46830 policies in database
Link to program      
StopTheHacker logo


StopTheHacker + CloudFlare

StopTheHacker is part of the CloudFlare __family. Before submitting an issue to us, please make certain you have read CloudFlare's Vulnerability Disclosure Policy.


Any domains accessible under *.stopthehacker.com are in scope for the program.

Eligibility and Disclosure

In order for your submission to be eligible:

All legitimate reports will be reviewed and assessed by our security team to determine if it is eligible.


For each eligible vulnerability report, the reporter will receive:

  • Recognition on our Hall of Fame.
  • A limited edition CloudFlare bug hunter t-shirt. CloudFlare employees don't even have this shirt. It's only for you all. Wear it with pride: you're part of an exclusive group.
  • 12 months of CloudFlare's Pro or 1 month of Business service on us.

Monetary compensation is not offered under the program.


The following conditions are out of scope for the vulnerability disclosure program. Any of the activities below will result in disqualification from the program permanently.

  • Automated vulnerability scanners are not permitted.
  • Physical attacks against StopTheHacker employees, offices, and data centers.
  • Social engineering of StopTheHacker employees, contractors, vendors, or service providers.
  • Knowingly posting, transmitting, uploading, linking to, or sending any malware.
  • Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
  • Any vulnerability obtained through the compromise of a StopTheHacker customer or employee accounts. If you need to test a vulnerability, please create an account.
  • Being an individual on, or residing in any country on, any U.S. sanctions lists.

This program have been found on Hackerone on 2014-04-24.

FireBounty © 2015-2024

Legal notices | Privacy policy