URL: /rules/integrity --- title: "Site Integrity" description: "Signs of compromise: injected pages, phishing kits, malware, SEO spam" --- Site Integrity rules answer a question SEO tools usually ignore: **is this site hacked?** A compromised page is, by construction, an anomaly — off-theme, hidden from your own navigation, impersonating a third-party brand, or carrying an obfuscated payload. squirrelscan already crawls every page's DOM, scripts, links, and sitemap, so it can spot these patterns for free, with no external calls. ## Correlation gating (low false positives) A single suspicious signal is rarely proof of compromise — a big inline script, one off-theme page, or a brand mention can all be innocent. So high-severity integrity findings require **at least two corroborating signals** on the same page (for example brand-impersonation **and** an obfuscated script). A lone signal is reported as **info** for review, not flagged as a failure. This is what keeps a legitimate "we integrate with Calendly" page from ever tripping the brand-impersonation rule. These rules run **locally and free** — no login required. ## Rules Detects pages whose markup diverges hard from the site's common template Detects crawled pages absent from every sitemap AND linked from nowhere Detects pages impersonating a third-party brand's login or booking surface Detects large inline scripts with high entropy and obfuscation markers Detects full-viewport credential overlays and off-brand sign-in controls Detects injected off-topic, keyword-stuffed affiliate doorway posts ## Disable All Site Integrity Rules ```toml squirrel.toml [rules] disable = ["integrity/*"] ```