hjemmesidekongen/http-protocols
plugins/smedjen/skills/http-protocols/SKILL.md
HTTP/1.1 vs 2 vs 3, TCP handshake, cookies, sessions, CORS, caching headers, and protocol fundamentals. Covers multiplexing, QUIC, Set-Cookie attributes, JWT vs server sessions, preflight mechanics, Cache-Control directives, and content negotiation.
development
Updated Apr 5, 2026
$ install --global
skillsauthnpx skillsauth add hjemmesidekongen/ai http-protocolsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 5:29 PM11.9s2 files scanned
SKILL.md
- name:
- http-protocols
- description:
- >
- user_invocable:
- false
- interactive:
- false
- model_tier:
- senior
- depends_on:
- []
- reads:
- []
- writes:
- []
- type:
- data_validation
- - name:
- compression_enabled
- verify:
- Text responses (HTML, JSON, CSS, JS) served with gzip or brotli encoding
- fail_action:
- Enable compression at server or CDN layer; verify Content-Encoding header in response
- on_fail:
- HTTP protocol check failed — resolve before shipping
- on_pass:
- HTTP protocol checks passed
- origin:
- smedjen
- inspired_by:
- original
- ported_date:
- 2026-03-10
- iteration:
- 2
- changes:
- Replaced protocol fundamentals with CDN strategy, rate limiting, and HTTP/3 adoption guidance
http-protocols
Operational HTTP patterns beyond protocol fundamentals — CDN strategy, rate limiting, versioning, and cache optimization.
CDN Cache Invalidation
Versioned URLs (default): Hash in filename (app.a1b2c3.js), Cache-Control: public, max-age=31536000, immutable. New deploy = new URL = instant invalidation. Index HTML uses no-cache.
Tag-based purge: Surrogate keys (Surrogate-Key: product-123 category-shoes), purge by tag on data change. Fastly native, Cloudflare Enterprise. Better than full purge for dynamic content.
SWR tuning: Cache-Control: max-age=60, stale-while-revalidate=3600 — serve stale while fetching fresh. max-age = acceptable staleness, swr = maximum tolerance.
HTTP/3 Adoption Decision
Enable when: CDN supports it (Cloudflare/Fastly/CloudFront), browser clients, latency > throughput. Deploy at CDN layer with Alt-Svc: h3=":443"; ma=86400. No app code changes.
Hold off when: corporate proxies block UDP/443, server-to-server traffic, APM tools lack QUIC support.
Rate Limiting Patterns
Token bucket: Fixed replenish rate, burst up to bucket size. Redis + Lua for distributed — EVALSHA atomically checks and decrements.
Sliding window: Rolling time window, no burst spikes at boundaries. Redis sorted sets: ZADD/ZRANGEBYSCORE/ZREMRANGEBYSCORE.
Headers: Always return X-RateLimit-Limit, Remaining, Reset (Unix). Retry-After on 429.
API Versioning
URL path (/v2/users): Simple, visible in logs, recommended for public APIs.
Accept header (application/vnd.api+json;version=2): Clean URLs, better for internal APIs.
Never query param (?v=2): Breaks caching, no standard.
Conditional Request Optimization
ETag generation: Hash body for static assets. For DB responses, composite updated_at + ID. Weak ETags (W/"abc") match semantically equivalent responses.
304 savings: Saves bandwidth, not compute. Cache server-side too for expensive queries.
See references/process.md for TCP/TLS handshakes, status codes, cookie attributes, CORS headers, and compression.
Related Skills
hjemmesidekongen/brand-strategy
development
VerifiedTrustedCommunity
Creates a brand from scratch through market research and interactive sparring. Runs competitive research via Perplexity, then guides the user through positioning, audience, voice, values, and content pillars. Produces the full brand guideline set at .ai/brand/{name}/. Use when building a new brand, defining brand strategy for a product, or when /våbenskjold:create is invoked.
SKILL.mdUpdated Apr 5, 2026
hjemmesidekongen/brand-loader
testing
VerifiedTrustedCommunity
Loads brand guidelines from .ai/brand/{name}/ and makes them available to the current context. Progressive disclosure: L1 confirms brand exists, L2 loads summary, L3 loads specific files on demand. Use when a downstream skill or user needs brand context, or when /våbenskjold:apply is invoked.
SKILL.mdUpdated Apr 5, 2026
hjemmesidekongen/brand-evolve
documentation
VerifiedTrustedCommunity
Guided reinvention of an existing brand guideline. Loads current brand from .ai/brand/{name}/, identifies what to keep vs change, and walks the user through targeted evolution. Preserves brand equity while updating positioning, voice, or values. Use when refreshing a brand or when /våbenskjold:evolve is invoked.
SKILL.mdUpdated Apr 5, 2026
hjemmesidekongen/brand-audit
development
VerifiedTrustedCommunity
Codifies an existing brand from materials, samples, and references. Analyzes provided content to extract voice patterns, values, and positioning. Produces the same guideline format as brand-strategy. Use when a brand already exists but isn't documented, or when /våbenskjold:audit is invoked.
SKILL.mdUpdated Apr 5, 2026