with one click
security-headers-csp
Best practices for HSTS, CORS, CSP, and security headers.
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Menu
Best practices for HSTS, CORS, CSP, and security headers.
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
Bootstraps a new project with standard folder structure, git init, basic files, planning doc skeletons, and initial memory.json. Triggers on new project creation keywords. CRITICAL for first-time setup.
Configuration for Virtual Hosts, .htaccess, and PHP-FPM in LAMP stacks.
Principles for REST, GraphQL, versioning, and API authentication.
Optimization and usage of SVGs, fonts, and static assets.
Patterns for maintaining or migrating Bootstrap 3/4/5 projects.
Caddyfile configuration, auto-HTTPS, and FastCGI.
| name | security-headers-csp |
| description | Best practices for HSTS, CORS, CSP, and security headers. |
Strict-Transport-Security: max-age=31536000 (1 year).X-Content-Type-Options: nosniff.X-Frame-Options: DENY or SAMEORIGIN.default-src 'self'.'unsafe-inline' or 'unsafe-eval'. Use nonces or hashes if inline scripts are necessary.report-uri or report-to to monitor violations without breaking the site initially (Content-Security-Policy-Report-Only).Access-Control-Allow-Origin: * with credentials.