Security Policy
Our commitment to security and guidelines for responsible vulnerability disclosure.
Responsible Disclosure Policy
We appreciate the work of security researchers and the responsible disclosure of vulnerabilities. If you discover a security issue with Headertest, please report it to us in a responsible manner.
Contact: [email protected]
Reporting Guidelines
When reporting a security vulnerability, please include:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity assessment
- Any proof-of-concept code or screenshots
- Your contact information for follow-up
What We Investigate
In Scope
- ✓ Authentication bypass
- ✓ Cross-site scripting (XSS)
- ✓ SQL injection
- ✓ Server-side request forgery (SSRF)
- ✓ Remote code execution
- ✓ Privilege escalation
Out of Scope
- × Denial of service attacks
- × Social engineering attacks
- × Physical security issues
- × Spam or content injection
- × Rate limiting bypass
- × SSL/TLS configuration issues
Our Commitment
When you report a security vulnerability to us, we commit to:
- Acknowledge receipt of your report within 48 hours
- Provide a detailed response within 72 hours
- Keep you informed about our progress
- Not take legal action against you for responsible disclosure
Response Timeline
Initial Response
Within 48 hours of receiving your report
Assessment
Detailed analysis within 72 hours
Resolution
Fix implemented based on severity
Disclosure
Coordinated disclosure after fix is deployed
Security Measures
Headertest implements multiple security measures to protect user data and ensure service integrity:
Infrastructure Security
- → Content Security Policy (CSP)
- → Strict Transport Security (HSTS)
- → Secure HTTP headers
- → Rate limiting protection
Application Security
- → Input validation and sanitization
- → Secure session management
- → Regular security updates
- → Minimal data collection
Contact Information
For security-related inquiries:
Email: [email protected]
Security.txt: /.well-known/security.txt
Last updated: July 2025