Company type
Large enterprise
$25,000 fixed amount

Security is a top priority at Pornhub. We strive to work with skilled security researchers to improve the security of our service. If you believe you've found a security bug in the services listed in our scope, we will be happy to work with you to resolve the issue promptly and ensure you are fairly rewarded for your discovery.ScopeAt this time, the scope of this program is limited to security vulnerabilities found on the Pornhub website. Vulnerabilities reported on other properties or applications are currently not eligible for monetary reward (as they come into scope, they will be added to this section).

For account access issues or visual layout and website functionality bugs, please work with our Customer Support which will resolve those issues independently.


You will qualify for a reward only if you are the first person to responsibly disclose an unknown issue. The Pornhub security team has 30 days to respond to the report, and up to 90 days to implement a fix base on the severity of the report.Please allow for this process to fully complete before attempting to contact us again. Note that posting details or conversations about the report or posting details that reflect negatively on the program and the Pornhub brand, will result in immediate removal from the program.Any vulnerability found must be reported no later than 24 hours after discovery.You are not allowed to disclose details about the vulnerability anywhere else.You must avoid tests that could cause degradation or interruption of our service.You must not leak, manipulate, or destroy any user data.You are only allowed to test against accounts you own yourself.The use of automated tools or scripted testing is not allowed.


Pornhub may provide rewards to eligible reporters of qualifying vulnerabilities. Our minimum reward is $50 USD, and our maximum rewards is $25,000 USD. Reward amounts may vary depending upon the severity of the vulnerability reported.Pornhub reserves the right to decide if the minimum severity threshold is met and whether it was previously reported. Rewards are granted entirely at the discretion of Pornhub. To qualify for a reward under this program, you should:

Be the first to report a vulnerability.

Send a clear textual description of the report along with steps to reproduce the vulnerability.Include attachments such as screenshots or proof of concept code as necessary.Disclose the vulnerability report directly and exclusively to us.Note: Payments are made through HackerOne only.

Exceptions & Rules

Our bug bounty program is limited strictly to technical security vulnerabilities of Pornhub services listed in the scope. Any activity that would disrupt, damage or adversely affect any third-party data or account is not allowed.

The following are strictly prohibited:

  • Denial of Service attacks.
  • Physical attacks against offices and data centers.
  • Social engineering of our service desk, employees or contractors.
  • Compromise of a Pornhub users or employees account.
  • Automated tools or scans, botnet, compromised site, end-clients or any other means of large automated exploitation or use of a tool that generates a significant volume of traffic.

Additionally, the following vulnerabilities will not be considered for bounty:

  • Cross site request forgery (CSRF)
  • Cross domain leakage
  • Information disclosure
  • XSS attacks via POST requests
  • Missing SPF or DMARC records
  • HttpOnly and Secure cookie flags
  • HTTPS related (such as HSTS)
  • Session timeout
  • Missing X-Frame or X-Content headers
  • Click-jacking
  • Rate-limiting
  • Downloading video

You are responsible for paying any taxes associated with rewards. We reserve the right to modify the terms of this program or terminate this program at any time. You must comply with all applicable laws in connection with your participation in this program.

Thank you for helping keep Pornhub safe!

Get Opportunity