This is your checklist for implementing HTTP security headers across Express, Nginx, Flask, and Apache. It covers the essentials like HSTS, CSP, X-Frame-Options, and X-Content-Type-Options with ready-to-use configurations. The Express section uses Helmet with customizable CSP directives, and the Nginx config includes all the modern headers you need. What I like is the included verification tools and the common mistakes section, because CSP is notorious for breaking things when you deploy without testing. Use this when you're hardening a web app for production, passing a security audit, or just trying to get an A rating on securityheaders.com.
npx skills add https://github.com/secondsky/claude-skills --skill security-headers-configuration