Rules
Content Security Policy
Checks for Content-Security-Policy header
External Link Security
Checks external target=_blank links for noopener (security) and noreferrer (privacy)
Leaked Secrets
Detects 96 patterns of exposed API keys, credentials, and secrets in HTML/JS
Form CAPTCHA
Checks for CAPTCHA protection on public forms
Form HTTPS
Checks that form actions use HTTPS
HSTS Header
Checks for HTTP Strict Transport Security header
HTTP to HTTPS Redirect
Checks whether HTTP URLs redirect to HTTPS
HTTPS
Checks for HTTPS usage
Mixed Content
Checks for HTTP resources on HTTPS pages
Permissions-Policy
Checks for Permissions-Policy (Feature-Policy) header
Referrer-Policy
Checks for Referrer-Policy header
X-Content-Type-Options
Checks for MIME type sniffing protection
X-Frame-Options
Checks for clickjacking protection header
Third-Party Cookies
Detects third-party resources that may set cookies
Disable All Security Rules
squirrel.toml
