CSP, HSTS, CORS, X-Frame-Options, etc). Checks current configuration and generates framework-specific fixes.

UncategorizedID: fusengine/agents/security-headers

Repository

fusengine/agents
fusengineLicense: MIT
7

Install this agent skill to your local

pnpm dlx add-skill https://github.com/fusengine/agents/tree/HEAD/plugins/security-expert/skills/security-headers

Skill Files

Browse the full folder contents for security-headers.

Download Skill

Loading file tree…

plugins/security-expert/skills/security-headers/SKILL.md

Skill Metadata

Name
security-headers
Description
Verify and configure HTTP security headers (CSP, HSTS, CORS, X-Frame-Options, etc). Checks current configuration and generates framework-specific fixes.

Security Headers Skill

Overview

Audit and configure HTTP security headers for web applications.

Required Headers

| Header | Purpose | Severity if Missing | |--------|---------|-------------------| | Content-Security-Policy | Prevent XSS/injection | HIGH | | Strict-Transport-Security | Force HTTPS | HIGH | | X-Content-Type-Options | Prevent MIME sniffing | MEDIUM | | X-Frame-Options | Prevent clickjacking | MEDIUM | | Referrer-Policy | Control referrer info | LOW | | Permissions-Policy | Control browser features | LOW | | X-XSS-Protection | Legacy XSS filter | LOW |

Workflow

  1. Detect framework (Next.js, Laravel, Express, etc.)
  2. Check current header configuration
  3. Compare against security best practices
  4. Generate framework-specific configuration
  5. Validate headers are properly set

Detection Points

| Framework | Config Location | |-----------|----------------| | Next.js | next.config.js headers, middleware.ts | | Laravel | SecurityHeaders middleware | | Express | helmet middleware | | Django | SECURE_* settings |

References