Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aj-geddes/security-headers-configuration

Name: security-headers-configuration
Author: aj-geddes

skills/security-headers-configuration/SKILL.md

npx skillsauth add aj-geddes/useful-ai-prompts security-headers-configuration

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Security Headers Configuration

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Implement comprehensive HTTP security headers to protect web applications from XSS, clickjacking, MIME sniffing, and other browser-based attacks.

When to Use

New web application deployment
Security audit remediation
Compliance requirements
Browser security hardening
API security
Static site protection

Quick Start

Minimal working example:

// security-headers.js
const helmet = require("helmet");

function configureSecurityHeaders(app) {
  // Comprehensive Helmet configuration
  app.use(
    helmet({
      // Content Security Policy
      contentSecurityPolicy: {
        directives: {
          defaultSrc: ["'self'"],
          scriptSrc: [
            "'self'",
            "'unsafe-inline'", // Remove in production
            "https://cdn.example.com",
            "https://www.google-analytics.com",
          ],
          styleSrc: [
            "'self'",
            "'unsafe-inline'",
            "https://fonts.googleapis.com",
          ],
          fontSrc: ["'self'", "https://fonts.gstatic.com"],
          imgSrc: ["'self'", "data:", "https:", "blob:"],
          connectSrc: ["'self'", "https://api.example.com"],
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

| Guide | Contents | |---|---| | Node.js/Express Security Headers | Node.js/Express Security Headers | | Nginx Security Headers Configuration | Nginx Security Headers Configuration | | Python Flask Security Headers | Python Flask Security Headers | | Apache .htaccess Configuration | Apache .htaccess Configuration | | Security Headers Testing Script | Security Headers Testing Script |

Best Practices

✅ DO

Use HTTPS everywhere
Implement strict CSP
Enable HSTS with preload
Block framing with X-Frame-Options
Prevent MIME sniffing
Report CSP violations
Test headers regularly
Use security scanners

❌ DON'T

Allow unsafe-inline in CSP
Skip HSTS on subdomains
Ignore CSP violations
Use overly permissive policies
Forget to test changes

aj-geddes/security-headers-configuration

skills/security-headers-configuration/SKILL.md

Configure HTTP security headers including CSP, HSTS, X-Frame-Options, and XSS protection. Use when hardening web applications against common attacks.

154 stars

development

Updated Apr 1, 2026

$ install --global

skillsauth

npx skillsauth add aj-geddes/useful-ai-prompts security-headers-configuration

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 2, 2026, 3:12 AM57.9s7 files scanned

SKILL.md

name:: security-headers-configuration
description:: >

Security Headers Configuration

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Implement comprehensive HTTP security headers to protect web applications from XSS, clickjacking, MIME sniffing, and other browser-based attacks.

When to Use

New web application deployment
Security audit remediation
Compliance requirements
Browser security hardening
API security
Static site protection

Quick Start

Minimal working example:

// security-headers.js
const helmet = require("helmet");

function configureSecurityHeaders(app) {
  // Comprehensive Helmet configuration
  app.use(
    helmet({
      // Content Security Policy
      contentSecurityPolicy: {
        directives: {
          defaultSrc: ["'self'"],
          scriptSrc: [
            "'self'",
            "'unsafe-inline'", // Remove in production
            "https://cdn.example.com",
            "https://www.google-analytics.com",
          ],
          styleSrc: [
            "'self'",
            "'unsafe-inline'",
            "https://fonts.googleapis.com",
          ],
          fontSrc: ["'self'", "https://fonts.gstatic.com"],
          imgSrc: ["'self'", "data:", "https:", "blob:"],
          connectSrc: ["'self'", "https://api.example.com"],
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Best Practices

✅ DO

Use HTTPS everywhere
Implement strict CSP
Enable HSTS with preload
Block framing with X-Frame-Options
Prevent MIME sniffing
Report CSP violations
Test headers regularly
Use security scanners

❌ DON'T

Allow unsafe-inline in CSP
Skip HSTS on subdomains
Ignore CSP violations
Use overly permissive policies
Forget to test changes

Related Skills

aj-geddes/zero-trust-architecture

development

VerifiedTrustedCommunity

Implement Zero Trust security model with identity verification, microsegmentation, least privilege access, and continuous monitoring. Use when building secure cloud-native applications.

154SKILL.mdUpdated Apr 1, 2026

aj-geddes/zero-trust-architecture

aj-geddes/xss-prevention

development

VerifiedTrustedCommunity

Prevent Cross-Site Scripting (XSS) attacks through input sanitization, output encoding, and Content Security Policy. Use when handling user-generated content in web applications.

154SKILL.mdUpdated Apr 1, 2026

aj-geddes/xss-prevention

aj-geddes/wireframe-prototyping

tools

VerifiedTrustedCommunity

Create wireframes and interactive prototypes to visualize user interfaces and gather feedback early. Use tools and techniques to communicate design ideas before development.

154SKILL.mdUpdated Apr 1, 2026

aj-geddes/wireframe-prototyping

aj-geddes/websocket-implementation

development

VerifiedTrustedCommunity

Implement real-time bidirectional communication with WebSockets including connection management, message routing, and scaling. Use when building real-time features, chat systems, live notifications, or collaborative applications.

154SKILL.mdUpdated Apr 1, 2026

aj-geddes/websocket-implementation

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aj-geddes/useful-ai-prompts.git

# Copy into Claude Code skills folder (global)
cp -r useful-ai-prompts/skills/security-headers-configuration ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aj-geddes/useful-ai-prompts

154 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT

Adoption

aj-geddes/security-headers-configuration

$ install --global

Security Scan Results

SKILL.md

Security Headers Configuration

Table of Contents

Overview

When to Use

Quick Start

Reference Guides

Best Practices

✅ DO

❌ DON'T

Related Skills

aj-geddes/zero-trust-architecture

aj-geddes/xss-prevention

aj-geddes/wireframe-prototyping

aj-geddes/websocket-implementation

aj-geddes/security-headers-configuration

$ install --global

Security Scan Results

SKILL.md

Security Headers Configuration

Table of Contents

Overview

When to Use

Quick Start

Reference Guides

Best Practices

✅ DO

❌ DON'T

Related Skills

aj-geddes/zero-trust-architecture

aj-geddes/xss-prevention

aj-geddes/wireframe-prototyping

aj-geddes/websocket-implementation