HTTP/2 200
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-backend-server: bedrock-6594f89b97-prwkf.gcp-us-west1
strict-transport-security: max-age=31536000
content-language: en-US
expires: Thu, 02 Oct 2025 01:39:30 GMT
etag: "61a1790c8641ffa64b8066b4cd2b937e"
x-frame-options: DENY
x-clacks-overhead: GNU Terry Pratchett
cache-control: max-age=600
server: granian
content-security-policy-report-only: style-src 'self' www.mozilla.org; font-src 'self' www.mozilla.org; frame-ancestors 'none'; base-uri 'none'; object-src 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; default-src 'self' *.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; upgrade-insecure-requests
content-type: text/html; charset=utf-8
content-security-policy: style-src 'self' 'unsafe-inline' www.mozilla.org; font-src 'self' www.mozilla.org; frame-ancestors 'none'; base-uri 'none'; object-src 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; default-src 'self' *.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; upgrade-insecure-requests
x-content-type-options: nosniff
content-encoding: gzip
accept-ranges: bytes
age: 0
date: Thu, 02 Oct 2025 01:29:31 GMT
x-served-by: cache-bom-vanm7210029-BOM, cache-bom-vanm7210065-BOM
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1759368571.636346,VS0,VE489
vary: Accept-Encoding
content-length: 6943
Web and Services Bug Bounty Program — Mozilla
Help us improve your Mozilla experience
In addition to Cookies necessary for this site to function, we’d like your permission to set some additional Cookies to better understand your browsing needs and improve your experience. Rest assured — we value your privacy.
Accept All Additional Cookies
Reject All Additional Cookies
Cookie settings
Web and Services Bug Bounty Program
Introduction
The Mozilla Bug Bounty Program is designed to encourage security research into Mozilla's websites and services and to reward those who find unique and original bugs in our web infrastructure.
We have migrated our web bug bounty program to HackerOne. Please visit our policy page to learn more and to submit reports. Mozilla HackerOne Program
