This sets up HTTP security headers to protect web apps from XSS, clickjacking, and MIME sniffing attacks. You get reference implementations for Express, Nginx, Flask, and Apache covering CSP, HSTS, X-Frame-Options, and the rest of the standard hardening stack. Use it when deploying new apps, fixing security audit findings, or meeting compliance requirements. The guides are platform specific which is helpful since header syntax varies wildly between a Node middleware and an htaccess file. One thing to note: the quick start shows unsafe-inline in the CSP example, which the best practices section correctly warns against, so you'll want to tighten that up for production.
npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill security-headers-configuration