Walks you through implementing security headers and Content Security Policy without breaking your app. The smart part is the phased rollout: start with report-only mode to catch violations, analyze what's breaking for a week, then gradually enforce. Includes nonce generation for inline scripts and styles, a violation reporter endpoint, and Helmet.js integration examples. The rollout plan and common CSP issues section are genuinely useful since most teams just flip CSP on and watch everything explode. Code covers both Express middleware and template integration, plus testing examples. If you're adding security headers to an existing app, this approach beats the usual trial and error.
npx skills add https://github.com/patricio0312rev/skills --skill secure-headers-csp-builder