Skip to main content
HTTPS, headers, and safe link practices

Rules

Content Security Policy

Checks for Content-Security-Policy header

External Link Security

Checks external target=_blank links for noopener (security) and noreferrer (privacy)

Form HTTPS

Checks that form actions use HTTPS

HSTS Header

Checks for HTTP Strict Transport Security header

HTTPS

Checks for HTTPS usage

Mixed Content

Checks for HTTP resources on HTTPS pages

Permissions-Policy

Checks for Permissions-Policy (Feature-Policy) header

Referrer-Policy

Checks for Referrer-Policy header

X-Content-Type-Options

Checks for MIME type sniffing protection

X-Frame-Options

Checks for clickjacking protection header

Disable All Security Rules

squirrel.toml
[rules]
disable = ["security/*"]