security-headers

Verifies and configures HTTP security headers (HSTS, CSP, X-Frame-Options, etc.) for web servers, reverse proxies, and app middleware. Useful when reviewing or hardening security header configurations.

Audits HTTP security headers (CSP, HSTS, X-Frame-Options, Permissions-Policy), identifies overly permissive directives, and generates production-ready policies for web applications.

Configures HTTP security headers like HSTS, CSP, X-Frame-Options, X-Content-Type-Options for Express, Nginx, Flask. Protects against XSS, clickjacking, MIME sniffing; useful for hardening web apps and passing audits.