If you discover a security vulnerability in CloudCounter, please report it responsibly.
Please do NOT open a public GitHub issue for security vulnerabilities.
Instead, please send an email or open a private security advisory:
- GitHub Security Advisory: Go to the Security tab and click "Report a vulnerability"
- Email: Contact the maintainer directly
When reporting a vulnerability, please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (if available)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Resolution timeline: Depends on severity, typically 30-90 days
CloudCounter is designed with privacy in mind:
- No cookies: Session tracking uses hashed IP + User-Agent, not cookies
- No PII storage: Personal data is hashed, not stored in plaintext
- Dashboard protection: Password-protected access to analytics data
- Edge deployment: Runs on Cloudflare's edge infrastructure with built-in DDoS protection
- Use a strong dashboard password: Set via
wrangler secret put DASHBOARD_PASSWORD - Keep dependencies updated: Regularly run
npm update - Use HTTPS: Cloudflare Pages provides this automatically
- Review access: Only share dashboard credentials with authorized users
| Version | Supported |
|---|---|
| 1.x | ✅ |
We appreciate security researchers who help keep CloudCounter safe. Contributors who report valid vulnerabilities will be acknowledged (with permission) in release notes.