Skills
skills/fusengine/agents/security-headers

security-headers

SKILL.md

Security Headers Skill

Overview

Audit and configure HTTP security headers for web applications.

Required Headers

Header Purpose Severity if Missing
Content-Security-Policy Prevent XSS/injection HIGH
Strict-Transport-Security Force HTTPS HIGH
X-Content-Type-Options Prevent MIME sniffing MEDIUM
X-Frame-Options Prevent clickjacking MEDIUM
Referrer-Policy Control referrer info LOW
Permissions-Policy Control browser features LOW
X-XSS-Protection Legacy XSS filter LOW

Workflow

  1. Detect framework (Next.js, Laravel, Express, etc.)
  2. Check current header configuration
  3. Compare against security best practices
  4. Generate framework-specific configuration
  5. Validate headers are properly set

Detection Points

Framework Config Location
Next.js next.config.js headers, middleware.ts
Laravel SecurityHeaders middleware
Express helmet middleware
Django SECURE_* settings

References

Weekly Installs
12
Repository
fusengine/agents
GitHub Stars
3
First Seen
14 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
gemini-cli12
opencode12
codebuddy12
github-copilot12
codex12
kimi-cli12