Verify and configure HTTP security headers (CSP, HSTS, CORS, X-Frame-Options, etc). Checks current configuration and generates framework-specific fixes.
From fuse-securitynpx claudepluginhub fusengine/agents --plugin fuse-securityThis skill uses the workspace's default tool permissions.
references/headers-reference.mdreferences/templates/headers-config.mdDesigns and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
Audit and configure HTTP security headers for web applications.
| Header | Purpose | Severity if Missing |
|---|---|---|
| Content-Security-Policy | Prevent XSS/injection | HIGH |
| Strict-Transport-Security | Force HTTPS | HIGH |
| X-Content-Type-Options | Prevent MIME sniffing | MEDIUM |
| X-Frame-Options | Prevent clickjacking | MEDIUM |
| Referrer-Policy | Control referrer info | LOW |
| Permissions-Policy | Control browser features | LOW |
| X-XSS-Protection | Legacy XSS filter | LOW |
| Framework | Config Location |
|---|---|
| Next.js | next.config.js headers, middleware.ts |
| Laravel | SecurityHeaders middleware |
| Express | helmet middleware |
| Django | SECURE_* settings |