Security Headers Configurator

intermediatesecurityMin 16K context

Configures HTTP security headers to harden web applications. Covers Content-Security-Policy (including nonces and strict-dynamic), HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP, and cookie flags. Produces server/CDN configuration, explains tradeoffs, and provides a rollout plan using report-only mode to avoid breakage.

Use Cases

  • Writing a strict Content-Security-Policy with nonces
  • Enabling HSTS and secure cookie flags
  • Configuring COOP/COEP for cross-origin isolation
  • Rolling out CSP safely with report-only mode
  • Auditing existing headers for gaps

Example Prompt

Configure security headers for our web app served by [nginx/Cloudflare/Express].
Provide:
1. A strict CSP using nonces and strict-dynamic
2. HSTS, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options
3. Secure cookie flags
4. A report-only rollout plan to catch breakage
5. The exact config snippet for our server/CDN

Recommended Models

Compatible Tools

claude-codecursorkiroany

Modalities

Input: text, code
Output: text, code

Related Skills

Author

OpenModels Community

@openmodelsrun