{"id":387,"date":"2025-04-21T00:09:29","date_gmt":"2025-04-20T21:09:29","guid":{"rendered":"https:\/\/hostvera.com.tr\/blog\/?p=387"},"modified":"2025-05-26T23:29:17","modified_gmt":"2025-05-26T20:29:17","slug":"http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi","status":"publish","type":"post","link":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/","title":{"rendered":"HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131 (HSTS, CSP, X-Frame-Options) Rehberi"},"content":{"rendered":"\n<p><strong>HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131 (HSTS, CSP, X-Frame-Options) Rehberi<\/strong><\/p>\n\n\n\n<p>G\u00fcn\u00fcm\u00fcz\u00fcn siber d\u00fcnyas\u0131nda, sunucu g\u00fcvenli\u011fi sadece g\u00fc\u00e7l\u00fc \u015fifreler ve g\u00fcncel yaz\u0131l\u0131mlarla s\u0131n\u0131rl\u0131 kalm\u0131yor. Web taray\u0131c\u0131lar\u0131yla sunucu aras\u0131nda giden her HTTP cevab\u0131, sitenizi sald\u0131r\u0131lardan koruyacak kritik y\u00f6nergeler i\u00e7eriyor olabilir. \u0130\u015fte HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 devreye giriyor: Birka\u00e7 sat\u0131r ekleme ile clickjacking\u2019den i\u00e7erik enjeksiyonuna, protokol ka\u00e7ak\u00e7\u0131l\u0131\u011f\u0131ndan man\u2011in\u2011the\u2011middle sald\u0131r\u0131lar\u0131na kadar pek \u00e7ok tehdidi \u00f6nleyebilirsiniz.<\/p>\n\n\n\n<p><strong>1. HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131 Neden \u00d6nemli?<\/strong><\/p>\n\n\n\n<p>Taray\u0131c\u0131lar, bir web sayfas\u0131n\u0131 y\u00fcklerken sunucudan d\u00f6nen HTTP ba\u015fl\u0131klar\u0131n\u0131 okur ve baz\u0131lar\u0131n\u0131 ek g\u00fcvenlik kararlar\u0131 almak i\u00e7in kullan\u0131r. Eksik veya yanl\u0131\u015f yap\u0131land\u0131r\u0131lm\u0131\u015f ba\u015fl\u0131klar; kullan\u0131c\u0131 taray\u0131c\u0131s\u0131n\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 i\u00e7eri\u011fi \u00e7al\u0131\u015ft\u0131rmas\u0131na, oturum \u00e7alma (session hijacking) veya \u015fifreli trafi\u011fin k\u00f6t\u00fcye kullan\u0131lmas\u0131na zemin haz\u0131rlayabilir. A\u015fa\u011f\u0131da ele alaca\u011f\u0131m\u0131z \u00fc\u00e7 ana ba\u015fl\u0131k, modern web uygulamas\u0131 g\u00fcvenli\u011finin omurgas\u0131n\u0131 olu\u015fturuyor.<\/p>\n\n\n\n<p><strong>2. HSTS (HTTP Strict Transport Security)<\/strong><\/p>\n\n\n\n<p><strong>2.1 HSTS Nedir?<\/strong><\/p>\n\n\n\n<p>HSTS, taray\u0131c\u0131ya \u201cbu siteye sadece HTTPS \u00fczerinden ba\u011flan\u201d talimat\u0131 veren bir ba\u015fl\u0131kt\u0131r. B\u00f6ylece kullan\u0131c\u0131 \u201chttp:\/\/\u201d ile ba\u015flasa bile otomatik olarak \u201chttps:\/\/\u201d s\u00fcr\u00fcm\u00fcne y\u00f6nlendirilir ve ortadaki sald\u0131rganlar\u0131n (MITM) sertifika manip\u00fclasyonu yapma \u015fans\u0131 kalmaz.<\/p>\n\n\n\n<p><strong>2.2 Temel Parametreler<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>max-age<\/strong>: Ba\u015fl\u0131\u011f\u0131n ge\u00e7erli kalaca\u011f\u0131 s\u00fcre (saniye cinsinden). \u00d6rne\u011fin max-age=31536000 bir y\u0131l\u0131 ifade eder.<\/li>\n\n\n\n<li><strong>includeSubDomains<\/strong>: T\u00fcm alt alan adlar\u0131 da HTTPS\u2019e zorlar.<\/li>\n\n\n\n<li><strong>preload<\/strong>: Siteyi taray\u0131c\u0131lar\u0131n HSTS preload listesine eklemeye haz\u0131rlar (\u00f6nceden tan\u0131ml\u0131 HSTS listesi).<\/li>\n<\/ul>\n\n\n\n<p><strong>2.3 \u00d6rnek Konfig\u00fcrasyonlar<\/strong><\/p>\n\n\n\n<p><strong>Nginx<\/strong><\/p>\n\n\n\n<p>nginx<\/p>\n\n\n\n<p>KopyalaD\u00fczenle<\/p>\n\n\n\n<p>add_header Strict-Transport-Security &#8220;max-age=31536000; includeSubDomains; preload&#8221; always;<\/p>\n\n\n\n<p><strong>Apache<\/strong><\/p>\n\n\n\n<p>apache<\/p>\n\n\n\n<p>KopyalaD\u00fczenle<\/p>\n\n\n\n<p>&lt;IfModule mod_headers.c&gt;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp; Header always set Strict-Transport-Security &#8220;max-age=31536000; includeSubDomains; preload&#8221;<\/p>\n\n\n\n<p>&lt;\/IfModule&gt;<\/p>\n\n\n\n<p><strong>2.4 Dikkat Edilmesi Gerekenler<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bir kez etkinle\u015ftirip preload listesine g\u00f6nderdi\u011finizde, geri d\u00f6n\u00fc\u015f\u00fc zor olabilir. Test ortam\u0131nda max-age=60 ile denemeler yap\u0131n.<\/li>\n\n\n\n<li>SSL sertifikan\u0131z\u0131n her zaman g\u00fcncel ve ge\u00e7erli oldu\u011fundan emin olun; HSTS aktifken sertifika hatas\u0131 ya\u015fayan kullan\u0131c\u0131 siteye hi\u00e7 ula\u015famaz.<\/li>\n<\/ul>\n\n\n\n<p><strong>3. CSP (Content Security Policy)<\/strong><\/p>\n\n\n\n<p><strong>3.1 CSP Nedir ve Ne Sa\u011flar?<\/strong><\/p>\n\n\n\n<p>CSP, taray\u0131c\u0131ya hangi kaynaklardan (JavaScript, CSS, resim vs.) i\u00e7erik y\u00fckleyebilece\u011fini bildirerek script enjeksiyonu, XSS (Cross\u2011Site Scripting) ve data injection sald\u0131r\u0131lar\u0131n\u0131 b\u00fcy\u00fck \u00f6l\u00e7\u00fcde engeller. Ba\u015fl\u0131\u011f\u0131n mant\u0131\u011f\u0131 \u201cdefault olarak hi\u00e7bir \u015fey \u00e7al\u0131\u015ft\u0131rma, sadece a\u015fa\u011f\u0131da izin verdi\u011fim kaynaklara izin ver\u201d \u015feklindedir.<\/p>\n\n\n\n<p><strong>3.2 Yayg\u0131n Directive\u2019ler<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>default-src<\/strong>: T\u00fcm kaynak t\u00fcrleri i\u00e7in temel izin k\u00fcmesi.<\/li>\n\n\n\n<li><strong>script-src<\/strong>: JavaScript dosyalar\u0131.<\/li>\n\n\n\n<li><strong>style-src<\/strong>: Stil dosyalar\u0131 ve inline stiller.<\/li>\n\n\n\n<li><strong>img-src<\/strong>: G\u00f6rseller.<\/li>\n\n\n\n<li><strong>connect-src<\/strong>: AJAX\/WebSocket iste\u011fi yap\u0131lan u\u00e7 noktalar.<\/li>\n\n\n\n<li><strong>font-src<\/strong>: \u00d6zel font dosyalar\u0131.<\/li>\n\n\n\n<li><strong>frame-ancestors<\/strong>: Bu sayfan\u0131n hangi sitelerde iframe i\u00e7inde y\u00fcklenebilece\u011fi.<\/li>\n\n\n\n<li><strong>report-uri<\/strong> veya <strong>report-to<\/strong>: \u0130hlal tespit edildi\u011finde hangi URL\u2019ye rapor g\u00f6nderilece\u011fi.<\/li>\n<\/ul>\n\n\n\n<p><strong>3.3 \u00d6rnek CSP Ba\u015fl\u0131\u011f\u0131<\/strong><\/p>\n\n\n\n<p>A\u015fa\u011f\u0131daki \u00f6rnek; kendi domain\u2019inizden ve g\u00fcvenilir CDN\u2019lerden JS, CSS ve g\u00f6rsel y\u00fcklemeye, yaln\u0131zca HTTPS \u00fczerinden ba\u011flant\u0131ya ve kendi domain\u2019in iframe\u2019e al\u0131nmas\u0131na izin veriyor. \u0130hlali \/csp-report yoluna JSON format\u0131nda raporlayacak.<\/p>\n\n\n\n<p>nginx<\/p>\n\n\n\n<p>KopyalaD\u00fczenle<\/p>\n\n\n\n<p>add_header Content-Security-Policy &#8220;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp; default-src &#8216;none&#8217;;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp; script-src &#8216;self&#8217; https:\/\/cdn.example.com;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp; style-src &#8216;self&#8217; &#8216;unsafe-inline&#8217; https:\/\/cdn.example.com;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp; img-src &#8216;self&#8217; data:;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp; connect-src &#8216;self&#8217; https:;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp; font-src &#8216;self&#8217; https:\/\/fonts.gstatic.com;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp; frame-ancestors &#8216;self&#8217;;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp; report-uri \/csp-report;<\/p>\n\n\n\n<p>&#8221; always;<\/p>\n\n\n\n<p><strong>CSP Uygularken \u0130pu\u00e7lar\u0131<\/strong><\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Raporlama Modu (\u2018report-only\u2019)<\/strong>: \u00d6nce ihlalleri g\u00f6rmek i\u00e7in Content-Security-Policy-Report-Only ba\u015fl\u0131\u011f\u0131yla \u00e7al\u0131\u015f\u0131n.