How to report a vulnerability

Guidelines for

Did you find a vulnerability on Use these guidelines and instructions to report the vulnerability to us. 


We take security seriously and will thoroughly investigate your report.

In-scope: *

Out of scope:



  • third-party domains



This page is only for responsible disclosures.

  • Please notify us as soon as possible after finding a vulnerability on

  • Provide the technical details, steps to exploit, and a proof of concept, if available.

  • Don’t exploit vulnerabilities that will cause a service disruption or social engineer or phish our employees to prove out the vulnerability.

  • Avoid privacy violations. If an exploited vulnerability results in access to personally identifying or confidential information, don’t transfer, alter, or destroy it.

  • Refrain from publicly disclosing the vulnerability before it’s fixed.
  • We do not provide bounties at this time


Out-of-scope vulnerabilities

We won’t consider these submissions:

  • Vulnerabilities from scanners and tools

  • Issues related to HTTP headers

  • Error messages that don’t include sensitive information

  • Issues related to SSL/TLS configurations

  • Clickjacking on static web pages

  • Use of outdated software and libraries

Report a vulnerability

Email us with the full details and a proof of concept at: