Out of scope

Out of scope are trivial vulnerabilities or bugs that cannot be abused. The following is a non-exhaustive list of examples of these vulnerabilities:

• No authentication (anonymous access) for public FTP servers, especially mirrors for open-source projects.
• Disclosure of publicly available software or source code.
• HTTP 404 codes/pages or other HTTP non-200 codes/pages and Content Spoofing/Text Injection on these pages.
• Fingerprint and other ways to detect versions that are disclosed on common/public services.
• Missing limits on login attempts.
• Clickjacking and issues that are only exploitable through clickjacking.
• Lack of Secure/HTTP-Only flags on non-sensitive Cookies.
• OPTIONS HTTP method enabled.
• anything related to HTTP security headers, e.g.:
  • Strict-Transport-Security.
  • X-Frame-Options.
  • X-XSS-Protection.
  • X-Content-Type-Options.
  • Content-Security-Policy.
• SSL Configuration Issues:
  • SSL forward secrecy not enabled.
  • weak/insecure cipher suites.
• SPF, DKIM, DMARC issues.
• Host header injection.
• Reporting older versions of any software without proof of concept or working exploit.
• Information leakage in metadata.
• Systems and protocols that can be used in DDoS attacks.

Also, reports considered a beg bounty will not be processed nor responded to.