security-headers-configuration

Solid

Configures HTTP security headers to protect against XSS, clickjacking, and MIME sniffing attacks. Use when hardening web applications, passing security audits, or implementing Content Security Policy.

AI & Automation 162 stars 25 forks Updated 2 weeks ago MIT

Install

View on GitHub

Quality Score: 88/100

Stars 20%

Recency 20%

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Security Headers Configuration Implement HTTP security headers to defend against common browser-based attacks. ## Essential Headers | Header | Purpose | Value | |--------|---------|-------| | HSTS | Force HTTPS | `max-age=31536000; includeSubDomains` | | CSP | Restrict resources | `default-src 'self'` | | X-Frame-Options | Prevent clickjacking | `DENY` | | X-Content-Type-Options | Prevent MIME sniffing | `nosniff` | ## Express Implementation ```javascript const helmet = require('helmet'); app.use(helmet()); // Custom CSP app.use(helmet.contentSecurityPolicy({ directives: { defaultSrc: ["'self'"], scriptSrc: ["'self'", "'unsafe-inline'"], styleSrc: ["'self'", "'unsafe-inline'"], imgSrc: ["'self'", "data:", "https:"], connectSrc: ["'self'", "https://api.example.com"], fontSrc: ["'self'", "https://fonts.gstatic.com"], frameAncestors: ["'none'"] } })); ``` ## Nginx Configuration ```nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header X-Frame-Options "DENY" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self'" always; ``` ## Verification Tools - [Security Headers](https://securityheaders.com/) - [Mozilla...

Details

Author: secondsky
Repository: secondsky/claude-skills
Created: 6 months ago
Last Updated: 2 weeks ago
Language: TypeScript
License: MIT

Integrates with

Cloudflare · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

security-headers

Validate and implement HTTP security headers to protect web applications.

335 Updated today

aiskillstore

AI & Automation Featured

performing-security-headers-audit

Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing or misconfigured browser-level protections.

13,115 Updated today

mukul975

API & Backend Solid

api-security-hardening

REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.

162 Updated 2 weeks ago

secondsky

AI & Automation Listed

060101-http-security

Multi-layer web security patterns — rate limiting, Content Security Policy, security headers, CORS, IP deny lists, and graceful degradation.

1 Updated yesterday

natuleadan

AI & Automation Solid

web-security

OWASP Top 10, security headers, CSP, XSS prevention, and vulnerability prevention.

1,160 Updated today

a5c-ai