Scan page source code for accidentally exposed API keys, tokens, passwords, and sensitive data patterns.