Security

Last updated: March 15, 2026

The security of this site and the privacy of its users is important to us. We welcome responsible disclosure of security vulnerabilities from security researchers, developers, and members of the public.

This page describes our responsible disclosure policy — how to report a vulnerability, what falls within scope, and how we will respond. We ask that you follow these guidelines when investigating and reporting potential security issues.

Reporting a vulnerability

If you have discovered a security vulnerability, please report it to us by email. Do not disclose the vulnerability publicly until we have had a reasonable opportunity to investigate and address it.

contact@freeonlinenosignup.com

Please include "Security Vulnerability Report" in the subject line and provide as much of the following as possible:

  • A clear description of the vulnerability and its potential impact
  • The URL, endpoint, or component affected
  • Step-by-step instructions to reproduce the issue
  • Any proof-of-concept code, screenshots, or request/response examples
  • Your name or handle if you would like to be credited (optional)

Scope

The following are considered in scope for responsible disclosure:

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Server-side injection vulnerabilities (SQL injection, command injection, etc.)
  • Authentication or authorisation bypass
  • Sensitive data exposure or information leakage
  • Security misconfigurations that could be exploited by an attacker
  • Open redirects that could be used in phishing attacks
  • Insecure direct object references
  • Remote code execution

Out of scope

The following are considered out of scope and will not be accepted as valid vulnerability reports:

  • Denial of service (DoS or DDoS) attacks or testing
  • Brute force attacks against any part of the site
  • Automated scanning without prior written permission
  • Social engineering or phishing attacks targeting our users or staff
  • Physical security issues
  • Vulnerabilities in third-party services, libraries, or infrastructure not directly under our control — please report these to the relevant vendor
  • Missing security headers that do not present a demonstrable, exploitable vulnerability in this specific context
  • Theoretical vulnerabilities without a working proof of concept or demonstrated impact
  • Issues that require the user to have already compromised their own device or browser

What to expect

When you submit a vulnerability report, here is what you can expect from us:

1

Acknowledgement

We will acknowledge receipt of your report within 3 business days.

2

Investigation

We will investigate the report and assess the validity and severity of the issue. We may follow up with questions if we need more information.

3

Resolution

For confirmed vulnerabilities, we will work to resolve the issue as quickly as possible, prioritising based on severity. We will keep you informed of our progress.

4

Disclosure

Once the issue is resolved, we are happy to coordinate public disclosure with you if you wish. We ask that you allow us a reasonable remediation period before publishing any details.

Our commitments

When you report a vulnerability in good faith and in accordance with this policy, we commit to:

  • Not pursuing legal action against you in connection with your research
  • Treating your report confidentially and not sharing your personal details without your consent
  • Keeping you informed of the status of the issue
  • Crediting you for the discovery if you wish and if the issue is confirmed
  • Working to address confirmed vulnerabilities in a timely manner

We ask in return that you do not access, modify, or delete data that is not your own; do not disrupt the availability of the site; and do not perform testing on accounts or data belonging to other users.

Contact

For general questions about this policy that are not vulnerability reports, use the contact page. For non-security bug reports, use the report issue page.