npm - recker - Versions diffs - 1.0.43 → 1.0.44 - Mend

recker 1.0.43 → 1.0.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (459) hide show

package/README.md +47 -0
package/dist/bin/recker-linux-x64 +0 -0
package/dist/bin/recker-macos-x64 +0 -0
package/dist/bin/recker-win-x64.exe +0 -0
package/dist/bin/rek.cjs +85152 -100207
package/dist/browser/ai/adaptive-timeout.d.ts +50 -0
package/dist/browser/ai/adaptive-timeout.js +208 -0
package/dist/browser/ai/client.d.ts +22 -0
package/dist/browser/ai/client.js +294 -0
package/dist/browser/ai/index.d.ts +14 -0
package/dist/browser/ai/index.js +11 -0
package/dist/browser/ai/providers/anthropic.d.ts +63 -0
package/dist/browser/ai/providers/anthropic.js +370 -0
package/dist/browser/ai/providers/base.d.ts +48 -0
package/dist/browser/ai/providers/base.js +150 -0
package/dist/browser/ai/providers/google.d.ts +59 -0
package/dist/browser/ai/providers/google.js +305 -0
package/dist/browser/ai/providers/ollama.d.ts +44 -0
package/dist/browser/ai/providers/ollama.js +240 -0
package/dist/browser/ai/providers/openai.d.ts +64 -0
package/dist/browser/ai/providers/openai.js +298 -0
package/dist/browser/ai/rate-limiter.d.ts +43 -0
package/dist/browser/ai/rate-limiter.js +215 -0
package/dist/browser/ai/vector/index.d.ts +2 -0
package/dist/browser/ai/vector/index.js +2 -0
package/dist/browser/ai/vector/similarity.d.ts +2 -0
package/dist/browser/ai/vector/similarity.js +27 -0
package/dist/browser/ai/vector/store.d.ts +27 -0
package/dist/browser/ai/vector/store.js +82 -0
package/dist/browser/browser/cache.d.ts +2 -40
package/dist/browser/browser/cache.js +2 -199
package/dist/browser/browser/index.d.ts +8 -0
package/dist/browser/browser/index.js +8 -0
package/dist/browser/browser/recker.d.ts +8 -1
package/dist/browser/browser/recker.js +8 -2
package/dist/browser/cache/indexed-db.d.ts +10 -0
package/dist/browser/cache/indexed-db.js +88 -0
package/dist/browser/cache/service-worker-cache.d.ts +18 -0
package/dist/browser/cache/service-worker-cache.js +103 -0
package/dist/browser/cache.d.ts +2 -40
package/dist/browser/cache.js +2 -199
package/dist/browser/constants/user-agents.d.ts +7 -0
package/dist/browser/constants/user-agents.js +7 -0
package/dist/browser/core/client.d.ts +2 -0
package/dist/browser/core/client.js +19 -1
package/dist/browser/index.d.ts +8 -0
package/dist/browser/index.js +8 -0
package/dist/browser/plugins/har-recorder.d.ts +40 -0
package/dist/browser/plugins/har-recorder.js +120 -0
package/dist/browser/plugins/network-simulation.d.ts +7 -0
package/dist/browser/plugins/network-simulation.js +13 -0
package/dist/browser/presets/android.d.ts +2 -0
package/dist/browser/presets/android.js +16 -0
package/dist/browser/presets/anthropic.d.ts +8 -0
package/dist/browser/presets/anthropic.js +27 -0
package/dist/browser/presets/aws.d.ts +19 -0
package/dist/browser/presets/aws.js +68 -0
package/dist/browser/presets/azure-openai.d.ts +10 -0
package/dist/browser/presets/azure-openai.js +35 -0
package/dist/browser/presets/azure.d.ts +41 -0
package/dist/browser/presets/azure.js +104 -0
package/dist/browser/presets/chaturbate.d.ts +2 -0
package/dist/browser/presets/chaturbate.js +17 -0
package/dist/browser/presets/cloudflare.d.ts +12 -0
package/dist/browser/presets/cloudflare.js +39 -0
package/dist/browser/presets/cohere.d.ts +7 -0
package/dist/browser/presets/cohere.js +22 -0
package/dist/browser/presets/deepseek.d.ts +7 -0
package/dist/browser/presets/deepseek.js +22 -0
package/dist/browser/presets/digitalocean.d.ts +5 -0
package/dist/browser/presets/digitalocean.js +16 -0
package/dist/browser/presets/discord.d.ts +6 -0
package/dist/browser/presets/discord.js +17 -0
package/dist/browser/presets/elevenlabs.d.ts +6 -0
package/dist/browser/presets/elevenlabs.js +20 -0
package/dist/browser/presets/enhancers.d.ts +20 -0
package/dist/browser/presets/enhancers.js +85 -0
package/dist/browser/presets/fireworks.d.ts +7 -0
package/dist/browser/presets/fireworks.js +22 -0
package/dist/browser/presets/gcp.d.ts +34 -0
package/dist/browser/presets/gcp.js +91 -0
package/dist/browser/presets/gemini.d.ts +7 -0
package/dist/browser/presets/gemini.js +23 -0
package/dist/browser/presets/github.d.ts +6 -0
package/dist/browser/presets/github.js +17 -0
package/dist/browser/presets/gitlab.d.ts +6 -0
package/dist/browser/presets/gitlab.js +16 -0
package/dist/browser/presets/groq.d.ts +7 -0
package/dist/browser/presets/groq.js +22 -0
package/dist/browser/presets/hubspot.d.ts +9 -0
package/dist/browser/presets/hubspot.js +28 -0
package/dist/browser/presets/huggingface.d.ts +7 -0
package/dist/browser/presets/huggingface.js +23 -0
package/dist/browser/presets/index.d.ts +47 -0
package/dist/browser/presets/index.js +47 -0
package/dist/browser/presets/ios.d.ts +2 -0
package/dist/browser/presets/ios.js +13 -0
package/dist/browser/presets/linear.d.ts +5 -0
package/dist/browser/presets/linear.js +16 -0
package/dist/browser/presets/mailgun.d.ts +7 -0
package/dist/browser/presets/mailgun.js +20 -0
package/dist/browser/presets/meta.d.ts +10 -0
package/dist/browser/presets/meta.js +33 -0
package/dist/browser/presets/mistral.d.ts +7 -0
package/dist/browser/presets/mistral.js +22 -0
package/dist/browser/presets/notion.d.ts +6 -0
package/dist/browser/presets/notion.js +17 -0
package/dist/browser/presets/openai.d.ts +9 -0
package/dist/browser/presets/openai.js +30 -0
package/dist/browser/presets/oracle.d.ts +19 -0
package/dist/browser/presets/oracle.js +117 -0
package/dist/browser/presets/perplexity.d.ts +7 -0
package/dist/browser/presets/perplexity.js +22 -0
package/dist/browser/presets/pinecone.d.ts +8 -0
package/dist/browser/presets/pinecone.js +42 -0
package/dist/browser/presets/registry.d.ts +23 -0
package/dist/browser/presets/registry.js +519 -0
package/dist/browser/presets/replicate.d.ts +7 -0
package/dist/browser/presets/replicate.js +23 -0
package/dist/browser/presets/sendgrid.d.ts +6 -0
package/dist/browser/presets/sendgrid.js +20 -0
package/dist/browser/presets/sentry.d.ts +11 -0
package/dist/browser/presets/sentry.js +48 -0
package/dist/browser/presets/sinch.d.ts +9 -0
package/dist/browser/presets/sinch.js +39 -0
package/dist/browser/presets/slack.d.ts +5 -0
package/dist/browser/presets/slack.js +16 -0
package/dist/browser/presets/square.d.ts +10 -0
package/dist/browser/presets/square.js +33 -0
package/dist/browser/presets/stripe.d.ts +7 -0
package/dist/browser/presets/stripe.js +23 -0
package/dist/browser/presets/supabase.d.ts +6 -0
package/dist/browser/presets/supabase.js +18 -0
package/dist/browser/presets/tiktok.d.ts +10 -0
package/dist/browser/presets/tiktok.js +38 -0
package/dist/browser/presets/together.d.ts +7 -0
package/dist/browser/presets/together.js +22 -0
package/dist/browser/presets/twilio.d.ts +6 -0
package/dist/browser/presets/twilio.js +17 -0
package/dist/browser/presets/vercel.d.ts +6 -0
package/dist/browser/presets/vercel.js +23 -0
package/dist/browser/presets/vultr.d.ts +5 -0
package/dist/browser/presets/vultr.js +16 -0
package/dist/browser/presets/xai.d.ts +8 -0
package/dist/browser/presets/xai.js +23 -0
package/dist/browser/presets/youtube.d.ts +5 -0
package/dist/browser/presets/youtube.js +20 -0
package/dist/browser/recker.d.ts +8 -1
package/dist/browser/recker.js +8 -2
package/dist/browser/scrape/document.d.ts +5 -4
package/dist/browser/scrape/document.js +89 -76
package/dist/browser/scrape/element.d.ts +10 -8
package/dist/browser/scrape/element.js +295 -81
package/dist/browser/scrape/extractors.d.ts +11 -11
package/dist/browser/scrape/extractors.js +145 -113
package/dist/browser/scrape/parser/back.d.ts +1 -0
package/dist/browser/scrape/parser/back.js +3 -0
package/dist/browser/scrape/parser/index.d.ts +20 -0
package/dist/browser/scrape/parser/index.js +19 -0
package/dist/browser/scrape/parser/matcher.d.ts +30 -0
package/dist/browser/scrape/parser/matcher.js +99 -0
package/dist/browser/scrape/parser/nodes/comment.d.ts +12 -0
package/dist/browser/scrape/parser/nodes/comment.js +21 -0
package/dist/browser/scrape/parser/nodes/html.d.ts +110 -0
package/dist/browser/scrape/parser/nodes/html.js +978 -0
package/dist/browser/scrape/parser/nodes/node.d.ts +18 -0
package/dist/browser/scrape/parser/nodes/node.js +31 -0
package/dist/browser/scrape/parser/nodes/text.d.ts +14 -0
package/dist/browser/scrape/parser/nodes/text.js +30 -0
package/dist/browser/scrape/parser/nodes/type.d.ts +6 -0
package/dist/browser/scrape/parser/nodes/type.js +7 -0
package/dist/browser/scrape/parser/parse.d.ts +1 -0
package/dist/browser/scrape/parser/parse.js +1 -0
package/dist/browser/scrape/parser/valid.d.ts +2 -0
package/dist/browser/scrape/parser/valid.js +5 -0
package/dist/browser/scrape/parser/void-tag.d.ts +7 -0
package/dist/browser/scrape/parser/void-tag.js +43 -0
package/dist/browser/scrape/types.d.ts +7 -0
package/dist/browser/seo/analyzer.d.ts +59 -0
package/dist/browser/seo/analyzer.js +1399 -0
package/dist/browser/seo/keywords.d.ts +16 -0
package/dist/browser/seo/keywords.js +55 -0
package/dist/browser/seo/rules/accessibility.d.ts +2 -0
package/dist/browser/seo/rules/accessibility.js +733 -0
package/dist/browser/seo/rules/ai-search.d.ts +2 -0
package/dist/browser/seo/rules/ai-search.js +436 -0
package/dist/browser/seo/rules/analytics.d.ts +2 -0
package/dist/browser/seo/rules/analytics.js +306 -0
package/dist/browser/seo/rules/best-practices.d.ts +2 -0
package/dist/browser/seo/rules/best-practices.js +195 -0
package/dist/browser/seo/rules/canonical.d.ts +12 -0
package/dist/browser/seo/rules/canonical.js +270 -0
package/dist/browser/seo/rules/content.d.ts +2 -0
package/dist/browser/seo/rules/content.js +522 -0
package/dist/browser/seo/rules/crawl.d.ts +2 -0
package/dist/browser/seo/rules/crawl.js +435 -0
package/dist/browser/seo/rules/cwv.d.ts +2 -0
package/dist/browser/seo/rules/cwv.js +248 -0
