Netlify icon Netlify HackerOne

Target Policy
https://hackerone.com/netlify?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • www.netlifycms.org
    URL
    low
  • internal-docs.netlify.com
    URL
    medium
  • netlify-cdp-loader.netlify.app

    Powers this feature: https://docs.netlify.com/site-deploys/deploy-previews/#collaborative-deploy-previews.

    URL
    critical
  • answers.netlify.com
    URL
    none
  • netlify-rum.netlify.app
    URL
    medium
  • http://*.services.netlify.com
    WILDCARD
    critical
  • http://*.services-prod.nsvcs.net
    WILDCARD
    critical
  • http://*.infra-prod.nsvcs.net
    WILDCARD
    critical
  • http://*.ops.netlify.com
    WILDCARD
    critical
  • http://*.onegraph.com

    As of December 28, 2022 this feature is no longer available for Netlify users who have not yet enabled it. See https://docs.netlify.com/netlify-labs/experimental-features/netlify-graph/get-started/.

    WILDCARD
    high
  • *.netlify.com

    Except for the in scope subdomains listed as in scope.

    WILDCARD
    none
  • *.onegraph.com

    As of December 28, 2022 this feature is no longer available for Netlify users who have not yet enabled it. See https://docs.netlify.com/netlify-labs/experimental-features/netlify-graph/get-started/.

    WILDCARD
    high
  • docs.netlify.com
    URL
    none
  • list-v2--netlify-plugins.netlify.app

    Powers templates offered by app.netlify.com. See: https://www.netlify.com/integrations/templates/.

    URL
    medium
  • webpop.com

    This is an old asset and will be deprecated in the near future.

    URL
    none
  • *.netlify.app

    Except for the in scope subdomains listed as in scope.

    WILDCARD
    none
  • www.netlify.com

    This is Netlify's marketing website.

    URL
    none
  • supportal.netlify.app
    URL
    medium
  • screenshot-proxy.netlify.app
    URL
    medium
  • *.services-prod.nsvcs.net
    WILDCARD
    critical
  • *.ops.netlify.com
    WILDCARD
    critical
  • internal.netlify.com
    URL
    critical
  • *.services.netlify.com
    WILDCARD
    critical
  • *.infra-prod.nsvcs.net
    WILDCARD
    critical
  • api.netlify.com

    `netlify api --list` after installing the CLI: https://docs.netlify.com/cli/get-started/. See also https://open-api.netlify.com/.

    URL
    critical
  • app.netlify.com

    See https://docs.netlify.com/get-started/. Also `netlify init` after installing the CLI: https://docs.netlify.com/cli/get-started/.

    URL
    critical
Target Scope Domains
  • api.netlify.com
  • app.netlify.com
  • infra-prod.nsvcs.net
  • internal-docs.netlify.com
  • internal.netlify.com
  • list-v2--netlify-plugins.netlify.app
  • netlify-cdp-loader.netlify.app
  • netlify-rum.netlify.app
  • onegraph.com
  • ops.netlify.com
  • screenshot-proxy.netlify.app
  • services-prod.nsvcs.net
  • services.netlify.com
  • supportal.netlify.app
  • www.netlifycms.org
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kxss
allkxss
1 year, 1 month ago
Finished
auto-gausubs-2-kxss
  • Fleet: allkxss
  • Duration: 23.45 Minutes
  • Finished: 1 year, 1 month ago