http-security-headers-mcp
Analyze and score HTTP security headers (CSP, HSTS, CORS, cookies) with actionable fix recommendations for web applications.
README
http-security-headers-mcp
Analyze and score HTTP security headers (CSP, HSTS, CORS, cookies) with actionable fix recommendations for web applications.
Tools
| Tool | Description |
|---|---|
scan_headers |
Fetch a URL and analyze all security headers. Returns A+ to F grade with findings. |
score_headers |
Score a set of headers you provide. Returns grade and per-header breakdown. |
analyze_csp |
Deep analysis of a Content-Security-Policy header. Detects unsafe sources and bypass risks. |
generate_headers |
Generate recommended security headers config for Express, Next.js, nginx, Apache, Cloudflare, or Vercel. |
Quick Start
Install from MCPize (Recommended)
npx -y mcpize connect @shakiltousif/http-security-headers-mcp --client claude
Or visit: mcpize.com/mcp/http-security-headers-mcp
Per-client install
Claude: claude mcp add --transport http http-security-headers-mcp https://http-security-headers-mcp.mcpize.run/mcp
Cursor: cursor mcp add http-security-headers-mcp https://http-security-headers-mcp.mcpize.run/mcp
Windsurf: windsurf mcp add http-security-headers-mcp https://http-security-headers-mcp.mcpize.run/mcp
JSON Config (manual setup)
{
"mcpServers": {
"http-security-headers-mcp": {
"url": "https://http-security-headers-mcp.mcpize.run/mcp"
}
}
}
Run Locally
npm install
mcpize dev # Start dev server with hot reload
mcpize dev --playground # Interactive testing in your browser
Server runs at http://localhost:3000/mcp
Development
mcpize dev # Development mode (port 3000, hot reload, loads .env)
npm run build # Compile TypeScript
npm test # Run unit tests (26 tests)
bash test-mcp.sh # MCP protocol smoke test (14 checks)
npm start # Run compiled server (port 8080)
Deploy
mcpize login # Authenticate (opens browser)
mcpize deploy # Ship it!
Project Structure
src/
index.ts # Express + MCP server setup, tool registration
tools.ts # Pure business logic (header analysis, scoring, CSP parsing)
tests/
tools.test.ts # Unit tests (vitest)
test-mcp.sh # MCP protocol smoke test
mcpize.yaml # MCPize deployment config
Dockerfile # Production container build
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.