Security

Please see this page for more info about our policies and procedures related to security, as well our compliance information.

Authenticating requests from Honeybadger

Requests sent from Honeybadger servers for source maps, web hooks, and uptime checks include the header Honeybadger-Token which is a secret token derived from your api key. The Honeybadger token may be used to authenticate the request (note that this token will change if you reset your project API key):

Honeybadger-Token: your-token

You can find your token on the API Key tab in project settings.

Firewalls

To use Honeybadger behind a firewall, you’ll need to configure your firewall to allow connections to our servers. Here’s the list:

For exception monitoring

Whitelist the following IPs for outgoing traffic:

  • 34.196.34.99
  • 34.195.239.200
  • 34.193.240.253
  • 34.225.218.213
  • 52.5.3.101

For webhooks, sourcemaps, and uptime monitoring

We use a dynamic range of IPs for outbound requests to your servers. Please use the Honeybadger-Token header, described above, to authenticate requests coming from our servers.

Reporting Issues

If you’ve noticed a possible security issue, please let us know at security@honeybadger.io. Please note that we do not pay bounties for vulnerability reports.

Hall of Fame

We’d like to thank the following people for helping us keep Honeybadger secure:

  • Manish Bhattacharya
  • Jayson Zabate
  • Aditya Agrawal
  • Evan Ricafort
  • Osanda Malith Jayathissa
  • Madhu Akula
  • Abdul Wasay
  • Shivam Kumar Agarwal
  • Sumit Sahoo
  • Adam Enger
  • Sajibe Kanti
  • Md. Nur A Alam Dipu
  • Pethuraj M
  • Tinu Tomy
  • Hariharan.S
  • Anil Tom
  • Pranshu Tiwari
  • Ranjeet Kumar Singh
  • Vikas Srivastava
  • Pankaj Kumar Thakur
  • Pratik Vinod Yadav
  • Mrunal Chawda
  • Bharat
  • Gaurav Solanki
  • Mahendra Purbia
  • Aditya Soni
  • Kunal Mhaske
  • Suresh Kumar
  • Agrah Jain
  • Ome Mishra
  • Dhanu Maalaian