Security Headers Configurator
intermediatesecurityMin 16K context
Configures HTTP security headers to harden web applications. Covers Content-Security-Policy (including nonces and strict-dynamic), HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP, and cookie flags. Produces server/CDN configuration, explains tradeoffs, and provides a rollout plan using report-only mode to avoid breakage.
Use Cases
- Writing a strict Content-Security-Policy with nonces
- Enabling HSTS and secure cookie flags
- Configuring COOP/COEP for cross-origin isolation
- Rolling out CSP safely with report-only mode
- Auditing existing headers for gaps
Example Prompt
Configure security headers for our web app served by [nginx/Cloudflare/Express]. Provide: 1. A strict CSP using nonces and strict-dynamic 2. HSTS, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options 3. Secure cookie flags 4. A report-only rollout plan to catch breakage 5. The exact config snippet for our server/CDN
Recommended Models
Compatible Tools
claude-codecursorkiroany
Modalities
Input: text, code
→Output: text, code
Related Skills
Author
OpenModels Community