Security anti-pattern for missing security headers (CWE-16). Use when generating or reviewing web application code, server configuration, or HTTP response handling. Detects missing CSP, HSTS, X-Frame-Options, and other protective headers.
Quickly install missing-security-headers-anti-pattern AI skill to your development environment via command line
Source: igbuend/grimbard.
HTTP security headers defend against XSS, clickjacking, and man-in-the-middle attacks at the browser level. Applications failing to send these headers rely on insecure browser defaults, missing a powerful declarative security layer.
The anti-pattern is omitting security headers from HTTP responses. Browsers default to permissive policies; servers must instruct stricter controls.
Implement a middleware or a global response filter in your application that adds the following headers to all outgoing responses.
Security anti-pattern for missing security headers (CWE-16). Use when generating or reviewing web application code, server configuration, or HTTP response handling. Detects missing CSP, HSTS, X-Frame-Options, and other protective headers. Source: igbuend/grimbard.
Stable fields and commands for AI/search citations.
npx skills add https://github.com/igbuend/grimbard --skill missing-security-headers-anti-patternSecurity anti-pattern for missing security headers (CWE-16). Use when generating or reviewing web application code, server configuration, or HTTP response handling. Detects missing CSP, HSTS, X-Frame-Options, and other protective headers. Source: igbuend/grimbard.
Open your terminal or command line tool (Terminal, iTerm, Windows Terminal, etc.) Copy and run this command: npx skills add https://github.com/igbuend/grimbard --skill missing-security-headers-anti-pattern Once installed, the skill will be automatically configured in your AI coding environment and ready to use in Claude Code, Cursor, or OpenClaw
https://github.com/igbuend/grimbard