Security Policy | Rasoul Unlimited

Responsible vulnerability disclosure

Report vulnerability

Security Disclosure Policy

This website is hosted on GitHub Pages and delivered through Cloudflare for enhanced speed and protection. A strict Content Security Policy is enforced via Cloudflare to keep visitors safe.

Keeping our users and data secure is a priority. This policy encourages responsible collaboration and timely remediation of vulnerabilities.

Loading policy expiry…

Content Security Policy

A sample CSP configuration enforced via Cloudflare:

default-src 'self' blob:;
            script-src 'self' https://cdn.tailwindcss.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.cloudflareinsights.com https://giscus.app 'nonce-RasoulCSP';
            style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'nonce-RasoulCSP';
            style-src-attr 'self' 'nonce-RasoulCSP';
            style-src-elem 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://giscus.app;
            font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com;
            img-src 'self' data: https://avatars.githubusercontent.com;
            connect-src 'self' https://static.cloudflareinsights.com https://giscus.app https://api.github.com https://orcid.org https://about.me https://www.researchgate.net https://www.linkedin.com https://github.com;
            frame-src https://giscus.app;
            object-src 'none';
            base-uri 'self';
            form-action https://formspree.io 'self';
            frame-ancestors 'self';

Reporting Issues

If you discover a security issue, please email [email protected] .

Allow reasonable time for investigation before any public disclosure.

Brief description and location
Steps to reproduce or PoC
Contact information
Severity/impact
Relevant environment/configuration
Links or screenshots if helpful

Secure communication

Use my PGP public key to encrypt communications.

The key is available on Keybase.
Download the PGP key
Verify the fingerprint D483 4991 882E 7EC4 4187 40AC 1CAF 52B8 DB95 F6FE before use.
After importing the key, encrypt your message and send it to [email protected] .

Scope

Security testing is only permitted on the following domain:

rasoulunlimited.ir

Responsible Disclosure Process

We acknowledge receipt of reports within 48 hours.
Depending on severity, fixes or mitigation plans are communicated within 30 days.
If you wish, we can credit you on our security acknowledgments page.
See the canonical policy in security.txt.

Testing Guidelines

Only perform non-destructive testing and avoid affecting real data or other users.

Please ensure all activity complies with applicable laws.

Security Timeline

2025-05-16

Website launched

Initial release with a focus on performance and safety.

2025-05-25

Integrated with Cloudflare

Enhanced speed and security via Cloudflare CDN.

2025-06-01

Strict CSP enforced

Implemented tighter policies to prevent web attacks.

Security Advisories

The latest security notices are published on GitHub Security Advisories.

thorough biography