Http Security Headers
FreeNot checkedAnalyze and score HTTP security headers (CSP, HSTS, CORS, cookies) with actionable fix recommendations for web applications.
About
Analyze and score HTTP security headers (CSP, HSTS, CORS, cookies) with actionable fix recommendations for web applications.
README
Analyze and score HTTP security headers (CSP, HSTS, CORS, cookies) with actionable fix recommendations for web applications.
Tools
| Tool | Description |
|---|---|
scan_headers |
Fetch a URL and analyze all security headers. Returns A+ to F grade with findings. |
score_headers |
Score a set of headers you provide. Returns grade and per-header breakdown. |
analyze_csp |
Deep analysis of a Content-Security-Policy header. Detects unsafe sources and bypass risks. |
generate_headers |
Generate recommended security headers config for Express, Next.js, nginx, Apache, Cloudflare, or Vercel. |
Quick Start
Install from MCPize (Recommended)
npx -y mcpize connect @shakiltousif/http-security-headers-mcp --client claude
Or visit: mcpize.com/mcp/http-security-headers-mcp
Per-client install
Claude: claude mcp add --transport http http-security-headers-mcp https://http-security-headers-mcp.mcpize.run/mcp
Cursor: cursor mcp add http-security-headers-mcp https://http-security-headers-mcp.mcpize.run/mcp
Windsurf: windsurf mcp add http-security-headers-mcp https://http-security-headers-mcp.mcpize.run/mcp
JSON Config (manual setup)
{
"mcpServers": {
"http-security-headers-mcp": {
"url": "https://http-security-headers-mcp.mcpize.run/mcp"
}
}
}
Run Locally
npm install
mcpize dev # Start dev server with hot reload
mcpize dev --playground # Interactive testing in your browser
Server runs at http://localhost:3000/mcp
Development
mcpize dev # Development mode (port 3000, hot reload, loads .env)
npm run build # Compile TypeScript
npm test # Run unit tests (26 tests)
bash test-mcp.sh # MCP protocol smoke test (14 checks)
npm start # Run compiled server (port 8080)
Deploy
mcpize login # Authenticate (opens browser)
mcpize deploy # Ship it!
Project Structure
src/
index.ts # Express + MCP server setup, tool registration
tools.ts # Pure business logic (header analysis, scoring, CSP parsing)
tests/
tools.test.ts # Unit tests (vitest)
test-mcp.sh # MCP protocol smoke test
mcpize.yaml # MCPize deployment config
Dockerfile # Production container build
License
MIT
Installing Http Security Headers
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/shakiltousif/http-security-headers-mcpFAQ
Is Http Security Headers MCP free?
Yes, Http Security Headers MCP is free — one-click install via Unyly at no cost.
Does Http Security Headers need an API key?
No, Http Security Headers runs without API keys or environment variables.
Is Http Security Headers hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Http Security Headers in Claude Desktop, Claude Code or Cursor?
Open Http Security Headers on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Http Security Headers with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
