Legal
Security
Last updated: May 13, 2026
Application protections
Dokven sets baseline browser security headers, validates scan targets, blocks private IP targets, and rejects cross-site API requests where browser origin signals are available.
Artifact access
Automation artifacts must be protected by authentication and ownership checks before production launch. Temporary local artifacts are not a production storage model.
Responsible disclosure
Security reports should include the affected URL, reproduction steps, impact, and any supporting screenshots or logs. Do not include secrets in report attachments.