Security
PRCritic applies layered protections for authentication, webhook integrity, and abuse prevention.
- Signed webhook verification for GitHub and Stripe.
- Token verification for GitLab webhooks.
- Replay protection using delivery deduplication.
- Rate limiting on public webhook endpoints.
- Security headers (CSP, HSTS, frame protections) on all routes.
- Isolated worker queue for asynchronous processing.
Report security issues via the contact page with subject line Security Report.
Back to home