Analyze HTTP security headers to identify vulnerabilities and enhance website protection against common web attacks.
Inspect security-related HTTP headers (see browser_docs)
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description carries full burden. It mentions inspecting headers but doesn't disclose behavioral traits such as whether it requires an active browser page, what permissions are needed, if it's read-only or has side effects, or how it handles errors. The reference to 'browser_docs' suggests missing details, making it insufficient for safe and effective use.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, efficient sentence that directly states the tool's purpose. However, it includes a reference to 'browser_docs', which adds a dependency and slightly reduces self-contained clarity. Overall, it's front-loaded and wastes no words, but could be more complete without external references.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the complexity of security header inspection and lack of annotations and output schema, the description is incomplete. It doesn't explain what the tool returns, how headers are presented, or any limitations. The reference to 'browser_docs' indicates reliance on external information, failing to provide enough context for standalone use by an AI agent.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 0 parameters with 100% coverage, so no parameter documentation is needed. The description doesn't add parameter details, which is appropriate here. A baseline of 4 is applied since the schema fully covers the absence of parameters, and the description doesn't need to compensate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description states the tool inspects security-related HTTP headers, which is a clear purpose, but it's vague about scope and mechanism. It references 'browser_docs' for details, suggesting incomplete information. It doesn't distinguish from siblings like 'browser_sec_get_certificate_info' or 'browser_sec_get_csp_violations', leaving ambiguity about what specific headers or security aspects it covers.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No explicit guidance on when to use this tool versus alternatives is provided. The mention of 'browser_docs' implies external documentation might contain usage details, but the description itself lacks context, prerequisites, or comparisons to sibling tools like other browser_sec_* functions. This leaves the agent without clear direction on appropriate scenarios.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/MadeByTokens/browser-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server