Security
Please see this page for more info about our policies and procedures related to security, as well our compliance information.
Authenticating requests from Honeybadger
Requests sent from Honeybadger servers for source maps, web hooks, and
uptime checks include the header Honeybadger-Token which is a secret token
derived from your api key. The Honeybadger token may be used to authenticate the
request (note that this token will change if you reset your project API key):
Honeybadger-Token: your-token
You can find your token on the API Key tab in project settings.
Firewalls
To use Honeybadger behind a firewall, you'll need to configure your firewall to allow connections to our servers. Here's the list:
For exception monitoring
Whitelist the following IPs for outgoing traffic:
- 34.196.34.99
- 34.195.239.200
- 34.193.240.253
- 34.225.218.213
- 52.5.3.101
For webhooks, sourcemaps, and uptime monitoring
We use a dynamic range of IPs for outbound requests to your servers. Please use the Honeybadger-Token header, described above, to authenticate requests coming from our servers.
Reporting Issues
If you've noticed a possible security issue, please let us know at security@honeybadger.io. Please note that we do not pay bounties for vulnerability reports.
Hall of Fame
We'd like to thank the following people for helping us keep Honeybadger secure:
- Manish Bhattacharya
- Jayson Zabate
- Aditya Agrawal
- Evan Ricafort
- Osanda Malith Jayathissa
- Madhu Akula
- Abdul Wasay
- Shivam Kumar Agarwal
- Sumit Sahoo
- Adam Enger
- Sajibe Kanti
- Md. Nur A Alam Dipu
- Pethuraj M
- Tinu Tomy
- Hariharan.S
- Anil Tom
- Pranshu Tiwari
- Ranjeet Kumar Singh
- Vikas Srivastava
- Pankaj Kumar Thakur
- Pratik Vinod Yadav
- Mrunal Chawda
- Bharat
- Gaurav Solanki
- Mahendra Purbia
- Aditya Soni
- Kunal Mhaske
- Suresh Kumar
- Agrah Jain
- Ome Mishra
- Dhanu Maalaian
- Bilal Abdul Muqeet
- Shaikh Sameer