package/dist/browser/seo/rules/ecommerce.d.ts +2 -0
package/dist/browser/seo/rules/ecommerce.js +312 -0
package/dist/browser/seo/rules/i18n.d.ts +2 -0
package/dist/browser/seo/rules/i18n.js +288 -0
package/dist/browser/seo/rules/images.d.ts +2 -0
package/dist/browser/seo/rules/images.js +255 -0
package/dist/browser/seo/rules/index.d.ts +52 -0
package/dist/browser/seo/rules/index.js +159 -0
package/dist/browser/seo/rules/internal-linking.d.ts +2 -0
package/dist/browser/seo/rules/internal-linking.js +394 -0
package/dist/browser/seo/rules/links.d.ts +2 -0
package/dist/browser/seo/rules/links.js +498 -0
package/dist/browser/seo/rules/local.d.ts +2 -0
package/dist/browser/seo/rules/local.js +289 -0
package/dist/browser/seo/rules/meta.d.ts +2 -0
package/dist/browser/seo/rules/meta.js +805 -0
package/dist/browser/seo/rules/mobile.d.ts +2 -0
package/dist/browser/seo/rules/mobile.js +161 -0
package/dist/browser/seo/rules/performance.d.ts +2 -0
package/dist/browser/seo/rules/performance.js +738 -0
package/dist/browser/seo/rules/pwa.d.ts +2 -0
package/dist/browser/seo/rules/pwa.js +299 -0
package/dist/browser/seo/rules/readability.d.ts +2 -0
package/dist/browser/seo/rules/readability.js +264 -0
package/dist/browser/seo/rules/redirects.d.ts +16 -0
package/dist/browser/seo/rules/redirects.js +199 -0
package/dist/browser/seo/rules/resources.d.ts +2 -0
package/dist/browser/seo/rules/resources.js +390 -0
package/dist/browser/seo/rules/schema.d.ts +2 -0
package/dist/browser/seo/rules/schema.js +379 -0
package/dist/browser/seo/rules/security.d.ts +2 -0
package/dist/browser/seo/rules/security.js +877 -0
package/dist/browser/seo/rules/social.d.ts +2 -0
package/dist/browser/seo/rules/social.js +603 -0
package/dist/browser/seo/rules/structural.d.ts +2 -0
package/dist/browser/seo/rules/structural.js +223 -0
package/dist/browser/seo/rules/technical-advanced.d.ts +10 -0
package/dist/browser/seo/rules/technical-advanced.js +289 -0
package/dist/browser/seo/rules/technical.d.ts +2 -0
package/dist/browser/seo/rules/technical.js +480 -0
package/dist/browser/seo/rules/thresholds.d.ts +196 -0
package/dist/browser/seo/rules/thresholds.js +118 -0
package/dist/browser/seo/rules/types.d.ts +498 -0
package/dist/browser/seo/rules/types.js +11 -0
package/dist/browser/seo/types.d.ts +211 -0
package/dist/browser/seo/types.js +1 -0
package/dist/browser/transport/curl.d.ts +4 -0
package/dist/browser/transport/curl.js +101 -0
package/dist/browser/transport/undici.js +1 -2
package/dist/browser/transport/worker.d.ts +18 -0
package/dist/browser/transport/worker.js +278 -0
package/dist/browser/types/index.d.ts +4 -1
package/dist/browser/utils/binary-manager.d.ts +4 -0
package/dist/browser/utils/binary-manager.js +72 -0
package/dist/browser/utils/user-agent.js +2 -13
package/dist/cache/indexed-db.d.ts +10 -0
package/dist/cache/indexed-db.js +88 -0
package/dist/cache/service-worker-cache.d.ts +18 -0
package/dist/cache/service-worker-cache.js +103 -0
package/dist/cli/commands/ai.d.ts +2 -0
package/dist/cli/commands/ai.js +162 -0
package/dist/cli/commands/bench.d.ts +2 -0
package/dist/cli/commands/bench.js +51 -0
package/dist/cli/commands/dns.d.ts +2 -0
package/dist/cli/commands/dns.js +295 -0
package/dist/cli/commands/har.d.ts +2 -0
package/dist/cli/commands/har.js +171 -0
package/dist/cli/commands/hls.d.ts +2 -0
package/dist/cli/commands/hls.js +192 -0
package/dist/cli/commands/network.d.ts +2 -0
package/dist/cli/commands/network.js +288 -0
package/dist/cli/commands/protocols.d.ts +2 -0
package/dist/cli/commands/protocols.js +344 -0
package/dist/cli/commands/scrape.d.ts +2 -0
package/dist/cli/commands/scrape.js +176 -0
package/dist/cli/commands/security.d.ts +2 -0
package/dist/cli/commands/security.js +57 -0
package/dist/cli/commands/seo.d.ts +2 -0
package/dist/cli/commands/seo.js +125 -0
package/dist/cli/commands/serve.d.ts +2 -0
package/dist/cli/commands/serve.js +531 -0
package/dist/cli/commands/spider.d.ts +3 -0
package/dist/cli/commands/spider.js +456 -0
package/dist/cli/commands/utils.d.ts +2 -0
package/dist/cli/commands/utils.js +176 -0
package/dist/cli/commands/vector.d.ts +2 -0
package/dist/cli/commands/vector.js +158 -0
package/dist/cli/handler.d.ts +2 -2
package/dist/cli/handler.js +6 -6
package/dist/cli/helpers.d.ts +7 -0
package/dist/cli/helpers.js +128 -0
package/dist/cli/index.js +96 -5228
package/dist/cli/parser/help.d.ts +2 -0
package/dist/cli/parser/help.js +52 -0
package/dist/cli/parser/index.d.ts +3 -0
package/dist/cli/parser/index.js +3 -0
package/dist/cli/parser/parser.d.ts +4 -0
package/dist/cli/parser/parser.js +146 -0
package/dist/cli/parser/types.d.ts +41 -0
package/dist/cli/parser/types.js +1 -0
package/dist/cli/presets.d.ts +1 -1
package/dist/cli/presets.js +1 -1
package/dist/cli/router.d.ts +36 -0
package/dist/cli/router.js +195 -0
package/dist/cli/tui/ai-chat.js +1 -1
package/dist/cli/tui/commands/context.d.ts +9 -0
package/dist/cli/tui/commands/context.js +1 -0
package/dist/cli/tui/commands/dns.d.ts +10 -0
package/dist/cli/tui/commands/dns.js +461 -0
package/dist/cli/tui/commands/hls.d.ts +2 -0
package/dist/cli/tui/commands/hls.js +162 -0
package/dist/cli/tui/commands/ip.d.ts +2 -0
package/dist/cli/tui/commands/ip.js +45 -0
package/dist/cli/tui/commands/network.d.ts +3 -0
package/dist/cli/tui/commands/network.js +81 -0
package/dist/cli/tui/commands/protocols.d.ts +6 -0
package/dist/cli/tui/commands/protocols.js +531 -0
package/dist/cli/tui/commands/security.d.ts +2 -0
package/dist/cli/tui/commands/security.js +48 -0
package/dist/cli/tui/commands/seo.d.ts +2 -0
package/dist/cli/tui/commands/seo.js +74 -0
package/dist/cli/tui/context.d.ts +12 -0
package/dist/cli/tui/context.js +1 -0
package/dist/cli/tui/shell.d.ts +11 -20
package/dist/cli/tui/shell.js +216 -1873
package/dist/constants/user-agents.d.ts +7 -0
package/dist/constants/user-agents.js +7 -0
package/dist/core/client.d.ts +2 -0
package/dist/core/client.js +19 -1
package/dist/index.d.ts +1 -0
package/dist/index.js +1 -0
package/dist/mcp/cli.js +2 -3
package/dist/mcp/data/embeddings.json +1 -1
package/dist/mcp/tools/network.js +298 -158
package/dist/plugins/har-player.d.ts +23 -0
package/dist/plugins/har-player.js +49 -0
package/dist/plugins/har-recorder.d.ts +37 -3
package/dist/plugins/har-recorder.js +116 -63
package/dist/plugins/network-simulation.d.ts +7 -0
package/dist/plugins/network-simulation.js +13 -0
package/dist/presets/android.d.ts +2 -0
package/dist/presets/android.js +16 -0
package/dist/presets/chaturbate.d.ts +2 -0
package/dist/presets/chaturbate.js +17 -0
package/dist/presets/elevenlabs.d.ts +6 -0
package/dist/presets/elevenlabs.js +20 -0
package/dist/presets/enhancers.d.ts +20 -0
package/dist/presets/enhancers.js +85 -0
package/dist/presets/hubspot.d.ts +9 -0
package/dist/presets/hubspot.js +28 -0
package/dist/presets/index.d.ts +10 -0
package/dist/presets/index.js +10 -0
package/dist/presets/ios.d.ts +2 -0
package/dist/presets/ios.js +13 -0
package/dist/presets/pinecone.d.ts +8 -0
package/dist/presets/pinecone.js +42 -0
package/dist/presets/registry.js +60 -0
package/dist/presets/sendgrid.d.ts +6 -0
package/dist/presets/sendgrid.js +20 -0
package/dist/presets/sentry.d.ts +11 -0
package/dist/presets/sentry.js +48 -0
package/dist/presets/square.d.ts +10 -0
package/dist/presets/square.js +33 -0
package/dist/recker.d.ts +3 -0
package/dist/recker.js +4 -0
package/dist/scrape/document.d.ts +5 -4
package/dist/scrape/document.js +89 -76
package/dist/scrape/element.d.ts +10 -8
package/dist/scrape/element.js +295 -81
package/dist/scrape/extractors.d.ts +11 -11
package/dist/scrape/extractors.js +145 -113
package/dist/scrape/index.d.ts +2 -0
package/dist/scrape/index.js +1 -0
package/dist/scrape/parser/back.d.ts +1 -0
package/dist/scrape/parser/back.js +3 -0
package/dist/scrape/parser/index.d.ts +20 -0
package/dist/scrape/parser/index.js +19 -0
package/dist/scrape/parser/matcher.d.ts +30 -0
package/dist/scrape/parser/matcher.js +99 -0
package/dist/scrape/parser/nodes/comment.d.ts +12 -0
package/dist/scrape/parser/nodes/comment.js +21 -0
package/dist/scrape/parser/nodes/html.d.ts +110 -0
package/dist/scrape/parser/nodes/html.js +978 -0
package/dist/scrape/parser/nodes/node.d.ts +18 -0
package/dist/scrape/parser/nodes/node.js +31 -0
package/dist/scrape/parser/nodes/text.d.ts +14 -0
package/dist/scrape/parser/nodes/text.js +30 -0
package/dist/scrape/parser/nodes/type.d.ts +6 -0
package/dist/scrape/parser/nodes/type.js +7 -0
package/dist/scrape/parser/parse.d.ts +1 -0
package/dist/scrape/parser/parse.js +1 -0
package/dist/scrape/parser/valid.d.ts +2 -0
package/dist/scrape/parser/valid.js +5 -0
package/dist/scrape/parser/void-tag.d.ts +7 -0
package/dist/scrape/parser/void-tag.js +43 -0
package/dist/scrape/spider.d.ts +19 -0
package/dist/scrape/spider.js +28 -3
package/dist/scrape/types.d.ts +7 -0
package/dist/seo/analyzer.d.ts +15 -5
package/dist/seo/analyzer.js +636 -175
package/dist/seo/formatter.d.ts +16 -0
package/dist/seo/formatter.js +228 -0
package/dist/seo/index.d.ts +2 -0
package/dist/seo/index.js +1 -0
package/dist/seo/keywords.d.ts +16 -0
package/dist/seo/keywords.js +55 -0
package/dist/seo/rules/accessibility.js +96 -57
package/dist/seo/rules/ai-search.js +44 -31
package/dist/seo/rules/analytics.d.ts +2 -0
package/dist/seo/rules/analytics.js +306 -0
package/dist/seo/rules/best-practices.js +21 -14
package/dist/seo/rules/canonical.js +53 -32
package/dist/seo/rules/content.js +317 -31
package/dist/seo/rules/crawl.js +55 -40
package/dist/seo/rules/cwv.js +21 -15
package/dist/seo/rules/ecommerce.js +82 -22
package/dist/seo/rules/i18n.js +75 -36
package/dist/seo/rules/images.js +109 -30
package/dist/seo/rules/index.js +2 -0
package/dist/seo/rules/internal-linking.js +58 -39
package/dist/seo/rules/links.js +79 -52
