From jeremylongshore-claude-code-plugins-plus-skills
Audits HTTP response headers for security best practices, helping identify missing or misconfigured headers like CSP, HSTS, and X-Frame-Options.
How this skill is triggered — by the user, by Claude, or both
Slash command
/jeremylongshore-claude-code-plugins-plus-skills:http-header-security-auditThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill provides automated assistance for http header security audit tasks within the Security Fundamentals domain.
This skill provides automated assistance for http header security audit tasks within the Security Fundamentals domain.
This skill activates automatically when you:
Example: Basic Usage Request: "Help me with http header security audit" Result: Provides step-by-step guidance and generates appropriate configurations
| Error | Cause | Solution |
|---|---|---|
| Configuration invalid | Missing required fields | Check documentation for required parameters |
| Tool not found | Dependency not installed | Install required tools per prerequisites |
| Permission denied | Insufficient access | Verify credentials and permissions |
Part of the Security Fundamentals skill category. Tags: security, authentication, validation, owasp, secure-coding
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin ejentum-reasoningAudits a target's HTTP security headers — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and Cross-Origin trio. Useful for SOC2/PCI audits or Observatory grades below B.
Validates HTTP security headers in web app responses, identifies issues like missing CSP or HSTS, rates posture, checks OWASP compliance, and suggests fixes for XSS, clickjacking, and MIME sniffing.
Audits HTTP security headers including CSP, HSTS, X-Frame-Options, and Cookie attributes using curl scripts and tools like SecurityHeaders.com to identify missing or misconfigured web protections.