http-header-security-audit

Http Header Security Audit - Auto-activating skill for Security Fundamentals. Triggers on: http header security audit, http header security audit Part of the Security Fundamentals skill category.

0.98x

Quality

Does it follow best practices?

Impact

97%

0.98x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/http-header-security-audit/SKILL.md

Evaluation results

92%

-3%

HTTP Security Header Audit Tool

npm-based header audit script

Criteria

Without context

With context

npm package.json present

100%

npm for dependencies

50%

20%

Content-Security-Policy checked

100%

Strict-Transport-Security checked

100%

X-Content-Type-Options checked

100%

X-Frame-Options checked

100%

Referrer-Policy checked

100%

Report file generated

100%

Present/missing/misconfigured status

100%

Explanations per header

100%

Standards-based evaluation

100%

Secure Headers for an Express Application

production-ready security header middleware

Criteria

Without context

With context

Middleware applied globally

100%

Content-Security-Policy set

100%

X-Content-Type-Options set

100%

X-Frame-Options set

100%

Strict-Transport-Security set

100%

Referrer-Policy set

100%

npm used for new packages

100%

Production-ready values

100%

Report file present

100%

Rationale per header

100%

Permissions-Policy or additional header

100%

Security Header Compliance Assessment

step-by-step audit workflow and vulnerability detection

Criteria

Without context

With context

Content-Security-Policy finding

100%

X-Content-Type-Options finding

100%

X-Frame-Options finding

100%

Strict-Transport-Security finding

100%

Severity ratings assigned

100%

Remediation values provided

100%

X-Powered-By flagged

100%

Cookie security flagged

100%

Structured JSON checklist

100%

Prioritized remediation list

100%

Step-by-step structure

100%

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: c8a915c

Evaluated: about 1 month ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

HTTP Security Header Audit Tool Secure Headers for an Express Application Security Header Compliance Assessment

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.