Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Http Security Headers

FreeNot checked

Analyze and score HTTP security headers (CSP, HSTS, CORS, cookies) with actionable fix recommendations for web applications.

GitHubEmbed

About

Analyze and score HTTP security headers (CSP, HSTS, CORS, cookies) with actionable fix recommendations for web applications.

README

Analyze and score HTTP security headers (CSP, HSTS, CORS, cookies) with actionable fix recommendations for web applications.

Available on MCPize

Tools

Tool Description
scan_headers Fetch a URL and analyze all security headers. Returns A+ to F grade with findings.
score_headers Score a set of headers you provide. Returns grade and per-header breakdown.
analyze_csp Deep analysis of a Content-Security-Policy header. Detects unsafe sources and bypass risks.
generate_headers Generate recommended security headers config for Express, Next.js, nginx, Apache, Cloudflare, or Vercel.

Quick Start

Install from MCPize (Recommended)

npx -y mcpize connect @shakiltousif/http-security-headers-mcp --client claude

Or visit: mcpize.com/mcp/http-security-headers-mcp

Per-client install

Claude:    claude mcp add --transport http http-security-headers-mcp https://http-security-headers-mcp.mcpize.run/mcp
Cursor:    cursor mcp add http-security-headers-mcp https://http-security-headers-mcp.mcpize.run/mcp
Windsurf:  windsurf mcp add http-security-headers-mcp https://http-security-headers-mcp.mcpize.run/mcp

JSON Config (manual setup)

{
  "mcpServers": {
    "http-security-headers-mcp": {
      "url": "https://http-security-headers-mcp.mcpize.run/mcp"
    }
  }
}

Run Locally

npm install
mcpize dev              # Start dev server with hot reload
mcpize dev --playground # Interactive testing in your browser

Server runs at http://localhost:3000/mcp

Development

mcpize dev         # Development mode (port 3000, hot reload, loads .env)
npm run build      # Compile TypeScript
npm test           # Run unit tests (26 tests)
bash test-mcp.sh   # MCP protocol smoke test (14 checks)
npm start          # Run compiled server (port 8080)

Deploy

mcpize login                # Authenticate (opens browser)
mcpize deploy               # Ship it!

Project Structure

src/
  index.ts          # Express + MCP server setup, tool registration
  tools.ts          # Pure business logic (header analysis, scoring, CSP parsing)
tests/
  tools.test.ts     # Unit tests (vitest)
test-mcp.sh         # MCP protocol smoke test
mcpize.yaml         # MCPize deployment config
Dockerfile          # Production container build

License

MIT

from github.com/shakiltousif/http-security-headers-mcp

Installing Http Security Headers

This server has no published package — it is built from source. Open the repository and follow its README.

▸ github.com/shakiltousif/http-security-headers-mcp

FAQ

Is Http Security Headers MCP free?

Yes, Http Security Headers MCP is free — one-click install via Unyly at no cost.

Does Http Security Headers need an API key?

No, Http Security Headers runs without API keys or environment variables.

Is Http Security Headers hosted or self-hosted?

A hosted option is available: Unyly runs the server in the cloud, no local setup required.

How do I install Http Security Headers in Claude Desktop, Claude Code or Cursor?

Open Http Security Headers on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Http Security Headers with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All development MCPs