ToolypetMCP
intermediate5 minutessecurity

Web Security Header Audit

Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.

security-headerscspcorsaudit

何时使用此配方

Run this audit before launching any web application. Security headers protect against XSS, clickjacking, and other common attacks. Many compliance standards require proper header configuration.

步骤

1

Security Header Checker

试用此工具

Audit existing security headers

提示词:Check these security headers: X-Frame-Options: DENY, Strict-Transport-Security: max-age=31536000
2

CSP Generator

试用此工具

Create a proper CSP policy

提示词:Generate a Content Security Policy allowing scripts from self and Google Analytics
3

CSP Evaluator

试用此工具

Verify the CSP is secure

提示词:Evaluate the generated CSP policy for weaknesses
4

CORS Header Generator

试用此工具

Configure CORS properly

提示词:Generate CORS headers allowing requests from https://app.example.com

常见问题

What's the most important security header?

Content-Security-Policy (CSP) is the most impactful as it prevents XSS attacks. Strict-Transport-Security (HSTS) is also critical for HTTPS enforcement.

How often should I audit security headers?

Audit after every deployment and at least monthly. New third-party scripts or CDN changes may require CSP updates.

相关配方

Secure Password Workflow

Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.

JWT Authentication Setup

Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.

API Security Hardening

Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.

SSL Certificate Verification

Decode and verify SSL certificates, check expiration, and generate secure RSA keys for renewal.

返回所有配方