Netflix
Top 100 siteBounty RecognitionPartial Safe Harbor
Program Details
- Handle
- netflix
- Managed
- Yes
Response Metrics
- Response Time
- 3 days
- Bounty Time
- 26 days
- Resolution Time
- 2509 days
Response Efficiency
99%
Scope (30 targets)
web: 17 mobile: 2 other: 11 In Scope
- *.nflxext.com web bounty-eligible
- *.nflximg.net web bounty-eligible
- *.nflxso.net web bounty-eligible
- *.nflxvideo.net web bounty-eligible
- *.prod.cloud.netflix.com web bounty-eligible
- *.prod.dradis.netflix.com web bounty-eligible
- *.prod.ftl.netflix.com web bounty-eligible
- Affiliates or entities such as recently acquired companies other recognition only
- Content Authorization Targets other bounty-eligible
- Content authorization vulnerabilities affecting only the in-browser player other recognition only
- Corporate Assets other bounty-eligible
- Low impact, individually exposed Google Docs with no common root cause (see “Publicly accessible Google Document or Drive Links” in the “Corporate Targets” section) other recognition only
- Microsites other bounty-eligible
- Netflix Gaming Target other recognition only
- Netflix Mobile Application for Android mobile bounty-eligible
- Netflix Mobile Application for iOS mobile bounty-eligible
- Open Source - Atlas other bounty-eligible
- Open Source - Spectator other bounty-eligible
- Open Source - Zuul other bounty-eligible
- Secondary Assets other bounty-eligible
- and 10 more targets
Out of Scope
Assets associated with ReadyPlayerMe , Open Source - Consoleme, Open Source - Dispatch, Open Source - Weep, Set-top-boxes, smart TVs, streaming sticks Out of Scope, Third party websites or systems hosted by non-Netflix entities Out of Scope, ir.netflix.com, ir.netflix.net, netflixinvestor.com
security.txt
- Contact
- https://hackerone.com/netflix
- Policy
- https://hackerone.com/netflix
- Hiring
- https://jobs.netflix.com/
- Acknowledgments
- https://hackerone.com/netflix/thanks
- Expires
- Jan 1, 2027