Skip to main content
Run any Skill in Manus
with one click

security-misconfiguration-and-headers

Stars2
Forks1
UpdatedJuly 9, 2026 at 12:42

SAST detection methodology for security misconfiguration and missing/weak security headers (CWE-16), including absent CSP/HSTS/X-Content-Type-Options, clickjacking via missing X-Frame-Options / CSP frame-ancestors (CWE-1021), insecure cookie attributes (Secure/HttpOnly/SameSite, cookie scope, __Host-/ __Secure- prefixes), cleartext/mixed content (CWE-319), verbose banners, default pages/credentials, directory listing, and dangerous HTTP methods. Use when reviewing server/framework config, response headers, cookie setup, and web-server hardening. Writes confirmed findings to findings/39-security-misconfiguration-and-headers.md.

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

SKILL.md
readonly