fusengine/security-headers
plugins/security-expert/skills/security-headers/SKILL.md
Verify and configure HTTP security headers (CSP, HSTS, CORS, X-Frame-Options, etc). Checks current configuration and generates framework-specific fixes.
$ install --global
skillsauthnpx skillsauth add fusengine/agents security-headersInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 11:45 PM115.7s3 files scanned
SKILL.md
- name:
- security-headers
- description:
- Verify and configure HTTP security headers (CSP, HSTS, CORS, X-Frame-Options, etc). Checks current configuration and generates framework-specific fixes.
- argument-hint:
- [framework]
- user-invocable:
- true
Security Headers Skill
Overview
Audit and configure HTTP security headers for web applications.
Required Headers
| Header | Purpose | Severity if Missing | |--------|---------|-------------------| | Content-Security-Policy | Prevent XSS/injection | HIGH | | Strict-Transport-Security | Force HTTPS | HIGH | | X-Content-Type-Options | Prevent MIME sniffing | MEDIUM | | X-Frame-Options | Prevent clickjacking | MEDIUM | | Referrer-Policy | Control referrer info | LOW | | Permissions-Policy | Control browser features | LOW | | X-XSS-Protection | Legacy XSS filter | LOW |
Workflow
- Detect framework (Next.js, Laravel, Express, etc.)
- Check current header configuration
- Compare against security best practices
- Generate framework-specific configuration
- Validate headers are properly set
Detection Points
| Framework | Config Location |
|-----------|----------------|
| Next.js | next.config.js headers, middleware.ts |
| Laravel | SecurityHeaders middleware |
| Express | helmet middleware |
| Django | SECURE_* settings |
References
- Headers Reference
- Config Templates
Related Skills
fusengine/seo-entity
development
VerifiedTrustedCommunity
Use when optimizing entity-based / semantic SEO 2026. Covers entity maps, Google Knowledge Graph resolution, salience scoring, passage-level ranking, about/sameAs/knowsAbout schema, Cloud Natural Language API validation.
13SKILL.mdUpdated Jun 4, 2026
fusengine/seo
development
VerifiedTrustedCommunity
Use when running SEO, GEO, schema, Core Web Vitals, sitemap, hreflang, E-E-A-T, AI Overviews, technical SEO, or structured data tasks. Covers full-site audits, single-page analysis, schema markup, content quality, AI search optimization, local SEO, sitemap/robots, internal linking, semantic clustering, and search experience.
13SKILL.mdUpdated May 17, 2026
fusengine/seo-sxo
development
VerifiedTrustedCommunity
Use when optimizing search experience (SXO). Covers intent matching, user personas, user stories, page-type analysis, dwell time, scroll depth, pogo-sticking prevention.
13SKILL.mdUpdated May 17, 2026
fusengine/seo-local
development
VerifiedTrustedCommunity
Use when optimizing local SEO. Covers Google Business Profile, NAP consistency, citations, reviews acquisition, Local Pack ranking, location pages, LocalBusiness schema.
13SKILL.mdUpdated May 17, 2026