package/dist/seo/rules/local.js +49 -25
package/dist/seo/rules/meta.js +339 -81
package/dist/seo/rules/mobile.js +112 -2
package/dist/seo/rules/performance.js +434 -66
package/dist/seo/rules/pwa.js +36 -39
package/dist/seo/rules/readability.js +31 -22
package/dist/seo/rules/redirects.js +21 -15
package/dist/seo/rules/resources.js +59 -42
package/dist/seo/rules/schema.js +333 -8
package/dist/seo/rules/security.js +142 -80
package/dist/seo/rules/social.js +277 -47
package/dist/seo/rules/structural.js +87 -19
package/dist/seo/rules/technical-advanced.js +30 -24
package/dist/seo/rules/technical.js +243 -42
package/dist/seo/rules/types.d.ts +53 -1
package/dist/seo/seo-spider.d.ts +22 -0
package/dist/seo/seo-spider.js +77 -13
package/dist/seo/types.d.ts +8 -1
package/dist/seo/validators/llms-txt.js +19 -0
package/dist/seo/validators/rss.d.ts +11 -0
package/dist/seo/validators/rss.js +93 -0
package/dist/seo/validators/sitemap.js +36 -26
package/dist/transport/curl.d.ts +4 -0
package/dist/transport/curl.js +101 -0
package/dist/transport/udp.js +0 -1
package/dist/transport/undici.js +1 -2
package/dist/transport/worker.d.ts +18 -0
package/dist/transport/worker.js +278 -0
package/dist/types/index.d.ts +4 -1
package/dist/utils/binary-manager.d.ts +4 -0
package/dist/utils/binary-manager.js +72 -0
package/dist/utils/optional-require.d.ts +7 -8
package/dist/utils/optional-require.js +2 -21
package/dist/utils/upload.d.ts +6 -0
package/dist/utils/upload.js +11 -0
package/dist/utils/user-agent.js +2 -13
package/dist/version.js +1 -1
package/package.json +12 -6
package/dist/browser/utils/optional-require.d.ts +0 -19
package/dist/browser/utils/optional-require.js +0 -105

package/dist/browser/seo/rules/security.js ADDED Viewed

@@ -0,0 +1,877 @@
+import { createResult } from './types.js';
+export const securityRules = [
+    {
+        id: 'https-required',
+        name: 'HTTPS',
+        category: 'security',
+        severity: 'error',
+        description: 'Page must be served over HTTPS',
+        check: (ctx) => {
+            if (ctx.isHttps === false) {
+                return createResult({ id: 'https-required', name: 'HTTPS', category: 'security', severity: 'error' }, 'fail', 'Page is not served over HTTPS', {
+                    recommendation: 'Enable HTTPS for all pages',
+                    evidence: {
+                        found: 'HTTP',
+                        expected: 'HTTPS',
+                        impact: 'Browsers show "Not Secure" warning, affects SEO ranking',
+                        learnMore: 'https://web.dev/why-https-matters/',
+                    },
+                });
+            }
+            if (ctx.isHttps === true) {
+                return createResult({ id: 'https-required', name: 'HTTPS', category: 'security', severity: 'error' }, 'pass', 'Page is served over HTTPS');
+            }
+            return createResult({ id: 'https-required', name: 'HTTPS', category: 'security', severity: 'error' }, 'info', 'Not applicable (HTTPS status unavailable)', { recommendation: 'This rule checks if the page is served over HTTPS when protocol information is available' });
+        },
+    },
+    {
+        id: 'mixed-content',
+        name: 'Mixed Content',
+        category: 'security',
+        severity: 'error',
+        description: 'HTTPS pages should not load HTTP resources',
+        check: (ctx) => {
+            if (ctx.hasMixedContent) {
+                return createResult({ id: 'mixed-content', name: 'Mixed Content', category: 'security', severity: 'error' }, 'fail', 'Page has mixed content (HTTP resources on HTTPS page)', {
+                    recommendation: 'Update all resources to use HTTPS',
+                    evidence: {
+                        found: 'Mixed content detected',
+                        expected: 'All resources over HTTPS',
+                        impact: 'Browsers may block HTTP resources, breaking functionality',
+                        learnMore: 'https://web.dev/what-is-mixed-content/',
+                    },
+                });
+            }
+            return createResult({ id: 'mixed-content', name: 'Mixed Content', category: 'security', severity: 'error' }, 'info', 'Not applicable (no mixed content detected or HTTPS not used)', { recommendation: 'This rule checks for HTTP resources on HTTPS pages when mixed content is detected' });
+        },
+    },
+    {
+        id: 'http-redirect',
+        name: 'HTTP to HTTPS Redirect',
+        category: 'security',
+        severity: 'warning',
+        description: 'HTTP traffic should redirect to HTTPS',
+        check: (ctx) => {
+            if (ctx.httpRedirectsToHttps === undefined) {
+                return createResult({ id: 'http-redirect', name: 'HTTP to HTTPS Redirect', category: 'security', severity: 'warning' }, 'info', 'Not applicable (HTTP redirect status unavailable)', { recommendation: 'This rule checks if HTTP traffic redirects to HTTPS when redirect information is available' });
+            }
+            if (!ctx.httpRedirectsToHttps) {
+                return createResult({ id: 'http-redirect', name: 'HTTP to HTTPS Redirect', category: 'security', severity: 'warning' }, 'warn', 'HTTP does not redirect to HTTPS', {
+                    recommendation: 'Configure server to redirect all HTTP traffic to HTTPS',
+                    evidence: {
+                        expected: '301/302 redirect from HTTP to HTTPS',
+                        impact: 'Users accessing via HTTP may stay on insecure connection',
+                        learnMore: 'https://web.dev/redirect-http-to-https/',
+                    },
+                });
+            }
+            return createResult({ id: 'http-redirect', name: 'HTTP to HTTPS Redirect', category: 'security', severity: 'warning' }, 'pass', 'HTTP redirects to HTTPS');
+        },
+    },
+    {
+        id: 'internal-links-https',
+        name: 'Internal Links Use HTTPS',
+        category: 'security',
+        severity: 'warning',
+        description: 'Internal links should use HTTPS to avoid mixed content and redirect chains',
+        check: (ctx) => {
+            if (ctx.internalHttpLinks === undefined) {
+                return createResult({ id: 'internal-links-https', name: 'Internal Links Use HTTPS', category: 'security', severity: 'warning' }, 'info', 'Not applicable (internal link data unavailable)', { recommendation: 'This rule checks internal links for HTTPS usage when link analysis is available' });
+            }
+            if (ctx.internalHttpLinks > 0) {
+                const examples = ctx.internalHttpLinkUrls?.slice(0, 3) || [];
+                return createResult({ id: 'internal-links-https', name: 'Internal Links Use HTTPS', category: 'security', severity: 'warning' }, 'warn', `${ctx.internalHttpLinks} internal link(s) use HTTP instead of HTTPS`, {
+                    value: ctx.internalHttpLinks,
+                    recommendation: 'Update all internal links to use HTTPS URLs',
+                    evidence: {
+                        found: `${ctx.internalHttpLinks} HTTP internal links${examples.length > 0 ? `: ${examples.join(', ')}` : ''}`,
+                        expected: 'All internal links should use HTTPS',
+                        impact: 'HTTP links cause unnecessary redirects, slow page loads, and may trigger mixed content warnings. Search engines prefer sites with consistent HTTPS usage.',
+                        learnMore: 'https://web.dev/why-https-matters/',
+                    },
+                });
+            }
+            return createResult({ id: 'internal-links-https', name: 'Internal Links Use HTTPS', category: 'security', severity: 'warning' }, 'pass', 'All internal links use HTTPS');
+        },
+    },
+    {
+        id: 'security-csp-exists',
+        name: 'Content Security Policy (CSP)',
+        category: 'security',
+        severity: 'warning',
+        description: 'Content Security Policy header should be present to mitigate XSS attacks.',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-csp-exists', name: 'Content Security Policy', category: 'security', severity: 'warning' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for CSP headers when HTTP response headers are available' });
+            }
+            const cspHeader = ctx.responseHeaders['content-security-policy'] || ctx.responseHeaders['Content-Security-Policy'];
+            if (!cspHeader) {
+                return createResult({ id: 'security-csp-exists', name: 'Content Security Policy', category: 'security', severity: 'warning' }, 'warn', 'Content-Security-Policy header is missing', {
+                    recommendation: 'Implement a strong Content-Security-Policy to prevent XSS attacks',
+                    evidence: {
+                        expected: 'Content-Security-Policy header',
+                        impact: 'Page is vulnerable to XSS and data injection attacks',
+                        learnMore: 'https://web.dev/csp/',
+                    },
+                });
+            }
+            return createResult({ id: 'security-csp-exists', name: 'Content Security Policy', category: 'security', severity: 'warning' }, 'pass', 'Content-Security-Policy header is present');
+        },
+    },
+    {
+        id: 'security-csp-xss-effective',
+        name: 'CSP XSS Effectiveness',
+        category: 'security',
+        severity: 'warning',
+        description: 'CSP should be effective against XSS attacks',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-csp-xss-effective', name: 'CSP XSS Effectiveness', category: 'security', severity: 'warning' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks CSP effectiveness when HTTP response headers are available' });
