Security Policy

Effective Date: 10.3.2025
Last Updated: 19.5.2025

At Files 4 Share, protecting our users and infrastructure is a core mission. This policy outlines our security practices, firewall implementation, vulnerability handling, and responsible disclosure process.

1. Custom Web Application Firewall (WAF)

  • Our in-house WAF protects against XSS, SQL Injection, CSRF, RCE, file upload abuse, and more.
  • It adds custom headers:
    • X-Protected-By: Files 4 Share
    • Server: Files 4 Share
    • X-WAF: Files 4 Share
  • Layered with strict CSP, 2FA, rate limiting, and IP monitoring.
  • Audited externally by ImmuniWeb, Cloudbric Labs, and tested for OWASP Top 10 compliance.

2. Secure Architecture

  • All traffic uses Sectigo SSL with HSTS and strict TLS settings.
  • Supports latest HTTPS protocols, including HTTP/2 and HTTP/3 (QUIC) for faster, more secure connections.
  • Post-Quantum TLS Ready: Experimental support for post-quantum encryption using ML-KEM (Kyber) for forward security against quantum threats.
  • Passwords are hashed using modern secure algorithms.
  • Critical operations require 2FA and secure session tokens.
  • All input is validated and sanitized server-side.

3. Responsible Disclosure

We welcome reports of potential vulnerabilities. Please contact us at: support@files4share.com

4. Out of Scope

  • Denial-of-Service (DoS) or brute-force tests
  • Spam or social engineering attacks
  • Attacks against third-party services not controlled by Files4Share

5. Standards & Compliance

  • PCI-DSS, NIST, HIPAA, and OWASP best practices

6. Trust & Testing

  • ImmuniWeb WebSec & SSL Labs
  • Cloudbric Labs WAFER Tests
  • Qualis. SSL Labs
  • Mozila Observatory
  • Security Headers by Snyk
  • Internal automated scanners weekly

7. Contact

Mozila Observatory Test Security Headers Test Cloudbric Labs WAF test ImmuniWeb Website Security Test Sectigo Trust Seal HTTP3 Test ImmuniWeb SSL Security Test Qualys SSL Labs Test
© 2025 Files 4 Share. All rights reserved. | files4share.com