If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: docs.joinmastodon.org/dev/disclosure - Security issues and responsibl.

site address: docs.joinmastodon.org/dev/disclosure redirected to: docs.joinmastodon.org/dev/disclosure

site title: Security issues and responsible disclosure - Mastodon documentation

Our opinion (on Wednesday 08 July 2026 22:35:24 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:


page from cache: 1 hour ago
Meta tags:
description=What to do if you found a serious bug;

Headings (most frequently used words):

security, issues, and, responsible, disclosure, sponsored, by,

Text of the page (most frequently used words):
admin (13), mastodon (11), and (9), your (9), the (8), #security (7), you (5), #issues (5), that (4), report (4), instance (4), profile (4), account (4), api (4), oauth (4), with (4), using (4), source (3), vulnerability (3), code (3), github (3), should (3), not (3), public (3), bug (3), responsible (3), disclosure (3), search (3), preferences (3), apps (3), reports (3), accounts (3), setting (3), server (3), new (3), installation (2), other (2), for (2), issue (2), what (2), notificationpolicy (2), filter (2), quote (2), domainblock (2), notifications (2), trends (2), collections (2), domain_blocks (2), tokens (2), environment (2), implementing (2), posts (2), machine (2), installing (2), features (2), configuring (2), running (2), imprint, view, blog, join, sponsored, last, updated, september, 2025, improve, this, page, distributed, through, our, main, repository, vulnerabilities, are, specific, given, misconfiguration, reported, owner, such, spaces, give, time, publish, fix, without, exposing, users, increased, risk, provide, bounty, program, moment, believe, identified, allows, something, happen, shouldn, possible, either, send, joinmastodon, org, open, found, serious, webpushsubscription, translation, token, termsofservice, tag, suggestion, statussource, statusedit, status, shallowtag, shallowquote, scheduledstatus, rule, role, relationshipseveranceevent, relationship, reaction, quoteapproval, privacypolicy, previewcardauthor, previewcard, poll, notificationrequest, notificationfallback, notification, mediaattachment, marker, list, identityproof, filterstatus, filterresult, filterkeyword, featuredtag, featureapproval, familiarfollowers, extendeddescription, error, customemoji, conversation, context, collectionwithaccounts, collectionitem, collection, asyncrefresh, application, appeal, annualreport, announcement, measure, ipblock, emaildomainblock, domainallow, dimension, cohort, canonicalemailblock, accountwarning, entities, streaming, markers, lists, conversations, timelines, scheduled_statuses, polls, media, statuses, proofs, oembed, push, directory, custom_emojis, announcements, health, grouped, async_refreshes, emails, annual, retention, measures, ip_blocks, email_domain_blocks, domain_allows, dimensions, canonical_email_blocks, tags, suggestions, mutes, followed_tags, follow_requests, filters, featured_tags, favourites, endorsements, bookmarks, blocks, methods, rate, limits, scopes, guidelines, best, practices, datetime, formats, rest, bearcaps, microformats, webfinger, activitypub, spec, compliance, design, reference, creating, themes, css, styling, state, management, components, frontend, guide, routes, structure, dev, technical, overview, contributing, libraries, implementations, logging, obtaining, client, app, access, playing, data, getting, started, developing, roles, webhooks, database, index, corruption, troubleshooting, errors, moderation, actions, scaling, migrating, backing, upgrading, release, cli, single, sign, captcha, onion, services, object, storage, optional, full, text, from, preparing, own, official, ios, android, moving, leaving, externally, more, settings, set, promoting, yourself, others, dealing, unwanted, content, quoting, network, posting, signing, documentation,


Text of the page (random words):
security issues and responsible disclosure mastodon documentation what is mastodon using mastodon signing up for an account setting up your profile posting to your profile using the network features quoting other posts dealing with unwanted content promoting yourself and others set your preferences more settings using mastodon externally moving or leaving accounts official ios and android apps running your own server running mastodon preparing your machine installing from source configuring your environment configuring full text search installing optional features object storage onion services captcha single sign on setting up your new instance using the admin cli upgrading to a new release backing up your server migrating to a new machine scaling up your server moderation actions troubleshooting errors database index corruption webhooks roles developing mastodon apps getting started with the api playing with public data obtaining client app access logging in with an account libraries and implementations implementing quote posts implementing collections contributing to mastodon technical overview setting up a dev environment code structure routes security issues and responsible disclosure frontend guide components state management css and styling creating themes design tokens reference spec compliance activitypub webfinger security microformats oauth bearcaps rest api datetime formats guidelines and best practices oauth tokens oauth scopes rate limits api methods accounts blocks bookmarks domain_blocks endorsements favourites featured_tags filters follow_requests followed_tags mutes preferences reports suggestions tags admin accounts canonical_email_blocks dimensions domain_allows domain_blocks email_domain_blocks ip_blocks measures reports retention trends annual reports apps emails oauth async_refreshes collections grouped notifications health instance announcements custom_emojis directory trends notifications push oembed profile proofs search statuses media polls scheduled_statuses timelines conversations lists markers streaming api entities account accountwarning admin account admin canonicalemailblock admin cohort admin dimension admin domainallow admin domainblock admin emaildomainblock admin ip admin ipblock admin measure admin report announcement annualreport appeal application asyncrefresh collection collectionitem collectionwithaccounts context conversation customemoji domainblock error extendeddescription familiarfollowers featureapproval featuredtag filter filterkeyword filterresult filterstatus identityproof instance list marker mediaattachment notification notificationfallback notificationpolicy notificationrequest poll preferences previewcard previewcardauthor privacypolicy profile quote quoteapproval reaction relationship relationshipseveranceevent report role rule scheduledstatus search shallowquote shallowtag status statusedit statussource suggestion tag termsofservice token translation v1 filter v1 instance v1 notificationpolicy webpushsubscription security issues and responsible disclosure what to do if you found a serious bug if you believe you ve identified a security vulnerability in mastodon a bug that allows something to happen that shouldn t be possible you should either open a security issue on github or send the report to security joinmastodon org we do not provide a bug bounty program at the moment you should not report such issues on public github issues or in other public spaces to give us time to publish a fix for the issue without exposing mastodon s users to increased risk a vulnerability in mastodon is a vulnerability in the code distributed through our main source code repository on github vulnerabilities that are specific to a given installation e g misconfiguration should be reported to the owner of that installation and not us last updated september 29 2025 improve this page sponsored by join mastodon blog view source cc by sa 4 0 imprint
Images from subpage: "docs.joinmastodon.org/entities/FilterStatus/" Verify
Images from subpage: "docs.joinmastodon.org/entities/IdentityProof/" Verify
Images from subpage: "docs.joinmastodon.org/entities/Instance/" Verify
Images from subpage: "docs.joinmastodon.org/entities/List/" Verify
Images from subpage: "docs.joinmastodon.org/entities/Marker/" Verify

Verified site has: 190 subpage(s). Do you want to verify them? Verify pages:

1-5 6-10 11-15 16-20 21-25 26-30 31-35 36-40 41-45 46-50
51-55 56-60 61-65 66-70 71-75 76-80 81-85 86-90 91-95 96-100
101-105 106-110 111-115 116-120 121-125 126-130 131-135 136-140 141-145 146-150
151-155 156-160 161-165 166-170 171-175 176-180 181-185 186-190


The site also has references to the 2 subdomain(s)

  joinmastodon.org  Verify   blog.joinmastodon.org  Verify


Top 50 hastags from of all verified websites.

Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

Header

HTTP/2 301
server GitHub.com
content-type text/html
location htt????/docs.joinmastodon.org/dev/disclosure/
access-control-allow-origin *
strict-transport-security max-age=31556952
expires Wed, 08 Jul 2026 21:10:58 GMT
cache-control max-age=600
x-proxy-cache MISS
x-github-request-id C142:31B2A6:90BCBA:9208C5:6A4EBA8A
accept-ranges bytes
age 0
date Wed, 08 Jul 2026 21:00:58 GMT
via 1.1 varnish
x-served-by cache-rtm-ehrd2290048-RTM
x-cache MISS
x-cache-hits 0
x-timer S1783544458.178895,VS0,VE105
vary Accept-Encoding
x-fastly-request-id 79e480d76169b046681d2198c3275938b585c08f
content-length 162
HTTP/2 200
server GitHub.com
content-type text/html; charset=utf-8
last-modified Wed, 08 Jul 2026 12:39:28 GMT
access-control-allow-origin *
strict-transport-security max-age=31556952
etag W/ 6a4e4500-4267
expires Wed, 08 Jul 2026 20:47:26 GMT
cache-control max-age=600
content-encoding gzip
x-proxy-cache MISS
x-github-request-id 2F56:2DA9F9:89F889:8B31C7:6A4EB505
accept-ranges bytes
age 0
date Wed, 08 Jul 2026 21:00:58 GMT
via 1.1 varnish
x-served-by cache-rtm-ehrd2290048-RTM
x-cache HIT
x-cache-hits 0
x-timer S1783544458.296116,VS0,VE109
vary Accept-Encoding
x-fastly-request-id 4eb91475ce40568e670121bb84464797cc66ce08
content-length 4857

Meta Tags

title="Security issues and responsible disclosure - Mastodon documentation"
charset="utf-8"
name="viewport" content="width=device-width,initial-scale=1"
property="og:type" content="article"
property="og:url" content="htt????/docs.joinmastodon.org/dev/disclosure/"
name="description" content="What to do if you found a serious bug"
property="og:description" content="What to do if you found a serious bug"
name="twitter:site" content="@joinmastodon"

Load Info

page size16999
load time (s)0.383437
redirect count1
speed download12681
server IP 185.199.109.153
* all occurrences of the string "http://" have been changed to "htt???/"