CtrlK
BlogDocsLog inGet started
Tessl Logo

http-header-security-audit

Http Header Security Audit - Auto-activating skill for Security Fundamentals. Triggers on: http header security audit, http header security audit Part of the Security Fundamentals skill category.

36

0.98x

Quality

3%

Does it follow best practices?

Impact

97%

0.98x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/http-header-security-audit/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

92%

-3%

HTTP Security Header Audit Tool

npm-based header audit script

Criteria
Without context
With context

npm package.json present

100%

100%

npm for dependencies

50%

20%

Content-Security-Policy checked

100%

100%

Strict-Transport-Security checked

100%

100%

X-Content-Type-Options checked

100%

100%

X-Frame-Options checked

100%

100%

Referrer-Policy checked

100%

100%

Report file generated

100%

100%

Present/missing/misconfigured status

100%

100%

Explanations per header

100%

100%

Standards-based evaluation

100%

100%

Without context: $0.4678 · 1m 50s · 24 turns · 24 in / 7,520 out tokens

With context: $0.5626 · 1m 59s · 28 turns · 102 in / 7,746 out tokens

100%

Secure Headers for an Express Application

production-ready security header middleware

Criteria
Without context
With context

Middleware applied globally

100%

100%

Content-Security-Policy set

100%

100%

X-Content-Type-Options set

100%

100%

X-Frame-Options set

100%

100%

Strict-Transport-Security set

100%

100%

Referrer-Policy set

100%

100%

npm used for new packages

100%

100%

Production-ready values

100%

100%

Report file present

100%

100%

Rationale per header

100%

100%

Permissions-Policy or additional header

100%

100%

Without context: $0.3571 · 1m 31s · 20 turns · 21 in / 5,475 out tokens

With context: $0.5365 · 2m 6s · 31 turns · 103 in / 6,437 out tokens

100%

Security Header Compliance Assessment

step-by-step audit workflow and vulnerability detection

Criteria
Without context
With context

Content-Security-Policy finding

100%

100%

X-Content-Type-Options finding

100%

100%

X-Frame-Options finding

100%

100%

Strict-Transport-Security finding

100%

100%

Severity ratings assigned

100%

100%

Remediation values provided

100%

100%

X-Powered-By flagged

100%

100%

Cookie security flagged

100%

100%

Structured JSON checklist

100%

100%

Prioritized remediation list

100%

100%

Step-by-step structure

100%

100%

Without context: $0.4182 · 2m 6s · 18 turns · 19 in / 7,751 out tokens

With context: $0.4813 · 2m 14s · 23 turns · 23 in / 7,837 out tokens

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

994edc4

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

HTTP Security Header Audit ToolSecure Headers for an Express ApplicationSecurity Header Compliance Assessment

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill