240+ Provera — Kompletna lista 240+ Checks — Complete Catalog

Sve sto Web Security Scanner automatski proverava, zasto to radi, i gde da procitas vise Everything Web Security Scanner automatically checks, why it matters, and where to read more

240+
Ukupno proveraTotal checks
6
KategorijaCategories
20
Stranica crawlerPages crawled
~90s
Vreme skeniranjaScan time

🛡 BezbednostSecurity 150+

Srce skenera — sve sto cini razliku izmedju bezbednog sajta i onog koji ce biti hakovan. Svaka provera je mapirana na konkretnu ranjivost koju napadaci stvarno koriste. The heart of the scanner — everything that makes the difference between a secure site and one that will be hacked. Each check maps to a concrete vulnerability attackers actually use.

SSL/TLS 4

Bez HTTPS-a, lozinke i kartice idu u cistom tekstu preko WiFi-ja. Proveravamo da li je enkripcija tamo gde treba.Without HTTPS, passwords and cards travel plain-text over WiFi. We check the encryption is where it should be.

  • Validnost sertifikataCertificate validityDa li browser veruje sertifikatu (Let's Encrypt, DigiCert)Whether browsers trust the cert
  • TLS 1.2 / 1.3Stare verzije (1.0/1.1) su probijeneOld versions (1.0/1.1) are broken
  • Dani do istekaDays until expiryIstekao = upozorenje u browseruExpired = browser warning bar
  • Lanac poverenjaTrust chainIntermediate sertifikati moraju biti ispravniIntermediate certs must be correct
SSL/TLS vodic →SSL/TLS guide →

HTTP Security Headers 7

Security headeri kazu browser-u kako da tretira sadrzaj. Skeniramo 7 najbitnijih.Security headers tell the browser how to treat content. We scan the 7 most important ones.

  • HSTSForsira HTTPS, sprecava downgrade napadeForces HTTPS, prevents downgrade attacks
  • CSPNajjaca XSS zastita ako je pravilno postavljenStrongest XSS protection when configured
  • X-Frame-OptionsSprecava clickjackingPrevents clickjacking
  • X-Content-Type-OptionsSprecava MIME sniffingPrevents MIME sniffing
  • Referrer-Policy, Permissions-Policy, COOPModerni fini kontrolni headeriModern fine-grained controls
Headers vodic →Headers guide →

DNS 3

Email spoofing i DNS hijacking pocinju sa neobezbedjenom DNS zonom.Email spoofing and DNS hijacking start with an unsecured DNS zone.

  • SPFSprecava slanje laznih email-ova sa tvog domenaPrevents sending fake emails as your domain
  • DMARCPolitika za lazne (quarantine / reject)Policy for fakes (quarantine / reject)
  • DNSSECKriptografsko potpisivanje DNS odgovoraCryptographic signing of DNS answers
DNS vodic →DNS guide →

Osetljivi fajloviSensitive files 11

Najcesci put kako sajtovi bivaju hakovani — izlozen .env ili .git folder.The most common way sites get hacked — an exposed .env or .git folder.

  • .envDatabase passwords, API kljucevi, svi secretsDatabase passwords, API keys, all secrets
  • .git/configCeo git repo javan, i delete-ovani commit-i sa secretsFull git repo exposed, including deleted commits
  • wp-config.php, phpinfo.phpWordPress DB creds i PHP configWordPress DB creds and PHP config
  • backup.sql, database.sqlCela baza u jednom download-uEntire database in one download
  • .htaccess, .DS_Store, docker-compose.yml, .npmrc, server-status
Security hub →Security hub →

Pattern-i ranjivostiVulnerability patterns 8

Pasivna detekcija obrazaca koji ukazuju na OWASP Top 10 rupe. Ne eksploatisemo — prijavimo.Passive detection of patterns indicating OWASP Top 10 holes. We don't exploit — we report.

  • SQL InjectionObrasci SQL greske u HTTP odgovorimaSQL error patterns in HTTP responses[vodic]
  • XSS reflectionParametri koji se odrazavaju u HTML-u bez escape-aParams reflected in HTML without escaping[vodic]
  • Open redirectKoristi se za phishing kampanjeUsed for phishing campaigns
  • Directory traversal../../../etc/passwd pattern../../../etc/passwd pattern
  • Server disclosure, default credentials, backup fajlovi, info disclosure
CSRF + XSS vodic →CSRF + XSS guide →

JavaScript 6

Analiziramo JS kod u potrazi za izlozenim API kljucevima i obrascima koji olaksavaju XSS.We analyze the JS code looking for exposed API keys and patterns that enable XSS.

  • Izlozeni API kljuceviExposed API keysAWS, Google, Stripe, Firebase
  • Opasne legacy funkcijeDangerous legacy functionsDinamicko izvrsavanje koda iz stringa, legacy HTML injection API-jiDynamic code execution from strings, legacy HTML injection APIs
  • Inline event handlersonclick/onload atributi koji krse CSPonclick/onload attrs that break CSP
  • Mixed contenthttp:// resursi na https:// stranicihttp:// resources on an https:// page
  • Source map fajloviSource map files.js.map otkriva ceo source kod.js.map exposes the full source code
  • Console leakOsetljivi podaci u browser konzoliSensitive data in browser console
XSS vodic →XSS guide →

API 5

API-ji su najbrze rastuci attack surface. Trazimo izlozene endpoint-e i javnu dokumentaciju.APIs are the fastest-growing attack surface. We look for exposed endpoints and public docs.

  • Otkriveni endpoint-iExposed endpoints/api/*, /v1/*, /graphql
  • GraphQL introspectionOtkriva ceo schema napadacuReveals full schema to attacker
  • Swagger/OpenAPI/swagger, /docs, /api-docs
  • CORSWildcard * + credentials = kriticna rupaWildcard * + credentials = critical hole
  • Rate limitingNepostojanje = API nije zasticenAbsence = API isn't protected
API security vodic →API security guide →

Portovi i adminPorts & admin 15+

Otvoreni database portovi i admin paneli su najcesci put za napadaca.Open database ports and admin panels are the most common path for attackers.

  • 21, 22, 23, 25FTP, SSH, Telnet, SMTP
  • 3306, 5432, 6379MySQL, PostgreSQL, Redis
  • 8080, 8443, 9200Dev i Elasticsearch portovi
  • /admin, /wp-admin, /login, /phpmyadmin
Port scanning vodic →Port scanning guide →

Ostale security provereOther security checks 10+

Cookie flagovi, redirect chain, CMS detekcija, subdomen enumeracija, CT logovi, CVE scan zavisnosti.Cookie flags, redirect chain, CMS detection, subdomain enumeration, CT logs, dependency CVE scan.

  • Cookie securityHttpOnly, Secure, SameSite
  • Redirect chainHTTP→HTTPS, open redirectsHTTP→HTTPS, open redirects
  • CMS detectionWordPress, Joomla, Drupal
  • CORS policy
  • robots.txt, security.txt
  • Subdomain enum, CT logs, dependency CVEs
Security hub →Security hub →

🔍 SEO 37

Ako nisi indeksiran, ne postojis. Skeniramo 12 kljucnih SEO signala.If you are not indexed, you do not exist. We scan 12 key SEO signals.

On-page 6

Osnovni meta-tagovi i title — prva stvar koju Google vidi.Core meta tags and title — the first thing Google sees.

  • Title30-60 karaktera, jedinstvenost30-60 chars, uniqueness
  • Meta description120-160 chars
  • Meta viewport
  • Canonical URL
  • H1 tag
  • Images alt
Meta tagovi vodic →Meta tags guide →

Social & structured 3

Kako stranica izgleda kada je neko podeli i da li Google moze da izvuce rich snippets.How the page looks when shared and whether Google can extract rich snippets.

  • Open Graphog:title, og:description, og:image[vodic]
  • Twitter Cards
  • Schema.org / JSON-LDSchema.org / JSON-LD[vodic]
Open Graph vodic →Open Graph guide →

TehnickiTechnical 3

Infrastruktura koja odlucuje da li crawler uopste moze da stigne do tebe.Infrastructure that decides whether crawlers can even reach you.

  • Sitemap.xml[vodic]
  • robots.txt
  • HTML lang
SEO hub →SEO hub →

PerformansePerformance 20

Core Web Vitals su ranking faktor. Brzi sajt konvertuje bolje i pojavljuje se vise u pretrazi.Core Web Vitals are a ranking factor. A fast site converts better and ranks higher.

Server & transport 4

Kako brzo server odgovori, koliko salje, da li je kompresovan optimalno.How fast the server responds and whether content is optimally compressed.

  • TTFBTime to First ByteTime to First Byte[vodic]
  • Velicina stranicePage size
  • Gzip / Brotli[vodic]
  • HTTP/2 / HTTP/3
Core Web Vitals →Core Web Vitals →

ResursiAssets 3

Slike i JS/CSS cine najveci deo vremena ucitavanja.Images and JS/CSS are the biggest part of load time.

  • Optimizacija slikaImage optimizationWebP, AVIF, srcset[vodic]
  • Lazy loading[vodic]
  • CSS/JS minifikacijaCSS/JS minification
Performance hub →Performance hub →

PristupacnostAccessibility 17

15% korisnika globalno koristi pomocne tehnologije. U EU je a11y zakonska obaveza (EAA 2025).15% of users globally use assistive tech. In the EU, a11y is legally required (EAA 2025).

WCAG 2.1 7

Sedam kljucnih provera koje screen reader korisnici najvise osete.Seven key checks screen reader users feel the most.

  • Alt textSve slike moraju imati altAll images need alt
  • Form labels & aria-label
  • ARIA landmarksmain, nav, header, footer
  • Heading hierarchy
  • Link text
  • HTML lang
  • Tabindex
Vodic uskoro →Coming soon →

🇪🇺 GDPR 7

GDPR kazne idu do 20M evra ili 4% godisnjeg prihoda. Skeniramo 7 signala usaglasenosti.GDPR fines go up to 20M euros or 4% of revenue. We scan 7 compliance signals.

Prava i enkripcijaRights & encryption 2

Art. 32 zahteva enkripciju podataka u prenosu.Art. 32 requires encryption of data in transit.

  • Forme za prikupljanjeData collection forms
  • HTTPSPodaci u prenosu moraju biti enkriptovaniData in transit must be encrypted
Prava korisnika →User rights →

🧰 Dodatne analizeAdditional Analyses 12

Nevidljivi signali — ko je registrovao domen, sta je u tech stack-u, kako tretirati email.Invisible signals — who registered the domain, what is in the tech stack, how to handle email.

WHOIS

Istek, starost, registrar, lock status. Istekao domen = propao biznis.Expiry, age, registrar, lock status. Expired domain = failed business.

  • Datum istekaExpiry date
  • Starost domenaDomain age
  • Registrar + lock status
Security hub →Security hub →

Tech Stack

45+ tehnologija — framework, CMS, CDN, analytics, server.45+ technologies — framework, CMS, CDN, analytics, server.

  • FrontendReact, Vue, Angular, Next, Nuxt
  • Backend / CMSWordPress, Shopify, Laravel, Django
  • CDN / hostingCloudflare, Vercel, Netlify
Security hub →Security hub →

Email bezbednostEmail security

Konfiguracija koja sprecava slanje laznih email-ova u ime tvog domena.Configuration that prevents sending fake emails as your domain.

  • MX records
  • STARTTLS
  • BIMI, DKIM
DNS + email →DNS + email →

Mozilla Observatory

Nezavisna ocena sa observatory.mozilla.org koja se koristi kao industry benchmark.Independent grade from observatory.mozilla.org used as industry benchmark.

  • Mozilla grade (A+ to F)
  • Score (0-100+)
Headers + Observatory →Headers + Observatory →

Crawler

Otkriva do 20 stranica (2 nivoa dubine). Pro plan skenira do 10 pojedinacno.Discovers up to 20 pages (2 levels deep). Pro plan scans up to 10 individually.

  • BFS crawlMax depth 2, same-origin only
  • SSRF-safe
  • Pro: multi-page scan
Pro plan →Pro plan →

Risk Engine

Top 5 najvaznijih problema sa prioritetima + preporukama za popravku.Top 5 most important issues with priorities + fix recommendations.

  • Top 5 priorities
  • Fix recommendations
  • Grade + score (A-F)
Security hub →Security hub →

Pokreni sve ovo za 90 sekundiRun all of this in 90 seconds

Unesi URL svog sajta, klikni "Skeniraj", i dobi izvestaj sa preporukama. Besplatno, bez registracije.Enter your URL, click "Scan", get a report with recommendations. Free, no registration.

Skeniraj svoj sajt →Scan your site →