Na'urar Duba Kan Kai ta Tsaro- Gwada Tsaron HTTP na Yanar Gizonku

🛡️ Security Headers Scanner

Check if your website has implemented security standards like CSP, HSTS, X-Frame-Options, and more.

0
Security Score
💡 Security Recommendations:

Na'urar Na'urar Duba Kan Kan Tsaro: Yi nazari da kuma Taurara Shafin Yanar Gizonku

Shin bayanan gidan yanar gizonku suna zubarwa ko kuma suna fuskantar barazanar kamuwa da allura? Na'urar Binciken Kanun Labarai ta Tsaronmu tana ba da cikakken bincike kan kanun martani na HTTP na shafinku nan take. Kanun labarai na tsaro na HTTP wani muhimmin bangare ne na tsaron yanar gizo, suna koya wa masu bincike yadda za su sarrafa abubuwan da ke cikin shafinku lafiya. Yi amfani da wannan kayan aiki don gano kariyar da ta ɓace da kuma samun shawara mai amfani kan yadda za a gyara su.

Me yasa Kanun Tsaro na HTTP suke da mahimmanci?

Tsaron ɓangaren sabar ba wai kawai game da firewalls da takaddun shaida na SSL ba ne, har ma game da yadda sabar ku ke sadarwa da mai binciken mai amfani.

Kare Kai Tsaye Daga Harin Da Aka Saba Yi

Takaitattun kanun labarai da suka ɓace suna barin shafinka cikin haɗari ga Tsarin Rubuce-rubuce na Cross-Site(XSS), Clickjacking, Code Injection, da MIME-sniffing. Ta hanyar daidaita waɗannan kanun labarai daidai, kuna gaya wa mai binciken yanar gizo ya yi watsi da umarnin mugunta kuma ya bi tsarin tsaron ku.

Inganta SEO da Amincewar ku

Injin bincike kamar Google yana ba da fifiko ga gidajen yanar gizo masu tsaro. Duk da cewa HTTPS shine tushen, samun cikakken saitin kanun labarai na tsaro yana nuna cewa shafinku yana da ƙwarewa kuma yana da aminci ga masu amfani, wanda hakan zai iya amfanar da matsayin bincikenku da amincin masu amfani kai tsaye.

Me Na'urar Duba Tsaronmu Ke Dubawa?

Kayan aikinmu yana kimanta kasancewar da kuma tsarin manyan kanun tsaro da ake amfani da su a cikin ci gaban yanar gizo na zamani.

1. Manufofin Tsaron Abun Ciki(CSP)

CSP yana ɗaya daga cikin kayan aiki mafi ƙarfi a kan XSS. Yana bayyana waɗanne albarkatu masu ƙarfi(rubutu, salo, hotuna) aka yarda su loda, yana hana rubutun da ba su dace ba aiwatarwa a shafinku.

2. Tsarin Tsaron Sufuri na HTTP(HSTS)

HSTS yana tilasta wa masu bincike su yi magana da sabar ku kawai ta hanyar haɗin HTTPS masu tsaro. Wannan yana hana hare-haren "Man-in-the-Middle"(MitM) da kuma hare-haren rage darajar yarjejeniya.

3. Zaɓuɓɓukan Tsarin X

Wannan kanun yana kare baƙi daga Clickjacking. Yana gaya wa mai binciken ko an yarda a saka shafin yanar gizonku a cikin wani <iframe>, yana hana masu hari su rufe layukan da ba a gani don satar dannawa.

4. Zaɓuɓɓukan Nau'in Abubuwan Ciki na X

Saita wannan don nosniffhana mai bincike ƙoƙarin yin hasashen nau'in fayil ɗin MIME. Wannan yana hana masu hari ɓoye lambar aiwatarwa a matsayin hotuna ko fayilolin rubutu masu sauƙi.

5. Manufofin Mai Tura Bayani

Wannan yana sarrafa adadin bayanai da ke cikin kanun "Mai Tunani" lokacin da mai amfani ya danna hanyar haɗi da ta kai shi nesa da shafinka, yana kare sirrin masu amfani da tsarin URL na ciki.

Yadda Ake Amfani da Na'urar Duba Kan Kai ta Tsaro

  1. Shigar da adireshin URL ɗinka: Rubuta cikakken adireshin gidan yanar gizonka(misali, https://example.com) a cikin mashigin bincike.

  2. Gudanar da Scan: Danna maɓallin "Nazari". Kayan aikinmu zai yi buƙatar tsaro ga sabar ku.

  3. Duba Rahoton: Duba cikakken bayani game da waɗanne kanun labarai ne ke akwai, waɗanda ba su nan, da kuma waɗanda ba a daidaita su ba daidai ba.

  4. Aiwatar da Gyara: Yi amfani da shawarwarinmu don sabunta tsarin sabar ku(Nginx, Apache, ko Cloudflare).

Fahimtar Fasaha: Aiwatar da Kafafen Sadarwa Masu Tsaro

Yadda Ake Ƙara Kan Kai Zuwa Sabar Ku

Ana iya ƙara yawancin kanun labarai na tsaro ta hanyar fayil ɗin saitin sabar yanar gizonku. Misali, a cikin Nginx:add_header X-Frame-Options "SAMEORIGIN" always;

Ko kuma a cikin Apache(.htaccess):Header set X-Frame-Options "SAMEORIGIN"

Matsayin Dokar Izini

A da, an san shi da Feature-Policy, wannan taken yana ba ku damar sarrafa waɗanne fasalulluka na burauza(kamar kyamara, makirufo, ko wurin aiki) za a iya amfani da su ta shafinku ko duk wani iframe da kuka saka, wanda hakan ke ƙara rage girman harinku.

Tambayoyin da Ake Yawan Yi(FAQ)

Shin maki na "Kore" yana nufin shafina yana da aminci 100%?

Babu wani kayan aiki da zai iya tabbatar da tsaro 100%. Duk da cewa kanun labarai na tsaro suna ba da muhimmin matakin kariya, ya kamata su zama wani ɓangare na dabarun da suka haɗa da sabuntawa akai-akai, ayyukan tsare-tsare na lambobi, da kuma ingantaccen tantancewa.

Shin waɗannan kanun labarai za su iya karya gidan yanar gizona?

Haka ne, musamman Manufofin Tsaron Abun Ciki(CSP). Idan CSP yana da takura sosai, yana iya toshe ingantattun rubutun. Muna ba da shawarar gwada kanun labarai a cikin yanayin gabatarwa ko amfani da yanayin "Rahoto-Kawai" kafin aiwatarwa gaba ɗaya.

Shin wannan hoton sirri ne?

Eh. Ba ma adana sakamakon bincikenka ko tarihin URL ɗinka. Ana yin binciken ne a ainihin lokaci don samar maka da yanayin tsaro mafi sabuntawa.