๐ŸŽฏ

security-headers

๐ŸŽฏSkill

from harperaa/secure-claude-skills

VibeIndex|
What it does
|

Security skill for configuring browser security headers including Content-Security-Policy, X-Frame-Options, HSTS, and MIME type protection. Covers middleware-based header application to defend against clickjacking, XSS, and SSL stripping attacks.

๐Ÿ“ฆ

Same repository

harperaa/secure-claude-skills(12 items)

security-headers

Installation

Vibe Index InstallInstalls to .claude/skills/
npx vibeindex add harperaa/secure-claude-skills --skill security-headers
skills.sh Installโš  Installs to .agents/skills/
npx skills add harperaa/secure-claude-skills --skill security-headers
Manual InstallCopy SKILL.md content and save to the path below
~/.claude/skills/security-headers/SKILL.md

SKILL.md

172Installs
-
AddedFeb 4, 2026

More from this repository10

๐ŸŽฏ
dependency-supply-chain-security๐ŸŽฏSkill

Secure Claude Skills skill teaching **dependency and supply chain security** โ€” protecting against malicious packages, lockfile manipulation, and compromised transitive dependencies in Next.js projects, as part of an OWASP-aligned defense-in-depth security suite with Clerk auth and Convex database.

๐ŸŽฏ
rate-limiting๐ŸŽฏSkill

Secure Claude Skills skill implementing **rate limiting** for brute force and abuse prevention โ€” covers token bucket and sliding window algorithms, per-user and per-IP throttling, and progressive penalties for Next.js API routes, as part of an OWASP-aligned defense-in-depth security suite.

๐ŸŽฏ
security-architecture-overview๐ŸŽฏSkill

Secure Claude Skills skill providing a **security architecture overview** โ€” maps the defense-in-depth security model across CSRF protection, rate limiting, input validation, security headers, error handling, authentication, payment security, dependency auditing, and security testing for Next.js apps with Clerk and Convex.

๐ŸŽฏ
security-testing-verification๐ŸŽฏSkill

Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, Clerk authentication, and automated security testing following OWASP best practices.

๐ŸŽฏ
csrf-protection๐ŸŽฏSkill

Secure Claude Skills skill implementing **CSRF protection** with HMAC-SHA256 cryptographic token signing โ€” covers attack mechanics (router DNS hijacking, YouTube 2012 vulnerability), origin/referer header validation, SameSite cookies, and a complete `withCsrf` middleware for protecting POST/PUT/DELETE endpoints in Next.js apps.

๐ŸŽฏ
secure-error-handling๐ŸŽฏSkill

Secure Claude Skills skill teaching **secure error handling** โ€” preventing information leakage through error responses by sanitizing stack traces, internal paths, and database details in production while maintaining useful debug output in development, as part of an OWASP-aligned security suite for Next.js apps.

๐ŸŽฏ
input-validation-xss-prevention๐ŸŽฏSkill

Secure Claude Skills skill teaching **input validation and XSS prevention** for Next.js apps โ€” implements sanitization, Content Security Policy, and injection attack defenses following OWASP best practices, as part of a defense-in-depth security suite with Clerk auth and Convex database integration.

๐ŸŽฏ
authentication-authorization-clerk๐ŸŽฏSkill

Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, authentication with Clerk, and security awareness training following OWASP best practices.

๐ŸŽฏ
payment-security-clerk-billing-stripe๐ŸŽฏSkill

Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, and Clerk Billing/Stripe payment security following OWASP best practices.

๐ŸŽฏ
security-prompts๐ŸŽฏSkill

Library of battle-tested security prompt templates for secure feature implementation, covering forms, endpoints, authentication, authorization, file uploads, RBAC, threat modeling, and OWASP security testing.