analyzing-security-headers
This skill analyzes HTTP security headers of a given domain to identify potential vulnerabilities and misconfigurations. It provides a detailed report with a grade, score, and recommendations for improvement. Use this skill when the user asks to "analyze security headers", "check HTTP security", "scan for security vulnerabilities", or requests a "security audit" of a website. It will automatically activate when security-related keywords are used in conjunction with domain names or URLs.
87
53%
Does it follow best practices?
Impact
94%
1.16xAverage score across 9 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/security-headers-analyzer/skills/security-headers-analyzer/SKILL.mdEvaluation results
94%
11%Website Security Header Assessment
Structured security report with grade and score
Security grade present
100%
100%
Numeric score present
0%
100%
Missing headers identified
100%
100%
Misconfigured headers identified
100%
70%
Per-header recommendations
100%
100%
HSTS coverage
100%
100%
CSP coverage
100%
100%
Headers checked against best practices
37%
62%
Actionable recommendations
100%
100%
Report covers multiple header types
100%
100%
98%
24%Pre-Audit HTTP Security Review
HSTS and CSP prioritization in recommendations
HSTS prioritized
85%
100%
Downgrade attack explanation
33%
100%
CSP recommendation present
100%
100%
CSP strictness mentioned
100%
100%
XSS mitigation linked to CSP
100%
100%
Security grade present
62%
100%
Numeric score present
0%
100%
Actionable HSTS fix
100%
100%
Multiple headers assessed
100%
100%
Missing vs misconfigured distinction
16%
66%
100%
8%Security Header Monitoring Program
Ongoing monitoring and integration recommendations
Regular scan recommendation
100%
100%
Integration with other tools
100%
100%
Security grade present
100%
100%
Numeric score present
0%
100%
Missing headers listed
100%
100%
Actionable immediate fixes
100%
100%
HSTS mentioned
100%
100%
CSP mentioned
100%
100%
Monitoring cadence specificity
100%
100%
Comprehensive header coverage
100%
100%
Regression detection guidance
100%
100%
100%
Merger Security Posture Comparison
Comparative multi-domain security analysis
Grade for domain 1
100%
100%
Score for domain 1
100%
100%
Grade for domain 2
100%
100%
Score for domain 2
100%
100%
HSTS assessed per domain
100%
100%
CSP assessed per domain
100%
100%
Comparative verdict
100%
100%
Per-domain recommendations
100%
100%
HSTS downgrade attack
100%
100%
CSP XSS mitigation
100%
100%
Missing vs present distinction
100%
100%
84%
11%Web Server Security Header Hardening
Concrete server implementation examples
Security grade present
0%
100%
Numeric score present
0%
100%
HSTS directive example
100%
100%
HSTS listed first or as top priority
0%
0%
Downgrade attack prevention
50%
60%
CSP directive example
100%
100%
CSP strictness guidance
100%
80%
CSP linked to XSS
100%
100%
Multiple header directives
100%
100%
Actionable without further research
100%
100%
Missing vs misconfigured
100%
100%
92%
8%Third-Party Payment Provider Security Vetting
Vendor security assessment with integration guidance
Security grade present
66%
100%
Numeric score present
0%
100%
HSTS coverage
100%
100%
HSTS downgrade protection
100%
100%
CSP coverage
100%
100%
CSP XSS link
0%
0%
Ongoing monitoring plan
100%
100%
Monitoring frequency specified
100%
100%
Complementary tools mentioned
100%
100%
Missing vs misconfigured
100%
100%
Actionable recommendations
100%
100%
Multiple headers assessed
100%
100%
88%
-8%Fintech Platform Security Review Before Banking Partner Due Diligence
Fintech pre-launch security compliance report
Security grade present
100%
100%
Numeric score present
100%
100%
Missing headers identified
100%
100%
Misconfigured headers identified
100%
100%
Per-header recommendations
100%
100%
HSTS listed as top priority
100%
100%
HSTS downgrade attack explanation
100%
0%
HSTS directive example
100%
100%
CSP strict policy recommended
66%
100%
CSP linked to XSS
100%
100%
Multiple headers covered
100%
100%
98%
18%API Gateway Security Header Audit for Mobile App Backend
API endpoint security header analysis
Security grade present
100%
100%
Numeric score present
100%
100%
Missing vs present distinction
100%
100%
HSTS assessed
100%
100%
HSTS downgrade prevention
100%
100%
HSTS concrete directive
100%
100%
HSTS as top priority
100%
100%
CSP assessed
100%
100%
Strict CSP recommended
0%
80%
CSP XSS linkage
0%
100%
Actionable concrete recommendations
100%
100%
Multiple headers assessed
100%
100%
100%
Comprehensive Security Assessment with Long-Term Monitoring Strategy
Vulnerability scanner integration and comprehensive security assessment
Security grade present
100%
100%
Numeric score present
100%
100%
Missing headers identified
100%
100%
Misconfigured headers identified
100%
100%
Regular scanning recommended
100%
100%
Scanning frequency specified
100%
100%
Regression detection guidance
100%
100%
Complementary security tools mentioned
100%
100%
Vulnerability scanner specifically mentioned
100%
100%
HSTS downgrade protection
100%
100%
CSP XSS mitigation
100%
100%
Actionable remediation steps
100%
100%
- Commit
13d35b8
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.