We take the security of Agentic Stealth Browser seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via GitHub Security Advisory.

You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

When using this framework in production:

1. Never commit cookies or session data — Use encrypted cookie storage (save_cookies_to_file(encrypt=True))
2. Rotate proxy credentials — Use environment variables, never hardcode in source
3. Enable audit logging — All actions should be logged for forensic analysis
4. Use region-aligned TLS profiles — Mismatched fingerprints are a primary detection vector
5. Always warm up sessions — Cold sessions are flagged by anti-bot systems
6. Isolate accounts — Never share proxies or browser contexts across accounts
7. Keep dependencies updated — Regularly update Playwright and Python dependencies

• TLS fingerprint spoofing is limited to browser launch arguments; true ClientHello manipulation requires lower-level network stack access
• This framework is designed for legitimate automation use cases; misuse may violate terms of service of target websites

We follow a 90-day disclosure timeline. We will work with you to understand and resolve the issue before any public disclosure.