Security & Responsible Disclosure

This site aims to be transparent about security practices and how to report vulnerabilities.

Recommended security headers (server-side)

These are things we recommend enabling on the server for better protection:

• Strict-Transport-Security (HSTS) — enforce HTTPS
• Content-Security-Policy (CSP) — restrict allowed sources
• Referrer-Policy — limit referrer leakage
• Permissions-Policy — disable unused powerful APIs
• X-Frame-Options — prevent clickjacking

Automated scans & badges

Consider adding badges from automated scanning tools (Dependabot, Snyk, etc.) to increase trust. Those can be linked from this page.

Badges above are placeholders — replace links with your scanner report URLs.

PGP / Encryption

We accept encrypted reports. See the security.txt for a link to a PGP public key.

CVE Intelligence

For latest intel on CVE information for vulnerability researchers, check out CVEIntel.

Note: Security controls are enforced server-side; this page documents policy and contact info rather than replacing server configuration.