Güvenlik Header Kontrolü
Web sitelerinin güvenlik HTTP başlıklarını kontrol edin. CSP, HSTS, X-Frame-Options ve daha fazlası.
🛡️
Server-Side Analysis Required
Analyzing security headers requires directly reading server responses. Browser CORS restrictions prevent this. You can use the tools below.
Checked Security Headers
HSTS
Strict-Transport-SecurityCritical
Forces browser to use HTTPS only. Prevents man-in-the-middle attacks.
CSP
Content-Security-PolicyCritical
Restricts allowed content sources. Prevents XSS attacks.
XFO
X-Frame-OptionsImportant
Restricts the page from being displayed in an iframe. Prevents clickjacking attacks.
XCTO
X-Content-Type-OptionsImportant
Prevents MIME type sniffing. Prevents MIME sniffing attacks.
RP
Referrer-PolicyImportant
Controls how referrer information is shared. Provides privacy protection.
PP
Permissions-PolicyTavsiye Edilir
Restricts access to browser features such as camera, microphone, and location.
Bu Aracı Puanlayın
Bir yıldıza tıklayarak puanlayın
Sıkça Sorulan Sorular
Why are security headers important?
Security headers provide browser-level protection against XSS, clickjacking, MIME sniffing, and other common web attacks. Missing headers can create security vulnerabilities.
What is CSP (Content Security Policy)?
CSP is a powerful security mechanism that defines which sources content can be loaded from. It blocks inline scripts and external malicious sources.
How does HSTS work?
HSTS (HTTP Strict Transport Security) tells the browser to only connect to this site via HTTPS. This prevents attacks over HTTP.
What is SecurityHeaders.com?
A free tool developed by Scott Helme. It grades websites' security headers from A+ to F and provides recommendations for missing headers.