+            }
+            const cspHeader = ctx.responseHeaders['content-security-policy'] || ctx.responseHeaders['Content-Security-Policy'];
+            if (!cspHeader) {
+                return createResult({ id: 'security-csp-xss-effective', name: 'CSP XSS Effectiveness', category: 'security', severity: 'warning' }, 'info', 'Not applicable (CSP header not present)', { recommendation: 'This rule checks CSP effectiveness when a Content-Security-Policy header exists' });
+            }
+            const csp = String(cspHeader).toLowerCase();
+            const weaknesses = [];
+            if (csp.includes("'unsafe-inline'") && !csp.includes("'strict-dynamic'") && !csp.includes("'nonce-")) {
+                weaknesses.push("unsafe-inline without nonce/strict-dynamic");
+            }
+            if (csp.includes("'unsafe-eval'")) {
+                weaknesses.push("unsafe-eval allows code execution");
+            }
+            if (csp.includes('data:') && (csp.includes('script-src') || !csp.includes('default-src'))) {
+                weaknesses.push("data: URIs can be exploited for XSS");
+            }
+            if (csp.match(/script-src[^;]*\*/)) {
+                weaknesses.push("Wildcard in script-src");
+            }
+            if (weaknesses.length > 0) {
+                return createResult({ id: 'security-csp-xss-effective', name: 'CSP XSS Effectiveness', category: 'security', severity: 'warning' }, 'warn', `CSP may not be effective against XSS: ${weaknesses.join(', ')}`, {
+                    recommendation: 'Use nonce-based CSP or strict-dynamic for better XSS protection',
+                    evidence: {
+                        found: weaknesses,
+                        expected: 'No unsafe-inline, unsafe-eval, or wildcards',
+                        impact: 'Attackers may be able to execute malicious scripts',
+                        learnMore: 'https://web.dev/strict-csp/',
+                    },
+                });
+            }
+            return createResult({ id: 'security-csp-xss-effective', name: 'CSP XSS Effectiveness', category: 'security', severity: 'warning' }, 'pass', 'CSP appears effective against XSS attacks');
+        },
+    },
+    {
+        id: 'security-csp-directives',
+        name: 'CSP Required Directives',
+        category: 'security',
+        severity: 'error',
+        description: 'CSP should have script-src and object-src directives to prevent unsafe script execution',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-csp-directives', name: 'CSP Required Directives', category: 'security', severity: 'error' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks CSP directives when HTTP response headers are available' });
+            }
+            const cspHeader = ctx.responseHeaders['content-security-policy'] || ctx.responseHeaders['Content-Security-Policy'];
+            if (!cspHeader) {
+                return createResult({ id: 'security-csp-directives', name: 'CSP Required Directives', category: 'security', severity: 'error' }, 'info', 'Not applicable (CSP header not present)', { recommendation: 'This rule checks CSP directives when a Content-Security-Policy header exists' });
+            }
+            const csp = String(cspHeader).toLowerCase();
+            const missingDirectives = [];
+            if (!csp.includes('script-src') && !csp.includes('default-src')) {
+                missingDirectives.push({
+                    directive: 'script-src',
+                    severity: 'High',
+                    impact: 'Allows execution of unsafe scripts from any source',
+                });
+            }
+            if (!csp.includes('object-src') && !csp.includes('default-src')) {
+                missingDirectives.push({
+                    directive: 'object-src',
+                    severity: 'High',
+                    impact: 'Allows injection of plugins that execute unsafe scripts',
+                });
+            }
+            if (!csp.includes('base-uri')) {
+                missingDirectives.push({
+                    directive: 'base-uri',
+                    severity: 'Medium',
+                    impact: 'Allows attackers to change the base URL for relative links',
+                });
+            }
+            if (missingDirectives.length > 0) {
+                const highSeverity = missingDirectives.filter((d) => d.severity === 'High');
+                if (highSeverity.length > 0) {
+                    return createResult({ id: 'security-csp-directives', name: 'CSP Required Directives', category: 'security', severity: 'error' }, 'fail', `Missing critical CSP directives: ${highSeverity.map((d) => d.directive).join(', ')}`, {
+                        recommendation: "Add script-src and object-src directives. Consider setting object-src to 'none' if plugins are not needed.",
+                        evidence: {
+                            found: missingDirectives.map((d) => `${d.directive} (${d.severity}): ${d.impact}`),
+                            expected: "script-src 'self'; object-src 'none'; base-uri 'self'",
+                            impact: 'Page is vulnerable to script injection attacks',
+                            learnMore: 'https://web.dev/csp/',
+                        },
+                    });
+                }
+                return createResult({ id: 'security-csp-directives', name: 'CSP Required Directives', category: 'security', severity: 'error' }, 'warn', `Missing recommended CSP directives: ${missingDirectives.map((d) => d.directive).join(', ')}`, {
+                    recommendation: 'Add base-uri directive to prevent base tag hijacking',
+                    evidence: {
+                        found: missingDirectives.map((d) => `${d.directive}: ${d.impact}`),
+                        expected: "base-uri 'self'",
+                    },
+                });
+            }
+            return createResult({ id: 'security-csp-directives', name: 'CSP Required Directives', category: 'security', severity: 'error' }, 'pass', 'CSP has required script-src and object-src directives');
+        },
+    },
+    {
+        id: 'security-hsts-exists',
+        name: 'Strict-Transport-Security (HSTS)',
+        category: 'security',
+        severity: 'warning',
+        description: 'HSTS header forces secure connections and improves SEO indirectly.',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-hsts-exists', name: 'HSTS Header', category: 'security', severity: 'warning' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for HSTS headers when HTTP response headers are available' });
+            }
+            const hstsHeader = ctx.responseHeaders['strict-transport-security'] || ctx.responseHeaders['Strict-Transport-Security'];
+            if (!hstsHeader) {
+                return createResult({ id: 'security-hsts-exists', name: 'HSTS Header', category: 'security', severity: 'warning' }, 'warn', 'Strict-Transport-Security header is missing', {
+                    recommendation: 'Implement HSTS to force secure connections',
+                    evidence: {
+                        expected: 'Strict-Transport-Security header',
+                        impact: 'Users may connect over insecure HTTP on first visit',
+                        learnMore: 'https://web.dev/security-headers/#hsts',
+                    },
+                });
+            }
+            return createResult({ id: 'security-hsts-exists', name: 'HSTS Header', category: 'security', severity: 'warning' }, 'pass', `Strict-Transport-Security header is present: ${hstsHeader}`);
+        },
+    },
+    {
+        id: 'security-hsts-strong',
+        name: 'Strong HSTS Policy',
+        category: 'security',
+        severity: 'info',
+        description: 'HSTS should have a strong policy with long max-age and includeSubDomains',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-hsts-strong', name: 'Strong HSTS Policy', category: 'security', severity: 'info' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks HSTS policy strength when HTTP response headers are available' });
+            }
+            const hstsHeader = ctx.responseHeaders['strict-transport-security'] || ctx.responseHeaders['Strict-Transport-Security'];
+            if (!hstsHeader) {
+                return createResult({ id: 'security-hsts-strong', name: 'Strong HSTS Policy', category: 'security', severity: 'info' }, 'info', 'Not applicable (HSTS header not present)', { recommendation: 'This rule checks HSTS policy strength when a Strict-Transport-Security header exists' });
+            }
+            const hsts = String(hstsHeader).toLowerCase();
+            const weaknesses = [];
+            const maxAgeMatch = hsts.match(/max-age\s*=\s*(\d+)/);
+            const maxAge = maxAgeMatch ? parseInt(maxAgeMatch[1], 10) : 0;
+            const oneYear = 31536000;
+            if (maxAge < oneYear) {
+                weaknesses.push(`max-age is ${maxAge}s (recommended: ${oneYear}s / 1 year)`);
+            }
+            if (!hsts.includes('includesubdomains')) {
+                weaknesses.push('Missing includeSubDomains');
+            }
+            if (!hsts.includes('preload')) {
+                weaknesses.push('Missing preload (optional but recommended)');
+            }
+            if (weaknesses.length > 0) {
+                return createResult({ id: 'security-hsts-strong', name: 'Strong HSTS Policy', category: 'security', severity: 'info' }, 'info', `HSTS policy could be stronger: ${weaknesses.join('; ')}`, {
+                    recommendation: 'Use max-age=31536000; includeSubDomains; preload',
+                    evidence: {
+                        found: hstsHeader,
+                        expected: 'max-age=31536000; includeSubDomains; preload',
+                        learnMore: 'https://hstspreload.org/',
+                    },
+                });
+            }
+            return createResult({ id: 'security-hsts-strong', name: 'Strong HSTS Policy', category: 'security', severity: 'info' }, 'pass', 'Strong HSTS policy with long max-age and includeSubDomains');
+        },
+    },
+    {
+        id: 'security-coop',
+        name: 'Cross-Origin-Opener-Policy (COOP)',
+        category: 'security',
+        severity: 'info',
+        description: 'COOP ensures proper origin isolation for security',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-coop', name: 'Cross-Origin-Opener-Policy', category: 'security', severity: 'info' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for COOP headers when HTTP response headers are available' });
+            }
+            const coopHeader = ctx.responseHeaders['cross-origin-opener-policy'] || ctx.responseHeaders['Cross-Origin-Opener-Policy'];
+            if (!coopHeader) {
+                return createResult({ id: 'security-coop', name: 'Cross-Origin-Opener-Policy', category: 'security', severity: 'info' }, 'info', 'Cross-Origin-Opener-Policy header is missing', {
+                    recommendation: 'Add COOP header to isolate your origin from attackers',
+                    evidence: {
+                        expected: 'Cross-Origin-Opener-Policy: same-origin',
+                        impact: 'Lack of origin isolation may enable cross-origin attacks',
+                        learnMore: 'https://web.dev/coop-coep/',
+                    },
+                });
+            }
+            const coop = String(coopHeader).toLowerCase();
+            if (coop === 'same-origin') {
+                return createResult({ id: 'security-coop', name: 'Cross-Origin-Opener-Policy', category: 'security', severity: 'info' }, 'pass', 'COOP: same-origin (full isolation)');
+            }
+            if (coop === 'same-origin-allow-popups') {
+                return createResult({ id: 'security-coop', name: 'Cross-Origin-Opener-Policy', category: 'security', severity: 'info' }, 'pass', 'COOP: same-origin-allow-popups');
+            }
+            const coopValue = Array.isArray(coopHeader) ? coopHeader.join(', ') : String(coopHeader);
+            return createResult({ id: 'security-coop', name: 'Cross-Origin-Opener-Policy', category: 'security', severity: 'info' }, 'info', `COOP: ${coopValue}`, { value: coopValue });
+        },
+    },
+    {
+        id: 'security-coep',
+        name: 'Cross-Origin-Embedder-Policy (COEP)',
+        category: 'security',
+        severity: 'info',
+        description: 'COEP prevents loading cross-origin resources without explicit permission',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-coep', name: 'Cross-Origin-Embedder-Policy', category: 'security', severity: 'info' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for COEP headers when HTTP response headers are available' });
+            }
+            const coepHeader = ctx.responseHeaders['cross-origin-embedder-policy'] || ctx.responseHeaders['Cross-Origin-Embedder-Policy'];
+            if (!coepHeader) {
+                return createResult({ id: 'security-coep', name: 'Cross-Origin-Embedder-Policy', category: 'security', severity: 'info' }, 'info', 'Cross-Origin-Embedder-Policy header is missing', {
+                    recommendation: 'Add COEP header for cross-origin isolation',
+                    evidence: {
+                        expected: 'Cross-Origin-Embedder-Policy: require-corp',
+                        impact: 'Required for SharedArrayBuffer and high-resolution timers',
+                        learnMore: 'https://web.dev/coop-coep/',
+                    },
+                });
+            }
+            return createResult({ id: 'security-coep', name: 'Cross-Origin-Embedder-Policy', category: 'security', severity: 'info' }, 'pass', `COEP: ${coepHeader}`);
+        },
+    },
+    {
+        id: 'security-trusted-types',
+        name: 'Trusted Types',
+        category: 'security',
+        severity: 'info',
+        description: 'Trusted Types help prevent DOM-based XSS attacks',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-trusted-types', name: 'Trusted Types', category: 'security', severity: 'info' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for Trusted Types in CSP when HTTP response headers are available' });
+            }
+            const cspHeader = ctx.responseHeaders['content-security-policy'] || ctx.responseHeaders['Content-Security-Policy'];
+            if (!cspHeader) {
+                return createResult({ id: 'security-trusted-types', name: 'Trusted Types', category: 'security', severity: 'info' }, 'info', 'Not applicable (CSP header not present)', { recommendation: 'This rule checks for Trusted Types when a Content-Security-Policy header exists' });
+            }
+            const csp = String(cspHeader).toLowerCase();
+            if (csp.includes('require-trusted-types-for')) {
+                return createResult({ id: 'security-trusted-types', name: 'Trusted Types', category: 'security', severity: 'info' }, 'pass', 'Trusted Types policy enabled via CSP');
+            }
+            return createResult({ id: 'security-trusted-types', name: 'Trusted Types', category: 'security', severity: 'info' }, 'info', 'Trusted Types not enabled', {
+                recommendation: 'Add require-trusted-types-for to CSP for DOM XSS protection',
+                evidence: {
+                    expected: "Content-Security-Policy: require-trusted-types-for 'script'",
+                    impact: 'DOM manipulation may be vulnerable to XSS attacks',
+                    learnMore: 'https://web.dev/trusted-types/',
+                },
+            });
+        },
+    },
+    {
+        id: 'security-xfo-exists',
+        name: 'X-Frame-Options',
+        category: 'security',
+        severity: 'warning',
+        description: 'X-Frame-Options header should be present to prevent clickjacking.',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-xfo-exists', name: 'X-Frame-Options', category: 'security', severity: 'warning' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for X-Frame-Options headers when HTTP response headers are available' });
+            }
+            const xfoHeader = ctx.responseHeaders['x-frame-options'] || ctx.responseHeaders['X-Frame-Options'];
+            if (!xfoHeader) {
+                return createResult({ id: 'security-xfo-exists', name: 'X-Frame-Options', category: 'security', severity: 'warning' }, 'warn', 'X-Frame-Options header is missing', {
+                    recommendation: 'Implement X-Frame-Options to prevent clickjacking attacks',
+                    evidence: {
+                        expected: 'X-Frame-Options: DENY or SAMEORIGIN',
+                        impact: 'Page can be embedded in malicious iframes for clickjacking',
+                        learnMore: 'https://web.dev/security-headers/#xfo',
+                    },
+                });
+            }
+            return createResult({ id: 'security-xfo-exists', name: 'X-Frame-Options', category: 'security', severity: 'warning' }, 'pass', `X-Frame-Options header is present: ${xfoHeader}`);
+        },
+    },
+    {
+        id: 'security-frame-ancestors',
+        name: 'CSP frame-ancestors',
+        category: 'security',
+        severity: 'info',
+        description: 'CSP frame-ancestors is the modern replacement for X-Frame-Options',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-frame-ancestors', name: 'CSP frame-ancestors', category: 'security', severity: 'info' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for CSP frame-ancestors when HTTP response headers are available' });
+            }
+            const cspHeader = ctx.responseHeaders['content-security-policy'] || ctx.responseHeaders['Content-Security-Policy'];
+            const xfoHeader = ctx.responseHeaders['x-frame-options'] || ctx.responseHeaders['X-Frame-Options'];
+            if (!cspHeader && !xfoHeader) {
+                return createResult({ id: 'security-frame-ancestors', name: 'CSP frame-ancestors', category: 'security', severity: 'info' }, 'info', 'Not applicable (neither CSP nor X-Frame-Options present)', { recommendation: 'This rule checks CSP frame-ancestors when clickjacking protection headers are present' });
+            }
+            if (cspHeader && String(cspHeader).toLowerCase().includes('frame-ancestors')) {
+                return createResult({ id: 'security-frame-ancestors', name: 'CSP frame-ancestors', category: 'security', severity: 'info' }, 'pass', 'CSP frame-ancestors directive present (modern clickjacking protection)');
+            }
+            if (xfoHeader && !cspHeader) {
+                return createResult({ id: 'security-frame-ancestors', name: 'CSP frame-ancestors', category: 'security', severity: 'info' }, 'info', 'Using X-Frame-Options; consider migrating to CSP frame-ancestors', {
+                    recommendation: 'Use CSP frame-ancestors for better control over framing',
+                    evidence: {
+                        found: `X-Frame-Options: ${xfoHeader}`,
+                        expected: "Content-Security-Policy: frame-ancestors 'self'",
+                        learnMore: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors',
+                    },
+                });
+            }
+            return createResult({ id: 'security-frame-ancestors', name: 'CSP frame-ancestors', category: 'security', severity: 'info' }, 'info', 'Not applicable (clickjacking protection configured without frame-ancestors)', { recommendation: 'This rule checks modern frame-ancestors directive in CSP for enhanced clickjacking protection' });
+        },
+    },
+    {
+        id: 'security-cors-config',
+        name: 'CORS Configuration',
+        category: 'security',
+        severity: 'warning',
+        description: 'Review Access-Control-Allow-Origin header for proper CORS configuration.',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-cors-config', name: 'CORS Configuration', category: 'security', severity: 'warning' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks CORS configuration when HTTP response headers are available' });
+            }
+            const acaoHeader = ctx.responseHeaders['access-control-allow-origin'] || ctx.responseHeaders['Access-Control-Allow-Origin'];
+            if (acaoHeader === '*') {
+                return createResult({ id: 'security-cors-config', name: 'CORS Configuration', category: 'security', severity: 'warning' }, 'warn', 'Access-Control-Allow-Origin is set to "*"', {
+                    recommendation: 'Avoid wildcard (*) in Access-Control-Allow-Origin for sensitive content',
+                    evidence: {
+                        found: '*',
+                        expected: 'Specific origins only',
+                        impact: 'Any website can make requests to your API',
+                    },
+                });
+            }
+            if (!acaoHeader) {
+                return createResult({ id: 'security-cors-config', name: 'CORS Configuration', category: 'security', severity: 'warning' }, 'info', 'Access-Control-Allow-Origin header is missing', { recommendation: 'Configure CORS if resources are consumed cross-origin' });
+            }
+            return createResult({ id: 'security-cors-config', name: 'CORS Configuration', category: 'security', severity: 'warning' }, 'pass', `Access-Control-Allow-Origin: ${acaoHeader}`);
+        },
+    },
+    {
+        id: 'security-xcto-exists',
+        name: 'X-Content-Type-Options',
+        category: 'security',
+        severity: 'warning',
+        description: 'X-Content-Type-Options header prevents MIME sniffing attacks.',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-xcto-exists', name: 'X-Content-Type-Options', category: 'security', severity: 'warning' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for X-Content-Type-Options headers when HTTP response headers are available' });
+            }
+            const xctoHeader = ctx.responseHeaders['x-content-type-options'] || ctx.responseHeaders['X-Content-Type-Options'];
+            if (!xctoHeader) {
+                return createResult({ id: 'security-xcto-exists', name: 'X-Content-Type-Options', category: 'security', severity: 'warning' }, 'warn', 'X-Content-Type-Options header is missing', {
+                    recommendation: 'Implement X-Content-Type-Options: nosniff',
+                    evidence: {
+                        expected: 'X-Content-Type-Options: nosniff',
+                        impact: 'Browser may interpret files incorrectly, leading to security issues',
+                    },
+                });
+            }
+            return createResult({ id: 'security-xcto-exists', name: 'X-Content-Type-Options', category: 'security', severity: 'warning' }, 'pass', `X-Content-Type-Options: ${xctoHeader}`);
+        },
+    },
+    {
+        id: 'security-rp-exists',
+        name: 'Referrer-Policy',
+        category: 'security',
+        severity: 'info',
+        description: 'Referrer-Policy controls how much referrer information is sent with requests.',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-rp-exists', name: 'Referrer-Policy', category: 'security', severity: 'info' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for Referrer-Policy headers when HTTP response headers are available' });
+            }
+            const rpHeader = ctx.responseHeaders['referrer-policy'] || ctx.responseHeaders['Referrer-Policy'];
+            if (!rpHeader) {
+                return createResult({ id: 'security-rp-exists', name: 'Referrer-Policy', category: 'security', severity: 'info' }, 'info', 'Referrer-Policy header is missing', {
+                    recommendation: 'Implement Referrer-Policy for privacy (e.g., strict-origin-when-cross-origin)',
+                    evidence: {
+                        expected: 'Referrer-Policy: strict-origin-when-cross-origin',
+                        impact: 'Full URLs may leak in referrer headers',
+                    },
+                });
+            }
+            return createResult({ id: 'security-rp-exists', name: 'Referrer-Policy', category: 'security', severity: 'info' }, 'pass', `Referrer-Policy: ${rpHeader}`);
+        },
+    },
+    {
+        id: 'security-pp-exists',
+        name: 'Permissions-Policy',
+        category: 'security',
+        severity: 'info',
+        description: 'Permissions-Policy controls browser features available to the page.',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-pp-exists', name: 'Permissions-Policy', category: 'security', severity: 'info' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for Permissions-Policy headers when HTTP response headers are available' });
+            }
+            const ppHeader = ctx.responseHeaders['permissions-policy'] || ctx.responseHeaders['Permissions-Policy'];
+            if (!ppHeader) {
+                return createResult({ id: 'security-pp-exists', name: 'Permissions-Policy', category: 'security', severity: 'info' }, 'info', 'Permissions-Policy header is missing', {
+                    recommendation: 'Disable unused browser features (e.g., camera=(), microphone=())',
+                    evidence: {
+                        expected: 'Permissions-Policy header',
+                        impact: 'Third-party code may access browser features unnecessarily',
+                    },
+                });
+            }
+            return createResult({ id: 'security-pp-exists', name: 'Permissions-Policy', category: 'security', severity: 'info' }, 'pass', 'Permissions-Policy header is present');
+        },
+    },
+    {
+        id: 'security-xxss',
+        name: 'X-XSS-Protection',
+        category: 'security',
+        severity: 'info',
+        description: 'X-XSS-Protection is deprecated but may still provide protection in older browsers',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-xxss', name: 'X-XSS-Protection', category: 'security', severity: 'info' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for deprecated X-XSS-Protection headers when HTTP response headers are available' });
+            }
+            const xxssHeader = ctx.responseHeaders['x-xss-protection'] || ctx.responseHeaders['X-XSS-Protection'];
+            if (xxssHeader && String(xxssHeader).includes('1')) {
+                return createResult({ id: 'security-xxss', name: 'X-XSS-Protection', category: 'security', severity: 'info' }, 'info', 'X-XSS-Protection is enabled but deprecated', {
+                    recommendation: 'Use Content-Security-Policy instead; X-XSS-Protection can be disabled',
+                    evidence: {
+                        found: xxssHeader,
+                        expected: 'CSP for XSS protection',
+                        impact: 'X-XSS-Protection can introduce vulnerabilities in some cases',
+                        learnMore: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection',
+                    },
+                });
+            }
+            return createResult({ id: 'security-xxss', name: 'X-XSS-Protection', category: 'security', severity: 'info' }, 'info', 'Not applicable (X-XSS-Protection not present or disabled)', { recommendation: 'This rule checks for deprecated X-XSS-Protection headers when present' });
+        },
+    },
+    {
+        id: 'security-corp',
+        name: 'Cross-Origin-Resource-Policy (CORP)',
+        category: 'security',
+        severity: 'info',
+        description: 'CORP restricts which origins can load your resources',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-corp', name: 'Cross-Origin-Resource-Policy', category: 'security', severity: 'info' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for CORP headers when HTTP response headers are available' });
+            }
+            const corpHeader = ctx.responseHeaders['cross-origin-resource-policy'] || ctx.responseHeaders['Cross-Origin-Resource-Policy'];
+            if (!corpHeader) {
+                return createResult({ id: 'security-corp', name: 'Cross-Origin-Resource-Policy', category: 'security', severity: 'info' }, 'info', 'Cross-Origin-Resource-Policy header is missing', {
+                    recommendation: 'Consider adding CORP to control resource loading',
+                    evidence: {
+                        expected: 'Cross-Origin-Resource-Policy: same-origin or same-site',
+                        impact: 'Resources may be loaded by any origin',
+                        learnMore: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy',
+                    },
+                });
+            }
+            return createResult({ id: 'security-corp', name: 'Cross-Origin-Resource-Policy', category: 'security', severity: 'info' }, 'pass', `CORP: ${corpHeader}`);
+        },
+    },
+    {
+        id: 'security-ssl-valid',
+        name: 'SSL Certificate Valid',
+        category: 'security',
+        severity: 'error',
+        description: 'SSL certificate must be valid and not expired',
+        check: (ctx) => {
+            if (ctx.sslCertificate === undefined) {
+                return createResult({ id: 'security-ssl-valid', name: 'SSL Certificate Valid', category: 'security', severity: 'error' }, 'info', 'Not applicable (SSL certificate information unavailable)', { recommendation: 'This rule checks SSL certificate validity when certificate information is available' });
+            }
+            if (!ctx.sslCertificate.valid) {
+                return createResult({ id: 'security-ssl-valid', name: 'SSL Certificate Valid', category: 'security', severity: 'error' }, 'fail', 'SSL certificate is invalid', {
+                    recommendation: 'Renew or replace the SSL certificate immediately',
+                    evidence: {
+                        found: ctx.sslCertificate.error || 'Invalid certificate',
+                        impact: 'Browsers will show security warnings, users may not trust the site',
+                    },
+                });
+            }
+            return createResult({ id: 'security-ssl-valid', name: 'SSL Certificate Valid', category: 'security', severity: 'error' }, 'pass', 'SSL certificate is valid');
+        },
+    },
+    {
+        id: 'security-ssl-expiry',
+        name: 'SSL Certificate Expiry',
+        category: 'security',
+        severity: 'warning',
+        description: 'SSL certificate should not expire within 30 days',
+        check: (ctx) => {
+            if (!ctx.sslCertificate?.expiryDate) {
+                return createResult({ id: 'security-ssl-expiry', name: 'SSL Certificate Expiry', category: 'security', severity: 'warning' }, 'info', 'Not applicable (SSL certificate expiry date unavailable)', { recommendation: 'This rule checks SSL certificate expiration when certificate expiry information is available' });
+            }
+            const expiryDate = new Date(ctx.sslCertificate.expiryDate);
+            const now = new Date();
+            const daysUntilExpiry = Math.floor((expiryDate.getTime() - now.getTime()) / (1000 * 60 * 60 * 24));
+            if (daysUntilExpiry < 0) {
+                return createResult({ id: 'security-ssl-expiry', name: 'SSL Certificate Expiry', category: 'security', severity: 'warning' }, 'fail', 'SSL certificate has expired', {
+                    recommendation: 'Renew the SSL certificate immediately',
+                    evidence: {
+                        found: `Expired ${Math.abs(daysUntilExpiry)} days ago`,
+                        impact: 'Site is showing security warnings to all visitors',
+                    },
+                });
+            }
+            if (daysUntilExpiry < 7) {
+                return createResult({ id: 'security-ssl-expiry', name: 'SSL Certificate Expiry', category: 'security', severity: 'warning' }, 'fail', `SSL certificate expires in ${daysUntilExpiry} days`, {
+                    recommendation: 'Renew the SSL certificate urgently',
+                    evidence: {
+                        found: `Expires: ${expiryDate.toISOString().split('T')[0]}`,
+                        impact: 'Certificate will expire very soon',
+                    },
+                });
+            }
+            if (daysUntilExpiry < 30) {
+                return createResult({ id: 'security-ssl-expiry', name: 'SSL Certificate Expiry', category: 'security', severity: 'warning' }, 'warn', `SSL certificate expires in ${daysUntilExpiry} days`, {
+                    recommendation: 'Plan to renew the SSL certificate soon',
+                    evidence: {
+                        found: `Expires: ${expiryDate.toISOString().split('T')[0]}`,
+                    },
+                });
+            }
+            return createResult({ id: 'security-ssl-expiry', name: 'SSL Certificate Expiry', category: 'security', severity: 'warning' }, 'pass', `SSL certificate valid for ${daysUntilExpiry} days`);
+        },
+    },
+    {
+        id: 'security-ssl-name-match',
+        name: 'SSL Certificate Name Match',
+        category: 'security',
+        severity: 'error',
+        description: 'SSL certificate CN/SAN must match the domain',
+        check: (ctx) => {
+            if (ctx.sslCertificate?.nameMismatch === undefined) {
+                return createResult({ id: 'security-ssl-name-match', name: 'SSL Certificate Name Match', category: 'security', severity: 'error' }, 'info', 'Not applicable (SSL certificate name match information unavailable)', { recommendation: 'This rule checks SSL certificate name matching when certificate domain information is available' });
+            }
+            if (ctx.sslCertificate.nameMismatch) {
+                return createResult({ id: 'security-ssl-name-match', name: 'SSL Certificate Name Match', category: 'security', severity: 'error' }, 'fail', 'SSL certificate name mismatch', {
+                    recommendation: 'Get a certificate that matches your domain name',
+                    evidence: {
+                        found: ctx.sslCertificate.commonName || 'Unknown',
+                        expected: ctx.sslCertificate.expectedDomain || 'Domain name',
+                        impact: 'Browsers will show certificate warning',
+                    },
+                });
+            }
+            return createResult({ id: 'security-ssl-name-match', name: 'SSL Certificate Name Match', category: 'security', severity: 'error' }, 'pass', 'SSL certificate matches domain');
+        },
+    },
+    {
+        id: 'security-tls-version',
+        name: 'TLS Version',
+        category: 'security',
+        severity: 'error',
+        description: 'Server should use TLS 1.2 or higher',
+        check: (ctx) => {
+            if (!ctx.tlsVersion) {
+                return createResult({ id: 'security-tls-version', name: 'TLS Version', category: 'security', severity: 'error' }, 'info', 'Not applicable (TLS version information unavailable)', { recommendation: 'This rule checks TLS version when TLS connection information is available' });
+            }
+            const version = ctx.tlsVersion;
+            const insecureVersions = ['SSLv2', 'SSLv3', 'TLSv1', 'TLSv1.0', 'TLSv1.1'];
+            if (insecureVersions.includes(version)) {
+                return createResult({ id: 'security-tls-version', name: 'TLS Version', category: 'security', severity: 'error' }, 'fail', `Insecure TLS version: ${version}`, {
+                    recommendation: 'Upgrade to TLS 1.2 or TLS 1.3',
+                    evidence: {
+                        found: version,
+                        expected: 'TLSv1.2 or TLSv1.3',
+                        impact: 'Old TLS versions have known vulnerabilities',
+                    },
+                });
+            }
+            return createResult({ id: 'security-tls-version', name: 'TLS Version', category: 'security', severity: 'error' }, 'pass', `Using ${version}`);
+        },
+    },
+    {
+        id: 'security-ssl-issuer',
+        name: 'SSL Certificate Issuer',
+        category: 'security',
+        severity: 'info',
+        description: 'SSL certificate should be from a trusted CA',
+        check: (ctx) => {
+            if (!ctx.sslCertificate?.issuer) {
+                return createResult({ id: 'security-ssl-issuer', name: 'SSL Certificate Issuer', category: 'security', severity: 'info' }, 'info', 'Not applicable (SSL certificate issuer information unavailable)', { recommendation: 'This rule checks SSL certificate issuer when certificate issuer information is available' });
+            }
+            const issuer = ctx.sslCertificate.issuer;
+            const selfSigned = issuer.toLowerCase().includes('self-signed') ||
+                ctx.sslCertificate.selfSigned === true;
+            if (selfSigned) {
+                return createResult({ id: 'security-ssl-issuer', name: 'SSL Certificate Issuer', category: 'security', severity: 'info' }, 'warn', 'Self-signed SSL certificate detected', {
+                    recommendation: 'Use a certificate from a trusted Certificate Authority',
+                    evidence: {
+                        found: issuer,
+                        impact: 'Self-signed certificates show warnings in browsers',
+                    },
+                });
+            }
+            return createResult({ id: 'security-ssl-issuer', name: 'SSL Certificate Issuer', category: 'security', severity: 'info' }, 'pass', `Certificate issued by: ${issuer}`);
+        },
+    },
+    {
+        id: 'security-password-on-http',
+        name: 'Password Fields on HTTP',
+        category: 'security',
+        severity: 'error',
+        description: 'Password fields must only appear on HTTPS pages',
+        check: (ctx) => {
+            if (ctx.hasPasswordField === undefined) {
+                return createResult({ id: 'security-password-on-http', name: 'Password Fields on HTTP', category: 'security', severity: 'error' }, 'info', 'Not applicable (password field information unavailable)', { recommendation: 'This rule checks for password fields on insecure pages when password field data is available' });
+            }
+            if (ctx.hasPasswordField && ctx.isHttps === false) {
+                return createResult({ id: 'security-password-on-http', name: 'Password Fields on HTTP', category: 'security', severity: 'error' }, 'fail', 'Password field on insecure HTTP page', {
+                    recommendation: 'Enable HTTPS for all pages with password fields',
+                    evidence: {
+                        impact: 'Passwords sent over HTTP can be intercepted',
+                    },
+                });
+            }
+            if (ctx.hasPasswordField && ctx.isHttps === true) {
+                return createResult({ id: 'security-password-on-http', name: 'Password Fields on HTTP', category: 'security', severity: 'error' }, 'pass', 'Password fields are on HTTPS');
+            }
