Rules
Content Security Policy
Checks for Content-Security-Policy header and validates directives
External Link Security
Checks external target=_blank links for noopener (security) and noreferrer (privacy)
Form CAPTCHA
Checks for CAPTCHA protection on public forms
Form HTTPS
Checks that form actions use HTTPS
HSTS Header
Checks for HTTP Strict Transport Security header
HTTP to HTTPS Redirect
Checks whether HTTP URLs redirect to HTTPS
HTTPS
Checks for HTTPS usage
Leaked Environment Variables
Checks for exposed API keys, secrets, and credentials in HTML/JS
Mixed Content
Checks for HTTP resources on HTTPS pages
Permissions-Policy
Checks for Permissions-Policy (Feature-Policy) header
Referrer-Policy
Checks for Referrer-Policy header
Third-Party Cookies
Detects third-party resources that may set cookies
X-Content-Type-Options
Checks for MIME type sniffing protection
X-Frame-Options
Checks for clickjacking protection header
Disable All Security Rules
squirrel.toml