Scan isolation
Tokens are restricted to one registered public origin. Scan jobs cannot be read through another installation identity.
Security
ACookies does not distribute a shared scanner password. Managed scanning uses expiring, site-scoped access tokens and job ownership checks.
Tokens are restricted to one registered public origin. Scan jobs cannot be read through another installation identity.
The scanner rejects local, private, link-local, metadata, redirect, and private subresource targets.
Administrative actions require capabilities and nonces. Public output is escaped and stored inputs are sanitized.
Report a suspected vulnerability privately through the contact route at Accomplice. Do not include live credentials in an initial report.