AI
AIExposureTool
Docs

Fix Prompts

Every issue in your scan report comes with a copy-paste fix prompt for Claude, Cursor, ChatGPT, or Gemini. Paste it into your AI tool and it implements the fix — no manual research needed.

What are fix prompts?

Fix prompts are pre-written AI instructions tailored to your specific scan results. Instead of Googling how to add a CSP header in Next.js and then figuring out how to explain the problem to Claude, your fix prompt arrives pre-written with:

  • The exact issue found on your site
  • Your framework (Next.js, Astro, Express, etc.)
  • The specific fix required (not a generic explanation)
  • A request for the AI to explain what it's doing
  • Verification steps so you can confirm the fix worked

Which AI tool to use

Claude

Understanding why the issue matters, implementing in full stack Next.js or Node.js projects, writing entire config files

Cursor

In-editor fixes — Cursor reads your actual codebase and applies changes in context, with full file awareness

ChatGPT

Framework-specific guidance, especially for non-Next.js stacks (Django, Rails, Flask, Express)

Gemini

Google Cloud deployments, Firebase apps, and Android-adjacent projects

Example fix prompts

These are representative examples. The prompts in your scan report are pre-filled with your actual findings.

Missing Content-Security-Policy headerClaude / Cursor
My Next.js website is missing a Content-Security-Policy (CSP) header.

Current state: No CSP header is present in HTTP responses.

Please:
1. Add a Content-Security-Policy header to my Next.js app via next.config.js headers()
2. Start with a policy that allows my own domain, common CDN sources, and inline styles (since the app uses Tailwind)
3. Explain each directive you add
4. Show the complete next.config.js headers configuration

Framework: Next.js 15 (App Router)
API key exposed in JavaScript bundleClaude / Cursor
My website has an exposed API key in a public JavaScript bundle. The key is a [KEY_TYPE] key starting with [KEY_PREFIX].

Current state: The key is being used directly in client-side code, making it visible to anyone in devtools.

Please:
1. Move the API call to a Next.js API route (server-side)
2. Store the key in .env.local as [ENV_VAR_NAME]
3. Update the client-side code to call our API route instead
4. Add the API route with proper error handling
5. Confirm the key will not appear in any client bundle

Framework: Next.js 15 (App Router)
Missing HSTS headerClaude / Cursor
My website is missing an HTTP Strict Transport Security (HSTS) header.

Please add the Strict-Transport-Security header to my Next.js app with:
- max-age of at least 31536000 (1 year)
- includeSubDomains directive
- Via next.config.js headers() configuration

Show the complete headers configuration.
Missing llms.txtClaude / ChatGPT
I need to create a /llms.txt file for my product to improve AI visibility.

My product: [PRODUCT_NAME]
What it does: [ONE_LINE_DESCRIPTION]
Target audience: [TARGET_AUDIENCE]
Key features: [LIST_KEY_FEATURES]
Pricing: [PRICING_SUMMARY]
Key URLs: homepage [URL], pricing [URL], docs [URL]

Please generate a complete llms.txt file following the llmstxt.org specification with all required sections: product name as H1, one-line description as blockquote, Overview, Target Audience, Key Features, Pricing, and Optional Links.

FAQ

Do fix prompts require me to understand the underlying code?

No — that's the point. Fix prompts are written to work even if you don't know what CSP or HSTS means. You paste the prompt into Claude or Cursor, and it explains what it's doing as it fixes it. Most prompts include a request for explanation alongside the fix.

Which tool gives the best results — Claude, Cursor, ChatGPT, or Gemini?

For in-codebase fixes (security headers, API route refactoring), Cursor gives the best results because it has full context of your actual files. For understanding concepts or generating config from scratch, Claude gives the most thorough explanations. For non-Next.js stacks (Django, Rails, Express), ChatGPT has broader framework coverage.

Do I need a paid plan to access fix prompts?

Basic fix prompts are available on the free plan. Full, issue-specific fix prompts tailored to your exact scan results are available on Starter and Pro plans.

What if the fix prompt doesn't work for my specific setup?

Fix prompts include your framework (Next.js, etc.) and the specific issue. If you're on a different stack, you can tell Claude or ChatGPT your actual framework at the start of the prompt — most fixes translate directly. If you're stuck, contact support@aiexposuretool.com.

Get your fix prompts

Run a scan and get issue-specific fix prompts for Claude, Cursor, ChatGPT, and Gemini.

Run free auditSecurity scanner

Related docs

llms.txt guideHow secret detection worksAll 19 security checksAI Exposure Score methodology
Fix Prompts — How to Use AI to Fix Your Security & Visibility Issues | AIExposureTool | AIExposureTool