How does the security grading system work?

It assigns a grade from A+ to F based on a 100-point scale. A+ indicates all critical headers are perfectly configured, while lower grades reflect missing headers or significant security gaps.

Does this tool check for SSL/TLS issues?

While its primary focus is HTTP headers, it does check for HTTPS enforcement, HSTS implementation, and flags SSL certificate verification failures during the fetching phase.

What headers does this skill analyze?

The skill analyzes critical headers including Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Frame-Options, X-Content-Type-Options, and Permissions-Policy, as well as cookie security attributes.

Can I analyze multiple domains at once?

Yes, the skill supports batch analysis and can generate comparison reports or individual JSON files for multiple domains in a single session.

Does it provide implementation examples for fixes?

Yes, every identified vulnerability or missing header comes with specific remediation recommendations and code examples you can apply directly to your server configuration.

Security Headers Analyzer

Name: Security Headers Analyzer
Author: BbgnsurfTech

byBbgnsurfTech

•

Security & Testing

Analyzes HTTP security headers to identify vulnerabilities, assess compliance, and provide actionable remediation steps for web applications.

The Security Headers Analyzer is a specialized skill designed to automate the auditing of website response headers. It evaluates critical security controls such as Content Security Policy (CSP), Strict-Transport-Security (HSTS), and X-Frame-Options against industry best practices. By providing a clear grading system from A+ to F, it helps developers and security professionals quickly identify misconfigurations, understand the associated risks, and implement specific code-based fixes to harden their web infrastructure against common attacks like XSS, clickjacking, and protocol downgrades.

Key Features

01Detection of information disclosure in Server and X-Powered-By headers

023 GitHub stars

03Detailed remediation recommendations with implementation examples

04Automated scanning of critical and secondary HTTP security headers

05Security grading system (A+ to F) based on configuration quality

06Support for batch domain analysis and exportable JSON/CSV reporting

Use Cases

01Conducting automated security audits during the CI/CD pipeline or before production releases

02Troubleshooting complex Content Security Policy (CSP) or Permissions-Policy configurations

03Benchmarking the security posture of multiple web properties against OWASP standards

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bbgnsurftech/claude-skills-collection security-headers-analyzer

For use in Claude.ai and ChatGPT

Download Skill