Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From fuse-security
Verify and configure HTTP security headers (CSP, HSTS, CORS, X-Frame-Options, etc). Checks current configuration and generates framework-specific fixes.
npx claudepluginhub fusengine/agents --plugin fuse-securityHow this skill is triggered — by the user, by Claude, or both
Slash command
/fuse-security:security-headersThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Audit and configure HTTP security headers for web applications.
Verifies and configures HTTP response security headers including HSTS, CSP, X-Frame-Options, and more. Useful when reviewing web server, reverse proxy, or application middleware header settings.
Audits HTTP security headers (CSP, HSTS, X-Frame-Options, Permissions-Policy), identifies overly permissive directives, and generates production-ready policies for web applications.
Configures HTTP security headers like HSTS, CSP, X-Frame-Options, X-Content-Type-Options for Express, Nginx, Flask. Protects against XSS, clickjacking, MIME sniffing; useful for hardening web apps and passing audits.
Share bugs, ideas, or general feedback.
Audit and configure HTTP security headers for web applications.
| Header | Purpose | Severity if Missing |
|---|---|---|
| Content-Security-Policy | Prevent XSS/injection | HIGH |
| Strict-Transport-Security | Force HTTPS | HIGH |
| X-Content-Type-Options | Prevent MIME sniffing | MEDIUM |
| X-Frame-Options | Prevent clickjacking | MEDIUM |
| Referrer-Policy | Control referrer info | LOW |
| Permissions-Policy | Control browser features | LOW |
| X-XSS-Protection | Legacy XSS filter | LOW |
| Framework | Config Location |
|---|---|
| Next.js | next.config.js headers, middleware.ts |
| Laravel | SecurityHeaders middleware |
| Express | helmet middleware |
| Django | SECURE_* settings |