<\/li>\n\n\n\n<li><strong>\u2018unsafe-inline\u2019 ve \u2018unsafe-eval\u2019 Kullan\u0131m\u0131n\u0131 Azalt\u0131n<\/strong>: Inline JavaScript\u2019in veya eval() kullan\u0131m\u0131n\u0131n \u00f6n\u00fcne ge\u00e7mek, enjeksiyon riskini d\u00fc\u015f\u00fcr\u00fcr.<\/li>\n\n\n\n<li><strong>Nonce veya Hash Mekanizmalar\u0131<\/strong>: Dinamik script\u2019ler i\u00e7in nonce-\u2026 veya hash kullanarak sadece imzalanm\u0131\u015f kodu \u00e7al\u0131\u015ft\u0131r\u0131n.<\/li>\n<\/ol>\n\n\n\n<p><strong>4. X-Frame-Options<\/strong><\/p>\n\n\n\n<p><strong>4.1 X-Frame-Options Ne \u0130\u015fe Yar\u0131yor?<\/strong><\/p>\n\n\n\n<p>Clickjacking ad\u0131 verilen y\u00f6ntemle sald\u0131rganlar, kullan\u0131c\u0131n\u0131n asl\u0131nda ziyaret etti\u011fi sayfa yerine g\u00f6r\u00fcnmez bir iframe\u2019e yerle\u015ftirilmi\u015f sahte bir sayfa \u00fczerinden i\u015flemler yapt\u0131rabilir. X-Frame-Options, sayfan\u0131z\u0131n iframe i\u00e7inde nas\u0131l davranaca\u011f\u0131n\u0131 kontrol eder.<\/p>\n\n\n\n<p><strong>4.2 Direktif Se\u00e7enekleri<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DENY<\/strong>: Hi\u00e7bir durumda iframe\u2019e izin verme.<\/li>\n\n\n\n<li><strong>SAMEORIGIN<\/strong>: Sadece kendi domain\u2019inizden iframe\u2019e al\u0131nabilir.<\/li>\n\n\n\n<li><strong>ALLOW-FROM uri<\/strong>: Belirtti\u011finiz URI\u2019den iframe olarak y\u00fcklemeye izin ver.<\/li>\n<\/ul>\n\n\n\n<p><strong>4.3 \u00d6rnek Yap\u0131land\u0131rma<\/strong><\/p>\n\n\n\n<p><strong>Nginx<\/strong><\/p>\n\n\n\n<p>nginx<\/p>\n\n\n\n<p>KopyalaD\u00fczenle<\/p>\n\n\n\n<p>add_header X-Frame-Options &#8220;SAMEORIGIN&#8221; always;<\/p>\n\n\n\n<p><strong>Apache<\/strong><\/p>\n\n\n\n<p>apache<\/p>\n\n\n\n<p>KopyalaD\u00fczenle<\/p>\n\n\n\n<p>&lt;IfModule mod_headers.c&gt;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp; Header always set X-Frame-Options &#8220;DENY&#8221;<\/p>\n\n\n\n<p>&lt;\/IfModule&gt;<\/p>\n\n\n\n<p><strong>5. Di\u011fer Faydal\u0131 G\u00fcvenlik Ba\u015fl\u0131klar\u0131<\/strong><\/p>\n\n\n\n<p><strong>5.1 X-Content-Type-Options<\/strong><\/p>\n\n\n\n<p>Taray\u0131c\u0131n\u0131n i\u00e7erik t\u00fcrlerini otomatik tespit etmeye \u00e7al\u0131\u015fmas\u0131n\u0131 engeller; yaln\u0131zca sunucu taraf\u0131ndan belirtilen Content-Type\u2019\u0131 kabul eder:<\/p>\n\n\n\n<p>nginx<\/p>\n\n\n\n<p>KopyalaD\u00fczenle<\/p>\n\n\n\n<p>add_header X-Content-Type-Options &#8220;nosniff&#8221; always;<\/p>\n\n\n\n<p><strong>5.2 Referrer-Policy<\/strong><\/p>\n\n\n\n<p>Kullan\u0131c\u0131n\u0131n \u00f6nceki sayfa bilgisini (referrer) ne kadar payla\u015faca\u011f\u0131n\u0131 kontrol eder:<\/p>\n\n\n\n<p>nginx<\/p>\n\n\n\n<p>KopyalaD\u00fczenle<\/p>\n\n\n\n<p>add_header Referrer-Policy &#8220;strict-origin-when-cross-origin&#8221; always;<\/p>\n\n\n\n<p><strong>5.3 X-XSS-Protection (Eski Taray\u0131c\u0131lar \u0130\u00e7in)<\/strong><\/p>\n\n\n\n<p>Baz\u0131 eski taray\u0131c\u0131larda yerle\u015fik XSS filtresini kontrol eder:<\/p>\n\n\n\n<p>nginx<\/p>\n\n\n\n<p>KopyalaD\u00fczenle<\/p>\n\n\n\n<p>add_header X-XSS-Protection &#8220;1; mode=block&#8221; always;<\/p>\n\n\n\n<p><strong>6. Ba\u015fl\u0131klar\u0131 Test Etme ve Do\u011frulama<\/strong><\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>curl ile H\u0131zl\u0131 Kontrol<\/strong><\/li>\n<\/ol>\n\n\n\n<p>bash<\/p>\n\n\n\n<p>KopyalaD\u00fczenle<\/p>\n\n\n\n<p>curl -I https:\/\/ornek-site.com<\/p>\n\n\n\n<p>D\u00f6nen ba\u015fl\u0131klarda Strict-Transport-Security, Content-Security-Policy ve X-Frame-Options sat\u0131rlar\u0131n\u0131 g\u00f6rebilirsin.