security-headers
Security Headers Skill
Overview
Audit and configure HTTP security headers for web applications.
Required Headers
| Header | Purpose | Severity if Missing |
|---|---|---|
| Content-Security-Policy | Prevent XSS/injection | HIGH |
| Strict-Transport-Security | Force HTTPS | HIGH |
| X-Content-Type-Options | Prevent MIME sniffing | MEDIUM |
| X-Frame-Options | Prevent clickjacking | MEDIUM |
| Referrer-Policy | Control referrer info | LOW |
| Permissions-Policy | Control browser features | LOW |
| X-XSS-Protection | Legacy XSS filter | LOW |
Workflow
- Detect framework (Next.js, Laravel, Express, etc.)
- Check current header configuration
- Compare against security best practices
- Generate framework-specific configuration
- Validate headers are properly set
Detection Points
| Framework | Config Location |
|---|---|
| Next.js | next.config.js headers, middleware.ts |
| Laravel | SecurityHeaders middleware |
| Express | helmet middleware |
| Django | SECURE_* settings |
References
More from fusengine/agents
laravel-architecture
Design Laravel app architecture with services, repositories, actions, and clean code patterns. Use when structuring projects, creating services, implementing DI, or organizing code layers.
97laravel-blade
Create Blade templates with components, slots, layouts, and directives. Use when building views, reusable components, or templating.
88laravel-livewire
Livewire 3 reactive components - wire:model, actions, events, Volt, Folio. Use when building reactive UI without JavaScript.
87nextjs-i18n
Next.js 16 internationalization with next-intl or DIY. Use when implementing i18n, translations, localization, multilingual, language switch, locale routing, or formatters.
59solid-php
SOLID principles for Laravel 12 and PHP 8.5. Files < 100 lines, interfaces separated, PHPDoc mandatory. Auto-detects Laravel and FuseCore architecture.
51laravel-testing
Write tests with Pest 3/PHPUnit, feature tests, unit tests, mocking, fakes, and factories. Use when testing controllers, services, models, or implementing TDD.
50