This Skill provides a systematic HTTP security header audit workflow that leverages tools such as curl, SecurityHeaders.com, Mozilla Observatory, Burp Suit…
This Skill provides a systematic HTTP security header audit workflow that leverages tools such as curl, SecurityHeaders.com, Mozilla Observatory, Burp Suite, and browser DevTools to automatically or page-by-page collect and analyze response headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy, Set-Cookie, etc.). It is suitable for authorized penetration tests, compliance assessments (PCI DSS, SOC 2), CI/CD security gates, and initial reconnaissance. Core features include cross-page header comparison, HSTS and preloading eligibility assessment, CSP configuration and violation detection, Cookie Secure/HttpOnly/SameSite checks, HTTP→HTTPS redirection and mixed-content identification, and output of itemized remediation recommendations and risk ratings to help teams quickly reduce the browser-level attack surface and meet compliance requirements.
Esta página faz parte do hub OpenClaw Skills com guias de instalação, navegação por categorias e links práticos.