<\/p>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>Online Ara\u00e7lar<\/strong>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/securityheaders.com\">securityheaders.com<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/observatory.mozilla.org\">Observatory by Mozilla<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Taray\u0131c\u0131 Konsolunda Hata\/\u0130hlal Uyar\u0131lar\u0131<\/strong><br>CSP ihlallerini geli\u015ftirici ara\u00e7lar\u0131n\u0131n \u201cConsole\u201d sekmesinde g\u00f6rebilirsin.<\/li>\n<\/ol>\n\n\n\n<p><strong>7. Sunucuya Entegrasyon ve Otomasyon<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Ansible\/Vagrant\/Chef\/Puppet<\/strong> gibi ara\u00e7larla konfig\u00fcrasyon dosyalar\u0131n\u0131 kodla y\u00f6net, her yeni sunucuda ayn\u0131 ba\u015fl\u0131k ayarlar\u0131 otomatik gelsin.<\/li>\n\n\n\n<li><strong>Infra as Code<\/strong> yakla\u015f\u0131mlar\u0131yla .yaml veya .json \u015fablonlar\u0131na bu ba\u015fl\u0131klar\u0131 ekleyerek da\u011f\u0131t\u0131m\u0131 h\u0131zland\u0131r.<\/li>\n<\/ul>\n\n\n\n<p><strong>8. Sonu\u00e7<\/strong><\/p>\n\n\n\n<p>Bu rehberde HSTS ile siteni yaln\u0131zca HTTPS\u2019e zorlamay\u0131, CSP ile hangi kaynaklar\u0131n y\u00fcklenece\u011fini detayl\u0131ca kontrol etmeyi ve X-Frame-Options ile clickjacking sald\u0131r\u0131lar\u0131na kap\u0131y\u0131 kapamay\u0131 \u00f6\u011frendin. Birka\u00e7 sat\u0131r ekleme ve d\u00fczenleme ile web uygulaman, siber sald\u0131r\u0131lara kar\u015f\u0131 \u00e7ok daha diren\u00e7li hale gelir. Ayr\u0131ca X-Content-Type-Options, Referrer-Policy gibi ek ba\u015fl\u0131klarla g\u00fcvenlik katman\u0131n\u0131 geni\u015fletebilirsin.<\/p>\n\n\n\n<p>Sunucu konfig\u00fcrasyonlar\u0131n\u0131 g\u00fcncel tutmak, zaman zaman taray\u0131c\u0131 ve sald\u0131r\u0131 trendlerini takip ederek ayarlar\u0131 g\u00f6zden ge\u00e7irmek, uzun vadede g\u00fcvenli bir altyap\u0131 sunar.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131 (HSTS, CSP, X-Frame-Options) Rehberi G\u00fcn\u00fcm\u00fcz\u00fcn siber d\u00fcnyas\u0131nda, sunucu g\u00fcvenli\u011fi sadece g\u00fc\u00e7l\u00fc \u015fifreler ve g\u00fcncel yaz\u0131l\u0131mlarla s\u0131n\u0131rl\u0131 kalm\u0131yor. Web taray\u0131c\u0131lar\u0131yla sunucu aras\u0131nda giden her HTTP cevab\u0131, sitenizi sald\u0131r\u0131lardan koruyacak kritik y\u00f6nergeler i\u00e7eriyor olabilir. \u0130\u015fte HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 devreye giriyor: Birka\u00e7 sat\u0131r ekleme ile clickjacking\u2019den i\u00e7erik enjeksiyonuna, protokol ka\u00e7ak\u00e7\u0131l\u0131\u011f\u0131ndan man\u2011in\u2011the\u2011middle sald\u0131r\u0131lar\u0131na kadar pek \u00e7ok [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":457,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ub_ctt_via":"","footnotes":""},"categories":[74,20],"tags":[],"class_list":["post-387","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-domain-alan-adi-yonetimi","category-hosting"],"featured_image_src":"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/04\/HTTP-Guvenlik-Basliklari-1-scaled.png","author_info":{"display_name":"admin","author_link":"https:\/\/hostvera.com.tr\/blog\/author\/hostvera\/"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131: HSTS, CSP, X-Frame-Options<\/title>\n<meta name=\"description\" content=\"HSTS, CSP ve X-Frame-Options ile web siteni XSS, clickjacking ve MITM sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruma alt\u0131na al. G\u00fcvenlik i\u00e7in yap\u0131land\u0131rma rehberi burada!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/\" \/>\n<meta property=\"og:locale\" content=\"tr_TR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131: HSTS, CSP, X-Frame-Options\" \/>\n<meta property=\"og:description\" content=\"HSTS, CSP ve X-Frame-Options ile web siteni XSS, clickjacking ve MITM sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruma alt\u0131na al. G\u00fcvenlik i\u00e7in yap\u0131land\u0131rma rehberi burada!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/\" \/>\n<meta property=\"og:site_name\" content=\"Hostvera Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-20T21:09:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-26T20:29:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/04\/HTTP-Guvenlik-Basliklari-1-1024x570.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"570\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Yazan:\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tahmini okuma s\u00fcresi\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 dakika\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/hostvera.com.tr\/blog\/#\/schema\/person\/6c57309574bd96c475d33fa49017c3d6\"},\"headline\":\"HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131 (HSTS, CSP, X-Frame-Options) Rehberi\",\"datePublished\":\"2025-04-20T21:09:29+00:00\",\"dateModified\":\"2025-05-26T20:29:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/\"},\"wordCount\":1137,\"publisher\":{\"@id\":\"https:\/\/hostvera.com.tr\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/04\/HTTP-Guvenlik-Basliklari-1-scaled.png\",\"articleSection\":[\"Domain &amp; Alan Ad\u0131 Y\u00f6netimi\",\"Hosting\"],\"inLanguage\":\"tr\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/\",\"url\":\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/\",\"name\":\"HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131: HSTS, CSP, X-Frame-Options\",\"isPartOf\":{\"@id\":\"https:\/\/hostvera.com.tr\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/04\/HTTP-Guvenlik-Basliklari-1-scaled.png\",\"datePublished\":\"2025-04-20T21:09:29+00:00\",\"dateModified\":\"2025-05-26T20:29:17+00:00\",\"description\":\"HSTS, CSP ve X-Frame-Options ile web siteni XSS, clickjacking ve MITM sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruma alt\u0131na al. G\u00fcvenlik i\u00e7in yap\u0131land\u0131rma rehberi burada!\",\"breadcrumb\":{\"@id\":\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#breadcrumb\"},\"inLanguage\":\"tr\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"tr\",\"@id\":\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#primaryimage\",\"url\":\"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/04\/HTTP-Guvenlik-Basliklari-1-scaled.png\",\"contentUrl\":\"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/04\/HTTP-Guvenlik-Basliklari-1-scaled.png\",\"width\":2560,\"height\":1425},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Anasayfa\",\"item\":\"https:\/\/hostvera.com.tr\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131 (HSTS, CSP, X-Frame-Options) Rehberi\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/hostvera.com.tr\/blog\/#website\",\"url\":\"https:\/\/hostvera.com.tr\/blog\/\",\"name\":\"Hostvera Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/hostvera.com.tr\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/hostvera.com.tr\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"tr\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/hostvera.com.tr\/blog\/#organization\",\"name\":\"Hostvera