+            return createResult({ id: 'security-password-on-http', name: 'Password Fields on HTTP', category: 'security', severity: 'error' }, 'info', 'Not applicable (no password fields detected)', { recommendation: 'This rule checks if password fields are only used on HTTPS pages when password fields are present' });
+        },
+    },
+    {
+        id: 'security-forms-on-http',
+        name: 'Forms on HTTP',
+        category: 'security',
+        severity: 'warning',
+        description: 'Forms should only submit to HTTPS endpoints',
+        check: (ctx) => {
+            if (ctx.formsOnHttp === undefined) {
+                return createResult({ id: 'security-forms-on-http', name: 'Forms on HTTP', category: 'security', severity: 'warning' }, 'info', 'Not applicable (form submission data unavailable)', { recommendation: 'This rule checks if forms submit to HTTPS endpoints when form data is available' });
+            }
+            if (ctx.formsOnHttp > 0) {
+                return createResult({ id: 'security-forms-on-http', name: 'Forms on HTTP', category: 'security', severity: 'warning' }, 'warn', `${ctx.formsOnHttp} form(s) submit to HTTP`, {
+                    value: ctx.formsOnHttp,
+                    recommendation: 'Update form actions to use HTTPS',
+                    evidence: {
+                        impact: 'Form data sent over HTTP can be intercepted',
+                    },
+                });
+            }
+            return createResult({ id: 'security-forms-on-http', name: 'Forms on HTTP', category: 'security', severity: 'warning' }, 'pass', 'All forms submit to HTTPS');
+        },
+    },
+    {
+        id: 'security-server-disclosure',
+        name: 'Server Version Disclosure',
+        category: 'security',
+        severity: 'info',
+        description: 'Server header should not reveal detailed version information',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-server-disclosure', name: 'Server Version Disclosure', category: 'security', severity: 'info' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for server version disclosure when HTTP response headers are available' });
+            }
+            const serverHeader = ctx.responseHeaders['server'] || ctx.responseHeaders['Server'];
+            if (!serverHeader) {
+                return createResult({ id: 'security-server-disclosure', name: 'Server Version Disclosure', category: 'security', severity: 'info' }, 'info', 'Not applicable (Server header not present)', { recommendation: 'This rule checks for server version disclosure when Server header is present' });
+            }
+            const server = String(serverHeader);
+            if (/\d+\.\d+/.test(server)) {
+                return createResult({ id: 'security-server-disclosure', name: 'Server Version Disclosure', category: 'security', severity: 'info' }, 'info', `Server header reveals version: ${server}`, {
+                    recommendation: 'Configure server to hide version information',
+                    evidence: {
+                        found: server,
+                        impact: 'Attackers can target known vulnerabilities',
+                    },
+                });
+            }
+            return createResult({ id: 'security-server-disclosure', name: 'Server Version Disclosure', category: 'security', severity: 'info' }, 'info', 'Not applicable (Server header not present or does not disclose version)', { recommendation: 'This rule checks if the Server header reveals version information' });
+        },
+    },
+    {
+        id: 'security-x-powered-by',
+        name: 'X-Powered-By Header',
+        category: 'security',
+        severity: 'info',
+        description: 'X-Powered-By header reveals technology stack',
+        check: (ctx) => {
+            if (!ctx.responseHeaders) {
+                return createResult({ id: 'security-x-powered-by', name: 'X-Powered-By Header', category: 'security', severity: 'info' }, 'info', 'Not applicable (response headers unavailable)', { recommendation: 'This rule checks for X-Powered-By header disclosure when HTTP response headers are available' });
+            }
+            const xPoweredBy = ctx.responseHeaders['x-powered-by'] || ctx.responseHeaders['X-Powered-By'];
+            if (xPoweredBy) {
+                return createResult({ id: 'security-x-powered-by', name: 'X-Powered-By Header', category: 'security', severity: 'info' }, 'info', `X-Powered-By header present: ${xPoweredBy}`, {
+                    recommendation: 'Remove X-Powered-By header to reduce attack surface',
+                    evidence: {
+                        found: String(xPoweredBy),
+                        impact: 'Reveals technology stack to potential attackers',
+                    },
+                });
+            }
+            return createResult({ id: 'security-x-powered-by', name: 'X-Powered-By Header', category: 'security', severity: 'info' }, 'info', 'Not applicable (X-Powered-By header not present)', { recommendation: 'This rule checks for X-Powered-By header disclosure when the header is present' });
+        },
+    },
+    {
+        id: 'ssl-sni-support',
+        name: 'SNI Support',
+        category: 'security',
+        severity: 'info',
+        description: 'Server should support Server Name Indication (SNI)',
+        check: (ctx) => {
+            if (ctx.sniSupported === undefined) {
+                return createResult({ id: 'ssl-sni-support', name: 'SNI Support', category: 'security', severity: 'info' }, 'info', 'Not applicable (SNI support information unavailable)', { recommendation: 'This rule checks for SNI support when SNI information is available' });
+            }
+            if (!ctx.sniSupported) {
+                return createResult({ id: 'ssl-sni-support', name: 'SNI Support', category: 'security', severity: 'info' }, 'info', 'Server may not support SNI', {
+                    recommendation: 'Ensure web server supports SNI for proper HTTPS functionality',
+                    evidence: {
+                        impact: 'Some older browsers may have issues with SSL certificates without SNI support'
+                    }
+                });
+            }
+            return createResult({ id: 'ssl-sni-support', name: 'SNI Support', category: 'security', severity: 'info' }, 'info', 'Not applicable (SNI is supported)', { recommendation: 'This rule checks for SNI support issues when SNI is not supported' });
+        },
+    },
+    {
+        id: 'sitemap-https-urls',
+        name: 'HTTPS URLs in Sitemap',
+        category: 'security',
+        severity: 'warning',
+        description: 'Sitemap should only contain HTTPS URLs',
+        check: (ctx) => {
+            if (ctx.sitemapHttpUrls === undefined) {
+                return createResult({ id: 'sitemap-https-urls', name: 'HTTPS URLs in Sitemap', category: 'security', severity: 'warning' }, 'info', 'Not applicable (sitemap URL data unavailable)', { recommendation: 'This rule checks sitemap URLs for HTTPS usage when sitemap data is available' });
+            }
+            if (ctx.sitemapHttpUrls > 0) {
+                return createResult({ id: 'sitemap-https-urls', name: 'HTTPS URLs in Sitemap', category: 'security', severity: 'warning' }, 'warn', `Sitemap contains ${ctx.sitemapHttpUrls} HTTP URLs`, {
+                    value: ctx.sitemapHttpUrls,
+                    recommendation: 'Replace all HTTP URLs in sitemap.xml with HTTPS versions',
+                    evidence: {
+                        found: `${ctx.sitemapHttpUrls} HTTP URLs`,
+                        expected: 'All URLs should use HTTPS',
+                        impact: 'HTTP URLs in sitemap can cause mixed content issues and indexing confusion'
+                    }
+                });
+            }
+            return createResult({ id: 'sitemap-https-urls', name: 'HTTPS URLs in Sitemap', category: 'security', severity: 'warning' }, 'pass', 'All sitemap URLs use HTTPS');
+        },
+    },
+    {
+        id: 'security-hsts',
+        name: 'HSTS Header',
+        category: 'security',
+        severity: 'info',
+        description: 'HTTPS sites should implement HSTS for security',
+        check: (ctx) => {
+            if (!ctx.isHttps) {
+                return createResult({ id: 'security-hsts', name: 'HSTS Header', category: 'security', severity: 'info' }, 'info', 'Not applicable (page is not served over HTTPS)', { recommendation: 'This rule checks HSTS implementation on HTTPS sites only' });
+            }
+            if (ctx.hasHsts === undefined) {
+                return createResult({ id: 'security-hsts', name: 'HSTS Header', category: 'security', severity: 'info' }, 'info', 'Not applicable (HSTS status unavailable)', { recommendation: 'This rule checks for HSTS headers when HSTS information is available' });
+            }
+            if (!ctx.hasHsts) {
+                return createResult({ id: 'security-hsts', name: 'HSTS Header', category: 'security', severity: 'info' }, 'info', 'Missing Strict-Transport-Security header', {
+                    recommendation: 'Implement HSTS to enforce HTTPS connections',
+                    evidence: {
+                        expected: 'Strict-Transport-Security: max-age=31536000; includeSubDomains',
+                        impact: 'Without HSTS, browsers may still attempt insecure HTTP connections',
+                        learnMore: 'https://web.dev/strict-transport-security/'
+                    }
+                });
+            }
+            return createResult({ id: 'security-hsts', name: 'HSTS Header', category: 'security', severity: 'info' }, 'pass', 'HSTS header is present');
+        },
+    },
+];