How to Report
Please include the following information in your report to help us understand and address the issue effectively:

A clear and detailed description of the vulnerability or security issue

Steps to reproduce the issue (including URLs, HTTP requests/responses, or screenshots)

Any proof-of-concept code, if available

An assessment of the potential impact of the vulnerability
The following types of findings are not classified as security vulnerabilities:

Non-Sensitive Cookie Attributes:
Security-related attributes on cookies are applied to enhance protection, but their absence on cookies that do not handle sensitive data is not considered a security risk.

HTTP Header Configuration:
Use of headers such as X-Frame-Options, Content Security Policy (CSP), or X-Content-Type-Options (nosniff) are regarded as a security best practice rather than a vulnerability.

Stack Trace Exposure: Stack traces, when displayed, are not inherently treated as security issues. However, if a stack trace reveals personally identifiable information please submit a detailed report so it can be reviewed.
If you have questions about these guidelines or believe you have identified a more significant concern, please contact our security team for clarification.