Blog\",\"url\":\"https:\/\/hostvera.com.tr\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"tr\",\"@id\":\"https:\/\/hostvera.com.tr\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/03\/cropped-2.png\",\"contentUrl\":\"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/03\/cropped-2.png\",\"width\":202,\"height\":42,\"caption\":\"Hostvera Blog\"},\"image\":{\"@id\":\"https:\/\/hostvera.com.tr\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.instagram.com\/hostvera.com.tr\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/hostvera.com.tr\/blog\/#\/schema\/person\/6c57309574bd96c475d33fa49017c3d6\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"tr\",\"@id\":\"https:\/\/hostvera.com.tr\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1ec72e2ddf8b63780dee78d237a8e7f84e08225f7f92ecede4cbdd2f9d8d156f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1ec72e2ddf8b63780dee78d237a8e7f84e08225f7f92ecede4cbdd2f9d8d156f?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"description\":\"Hostvera\",\"sameAs\":[\"https:\/\/hostvera.com.tr\/blog\"],\"url\":\"https:\/\/hostvera.com.tr\/blog\/author\/hostvera\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131: HSTS, CSP, X-Frame-Options","description":"HSTS, CSP ve X-Frame-Options ile web siteni XSS, clickjacking ve MITM sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruma alt\u0131na al. G\u00fcvenlik i\u00e7in yap\u0131land\u0131rma rehberi burada!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/","og_locale":"tr_TR","og_type":"article","og_title":"HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131: HSTS, CSP, X-Frame-Options","og_description":"HSTS, CSP ve X-Frame-Options ile web siteni XSS, clickjacking ve MITM sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruma alt\u0131na al. G\u00fcvenlik i\u00e7in yap\u0131land\u0131rma rehberi burada!","og_url":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/","og_site_name":"Hostvera Blog","article_published_time":"2025-04-20T21:09:29+00:00","article_modified_time":"2025-05-26T20:29:17+00:00","og_image":[{"width":1024,"height":570,"url":"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/04\/HTTP-Guvenlik-Basliklari-1-1024x570.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Yazan:":"admin","Tahmini okuma s\u00fcresi":"5 dakika"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#article","isPartOf":{"@id":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/"},"author":{"name":"admin","@id":"https:\/\/hostvera.com.tr\/blog\/#\/schema\/person\/6c57309574bd96c475d33fa49017c3d6"},"headline":"HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131 (HSTS, CSP, X-Frame-Options) Rehberi","datePublished":"2025-04-20T21:09:29+00:00","dateModified":"2025-05-26T20:29:17+00:00","mainEntityOfPage":{"@id":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/"},"wordCount":1137,"publisher":{"@id":"https:\/\/hostvera.com.tr\/blog\/#organization"},"image":{"@id":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#primaryimage"},"thumbnailUrl":"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/04\/HTTP-Guvenlik-Basliklari-1-scaled.png","articleSection":["Domain &amp; Alan Ad\u0131 Y\u00f6netimi","Hosting"],"inLanguage":"tr"},{"@type":"WebPage","@id":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/","url":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/","name":"HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131: HSTS, CSP, X-Frame-Options","isPartOf":{"@id":"https:\/\/hostvera.com.tr\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#primaryimage"},"image":{"@id":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#primaryimage"},"thumbnailUrl":"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/04\/HTTP-Guvenlik-Basliklari-1-scaled.png","datePublished":"2025-04-20T21:09:29+00:00","dateModified":"2025-05-26T20:29:17+00:00","description":"HSTS, CSP