Slash Command

/scan-headers

Prompts for a target URL and scans its HTTP security headers (CSP, HSTS, etc.), outputting a table with status, values, issues, score, and fix recommendations.

Python

security

npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin penetration-tester

Prompt Preview

# Quick Security Header Scan

Fast single-URL check for HTTP security headers. This is a shortcut for running
just the header analysis from the full pentest workflow.

## Usage

Ask the user for the target URL, then run:



## What Gets Checked

- Content-Security-Policy (CSP)
- Strict-Transport-Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
- Server version disclosure
- X-XSS-Protection (deprecated, informational)

## Output

Present the results as a table showing each header, whether it's present, its
value, and any issues found. Include ...

Command Content

Other plugins with /scan-headers

/rank-security

Scans HTML files in a directory for security headers, HTTPS compliance, and 15 SEO-impacting rules including CSP, mixed content, SRI, and more.

claude-rank

/csp

1.4k

Scans project for frontend assets and external domains to generate strict Content Security Policy (CSP) headers in HTTP and meta tag formats, including enforcing and report-only versions.

claude-code-toolkit

/security

Conducts security reviews of apps, APIs, scripts, and configs using OWASP Top 10 best practices and threat modeling; detects vulnerabilities and suggests fixes.

sonnet4 tools

backend-security

/scan-api-security

1.9k

Scans APIs for OWASP Top 10 vulnerabilities, misconfigurations, and attack vectors using OWASP ZAP, producing HTML reports, JSON findings, remediation guides, evidence, and Python regression tests.

api-security-scanner

/COMMAND

221

Scans codebase path or scope for vulnerabilities in hardcoded secrets, input validation, auth/authz, dependencies, HTTP headers, and misconfigs. Produces severity-ranked findings with remediation guidance.

armory

Stats

Parent Repo Stars1853

Parent Repo Forks248

Last CommitFeb 13, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

# Quick Security Header Scan Fast single-URL check for HTTP security headers. This is a shortcut for running just the header analysis from the full pentest workflow. ## Usage Ask the user for the target URL, then run: ## What Gets Checked - Content-Security-Policy (CSP) - Strict-Transport-Security (HSTS) - X-Frame-Options - X-Content-Type-Options - Referrer-Policy - Permissions-Policy - Server version disclosure - X-XSS-Protection (deprecated, informational) ## Output Present the results as a table showing each header, whether it's present, its value, and any issues found. Include ...

Quick Security Header Scan

Fast single-URL check for HTTP security headers. This is a shortcut for running just the header analysis from the full pentest workflow.

Usage

Ask the user for the target URL, then run:

python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py TARGET_URL --checks headers

What Gets Checked

Content-Security-Policy (CSP)

Strict-Transport-Security (HSTS)

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

Server version disclosure

X-XSS-Protection (deprecated, informational)

Output

Present the results as a table showing each header, whether it's present, its value, and any issues found. Include the overall header security score.

For any missing or misconfigured headers, provide the recommended value and a brief explanation of what it protects against. Reference references/SECURITY_HEADERS.md for implementation details.

Authorization

Even though this only sends a single GET request, confirm the user has authorization to test the target URL before scanning.