URL: /rules/security --- title: "Security" description: "HTTPS, headers, and safe link practices" --- HTTPS, headers, and safe link practices ## Rules Checks for Content-Security-Policy header and validates directives Checks external target=_blank links for noopener (security) and noreferrer (privacy) Checks for CAPTCHA protection on public forms Checks that form actions use HTTPS Checks for HTTP Strict Transport Security header Checks whether HTTP URLs redirect to HTTPS Checks for HTTPS usage Checks for exposed API keys, secrets, and credentials in HTML/JS Checks for HTTP resources on HTTPS pages Checks for Permissions-Policy (Feature-Policy) header Checks for Referrer-Policy header Detects third-party resources that may set cookies Checks for MIME type sniffing protection Checks for clickjacking protection header ## Disable All Security Rules ```toml squirrel.toml [rules] disable = ["security/*"] ```