ve X-Frame-Options ile web siteni XSS, clickjacking ve MITM sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruma alt\u0131na al. G\u00fcvenlik i\u00e7in yap\u0131land\u0131rma rehberi burada!","breadcrumb":{"@id":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#breadcrumb"},"inLanguage":"tr","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/"]}]},{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#primaryimage","url":"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/04\/HTTP-Guvenlik-Basliklari-1-scaled.png","contentUrl":"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/04\/HTTP-Guvenlik-Basliklari-1-scaled.png","width":2560,"height":1425},{"@type":"BreadcrumbList","@id":"https:\/\/hostvera.com.tr\/blog\/http-guvenlik-basliklari-hsts-csp-x-frame-options-rehberi\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Anasayfa","item":"https:\/\/hostvera.com.tr\/blog\/"},{"@type":"ListItem","position":2,"name":"HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131 (HSTS, CSP, X-Frame-Options) Rehberi"}]},{"@type":"WebSite","@id":"https:\/\/hostvera.com.tr\/blog\/#website","url":"https:\/\/hostvera.com.tr\/blog\/","name":"Hostvera Blog","description":"","publisher":{"@id":"https:\/\/hostvera.com.tr\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostvera.com.tr\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"tr"},{"@type":"Organization","@id":"https:\/\/hostvera.com.tr\/blog\/#organization","name":"Hostvera Blog","url":"https:\/\/hostvera.com.tr\/blog\/","logo":{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/hostvera.com.tr\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/03\/cropped-2.png","contentUrl":"https:\/\/hostvera.com.tr\/blog\/wp-content\/uploads\/2025\/03\/cropped-2.png","width":202,"height":42,"caption":"Hostvera Blog"},"image":{"@id":"https:\/\/hostvera.com.tr\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.instagram.com\/hostvera.com.tr\/"]},{"@type":"Person","@id":"https:\/\/hostvera.com.tr\/blog\/#\/schema\/person\/6c57309574bd96c475d33fa49017c3d6","name":"admin","image":{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/hostvera.com.tr\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1ec72e2ddf8b63780dee78d237a8e7f84e08225f7f92ecede4cbdd2f9d8d156f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1ec72e2ddf8b63780dee78d237a8e7f84e08225f7f92ecede4cbdd2f9d8d156f?s=96&d=mm&r=g","caption":"admin"},"description":"Hostvera","sameAs":["https:\/\/hostvera.com.tr\/blog"],"url":"https:\/\/hostvera.com.tr\/blog\/author\/hostvera\/"}]}},"_links":{"self":[{"href":"https:\/\/hostvera.com.tr\/blog\/wp-json\/wp\/v2\/posts\/387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostvera.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostvera.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostvera.com.tr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostvera.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=387"}],"version-history":[{"count":2,"href":"https:\/\/hostvera.com.tr\/blog\/wp-json\/wp\/v2\/posts\/387\/revisions"}],"predecessor-version":[{"id":460,"href":"https:\/\/hostvera.com.tr\/blog\/wp-json\/wp\/v2\/posts\/387\/revisions\/460"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hostvera.com.tr\/blog\/wp-json\/wp\/v2\/media\/457"}],"wp:attachment":[{"href":"https:\/\/hostvera.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostvera.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostvera.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}