cSPY - SecurityHeader Scanner ์ ์์: VaultOcean
Advanced security header scanner with CSP analysis, multi-engine scoring, actionable recommendations, and PDF report export. Zero external requests โ all analysis runs locally.
์ฌ์ฉ์ 48๋ช
์ฌ์ฉ์ 48๋ช
ํ์ฅ ๋ฉํ ๋ฐ์ดํฐ
์ ๋ณด
CSPy is a professional-grade browser extension that audits HTTP security headers in real time. Built for developers, penetration testers, and security researchers.
WHAT IT DOES
โข Scans every HTTP response header on any website
โข Deep Content-Security-Policy (CSP) directive-by-directive analysis
โข Detects missing, weak, or misconfigured headers (HSTS, X-Frame-Options, CORS, Referrer-Policy, Permissions-Policy, COOP, COEP, CORP, cookies)
โข Grades security posture from A+ to F with a 0โ100 score
MULTI-ENGINE CONSENSUS
โข Three independent scoring engines: CSPy, Google CSP Evaluator, and Mozilla Observatory
โข Cross-validates results โ when engines agree, confidence is high
ACTIONABLE RECOMMENDATIONS
โข Every finding includes a plain-English fix
โข Copy-paste server configurations for nginx, Apache, Express, Django, Cloudflare Workers, and Vercel
โข Prioritised by severity โ fix what matters first
EXPORT & REPORTING
โข Professional PDF report with cover page, executive summary, recommendations, and raw headers
โข HTML, JSON, and Markdown (bug bounty) export formats
โข Ready for stakeholder presentations or HackerOne/Bugcrowd submissions
ADDITIONAL TOOLS
โข Auto-generate a working CSP from observed network traffic
โข Infrastructure fingerprinting (CDN, WAF, hosting, framework detection)
โข DOM audit (missing SRI, mixed content, unsafe iframes)
โข Per-request security grading for all sub-resources
PRIVACY
โข Zero external network requests โ all analysis runs entirely in your browser
โข No data collection, no telemetry, no accounts
โข Open-source analysis engine
Built by VaultOcean โ https://vaultocean.com
WHAT IT DOES
โข Scans every HTTP response header on any website
โข Deep Content-Security-Policy (CSP) directive-by-directive analysis
โข Detects missing, weak, or misconfigured headers (HSTS, X-Frame-Options, CORS, Referrer-Policy, Permissions-Policy, COOP, COEP, CORP, cookies)
โข Grades security posture from A+ to F with a 0โ100 score
MULTI-ENGINE CONSENSUS
โข Three independent scoring engines: CSPy, Google CSP Evaluator, and Mozilla Observatory
โข Cross-validates results โ when engines agree, confidence is high
ACTIONABLE RECOMMENDATIONS
โข Every finding includes a plain-English fix
โข Copy-paste server configurations for nginx, Apache, Express, Django, Cloudflare Workers, and Vercel
โข Prioritised by severity โ fix what matters first
EXPORT & REPORTING
โข Professional PDF report with cover page, executive summary, recommendations, and raw headers
โข HTML, JSON, and Markdown (bug bounty) export formats
โข Ready for stakeholder presentations or HackerOne/Bugcrowd submissions
ADDITIONAL TOOLS
โข Auto-generate a working CSP from observed network traffic
โข Infrastructure fingerprinting (CDN, WAF, hosting, framework detection)
โข DOM audit (missing SRI, mixed content, unsafe iframes)
โข Per-request security grading for all sub-resources
PRIVACY
โข Zero external network requests โ all analysis runs entirely in your browser
โข No data collection, no telemetry, no accounts
โข Open-source analysis engine
Built by VaultOcean โ https://vaultocean.com
1๋ช
์ด 5์ ์ผ๋ก ํ๊ฐํจ
๊ถํ ๋ฐ ๋ฐ์ดํฐ
ํ์ ๊ถํ:
- ํ์ผ์ ๋ค์ด๋ก๋ํ๊ณ ๋ธ๋ผ์ฐ์ ์ ๋ค์ด๋ก๋ ๊ธฐ๋ก์ ์ฝ๊ณ ์์
- ์๋ฆผ ํ์
- ๋ธ๋ผ์ฐ์ ํญ์ ์ ๊ทผ
- ๋ชจ๋ ์น์ฌ์ดํธ์์ ์ฌ์ฉ์์ ๋ฐ์ดํฐ์ ์ ๊ทผ
์ ํ์ ๊ถํ:
- ๋ชจ๋ ์น์ฌ์ดํธ์์ ์ฌ์ฉ์์ ๋ฐ์ดํฐ์ ์ ๊ทผ
๋ฐ์ดํฐ ์์ง:
- ๊ฐ๋ฐ์๊ฐ ์ด ํ์ฅ ๊ธฐ๋ฅ์ ๋ฐ์ดํฐ ์์ง์ด ํ์ํ์ง ์๋ค๊ณ ํฉ๋๋ค.
์ถ๊ฐ ์ ๋ณด
- ๋ถ๊ฐ ๊ธฐ๋ฅ ๋งํฌ
- ๋ฒ์
- 2.0.0
- ํฌ๊ธฐ
- 135.47 KB
- ๋ง์ง๋ง ์ ๋ฐ์ดํธ
- ํ๋ฃจ ์ (2026๋ 6์ 5์ผ)
- ๊ด๋ จ ์นดํ ๊ณ ๋ฆฌ
- ๋ผ์ด์ ์ค
- MIT ๋ผ์ด์ ์ค
- ๊ฐ์ธ์ ๋ณด์ฒ๋ฆฌ๋ฐฉ์นจ
- ์ด ๋ถ๊ฐ ๊ธฐ๋ฅ์ ๋ํ ๊ฐ์ธ์ ๋ณด์ฒ๋ฆฌ๋ฐฉ์นจ ์ฝ๊ธฐ
- ๋ฒ์ ๋ชฉ๋ก
- ๋ชจ์์ง์ ์ถ๊ฐ