Ask Claude to Audit Your HTTP Security Headers
HTTP security headers like Content-Security-Policy, Strict-Transport-Security, and Permissions-Policy are easy to overlook until something goes wrong. Claude can audit your current setup and tell you exactly what's missing or misconfigured.
Here's my Express middleware setup. Audit it for security header issues,
tell me what's missing or weakly configured, and suggest what to add:
app.use(helmet());
app.use((req, res, next) => {
res.setHeader('X-Frame-Options', 'DENY');
next();
});
Claude will review what helmet() provides by default, flag headers that are absent or set too loosely, and suggest additions like a Content-Security-Policy tailored to your app's specific needs. It also explains why each header matters and what attacks it prevents — clickjacking, MIME sniffing, cross-origin leaks, and so on.
For Laravel apps, paste your middleware or bootstrap/app.php. For Nginx, paste your server {} block. Claude adapts to your stack.
Generate a strict Content-Security-Policy for a React SPA that:
- Loads assets from a CDN at assets.example.com
- Uses an inline Google Fonts stylesheet
- Makes API calls to api.example.com
Claude will produce a CSP header you can drop straight into your config, with nonce or hash suggestions for any inline scripts.
Security headers are a five-minute fix that prevents a whole class of attacks — let Claude tell you which ones you're missing.
Log in to leave a comment.
When a page takes five seconds to load or an API endpoint times out under load, tell Claude which route is slow and it traces the entire code path — controller, services, queries, loops — identifying N+1 queries, redundant computations, missing indexes, and cacheable operations, then fixes each bottleneck.
Flaky tests are maddening — they pass locally, fail in CI, pass again when you retry. Tell Claude to read the test, identify the source of non-determinism — timing issues, shared state, date dependencies, or order-dependent setup — and fix the root cause so the test is reliably green or reliably red.
When your app throws an error, don't just Google the message — paste the full stack trace into Claude Code. It reads the trace, opens the referenced files in your codebase, follows the call chain, and pinpoints the actual root cause instead of just explaining the symptom.