Security Policy

Multi-layered security protecting contact information while maintaining accessibility for legitimate users and search engines.

Protection Layers

1. Server-Side Only Contact Info

Contact information stored in server env vars and only delivered through protected API endpoints after Cloudflare Turnstile CAPTCHA verification - never embedded in static HTML/JavaScript bundles.

2. Bot Detection & Rate Limiting (`/middleware.ts` changed to `/proxy.ts` - NextJS 16 practices)

Blocks suspicious user agents (curl, wget, generic scrapers)
Allows search engines and social media preview bots
30 req/min per IP (100 req/min for Googlebot)
Security headers: CSP, X-Frame-Options, X-Content-Type-Options

Limitations

Cannot prevent determined attackers with headless browsers, human scrapers, screenshot bots, or distributed proxy attacks.

Reporting

To report security vulnerabilities, please open a GitHub issue or contact via the site.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security

SECURITY.md

Security Policy

Protection Layers

1. Server-Side Only Contact Info

2. Bot Detection & Rate Limiting (`/middleware.ts` changed to `/proxy.ts` - NextJS 16 practices)

Limitations

Reporting

There aren’t any published security advisories

Security: olliegilbey/resumate

Security

SECURITY.md

Security Policy

Protection Layers

1. Server-Side Only Contact Info

2. Bot Detection & Rate Limiting (/middleware.ts changed to /proxy.ts - NextJS 16 practices)

Limitations

Reporting

There aren’t any published security advisories

2. Bot Detection & Rate Limiting (`/middleware.ts` changed to `/proxy.ts` - NextJS 16 practices)