1. Home
  2. Bug Bounty Programs
  3. Henkel
HackerOne · VDP

Henkel Vulnerability Disclosure Program

Complete guide to Henkel's vulnerability disclosure program on HackerOne. View in-scope assets, reward amounts, response times, and tips for finding vulnerabilities.

Program Overview

Henkel runs a vulnerability disclosure program on HackerOne. The program has 249 in-scope assets and is managed by HackerOne's triage team.

249
In-Scope Assets
1h
Avg Response
100%
Efficiency
10d
Avg Resolve

In-Scope Assets

AssetTypeMax SeverityEligible
*.academyofhairsalon.comWILDCARDCriticalNo Bounty
*.agorex.clWILDCARDCriticalNo Bounty
*.allyoucare-byhenkel.comWILDCARDCriticalNo Bounty
*.askteamclean.*WILDCARDCriticalNo Bounty
*.auth.eshop-henkel-adhesives.cnWILDCARDCriticalNo Bounty
*.authenticbeautyconcept.*WILDCARDCriticalNo Bounty
*.bloo.comWILDCARDCriticalNo Bounty
*.bonderite.*WILDCARDCriticalNo Bounty
*.canusacps.comWILDCARDCriticalNo Bounty
*.cascola.com.brWILDCARDCriticalNo Bounty
*.ceresit.*WILDCARDCriticalNo Bounty
*.cimsec.atWILDCARDCriticalNo Bounty
*.clubedocabelopro.com.brWILDCARDCriticalNo Bounty
*.colorsmith.ieWILDCARDCriticalNo Bounty
*.colorsmithco.caWILDCARDCriticalNo Bounty
*.combatbugs.comWILDCARDCriticalNo Bounty
*.concorsi.loctite-consumer.itWILDCARDCriticalNo Bounty
*.cs-nri.comWILDCARDCriticalNo Bounty
*.demert.comWILDCARDCriticalNo Bounty
*.demertbrands.comWILDCARDCriticalNo Bounty
*.detergente-mas.comWILDCARDCriticalNo Bounty
*.devacurl.comWILDCARDCriticalNo Bounty
*.devacurlpro.comWILDCARDCriticalNo Bounty
*.dhatec.nlWILDCARDCriticalNo Bounty
*.dialprofessional.comWILDCARDCriticalNo Bounty
*.dixan.itWILDCARDCriticalNo Bounty
*.donnad.itWILDCARDCriticalNo Bounty
*.dylon.seWILDCARDCriticalNo Bounty
*.easy-qote.comWILDCARDCriticalNo Bounty
*.easyqote.comWILDCARDCriticalNo Bounty
*.ecorend.co.ukWILDCARDCriticalNo Bounty
*.esalon.comWILDCARDCriticalNo Bounty
*.eshop-henkel-adhesives.cnWILDCARDCriticalNo Bounty
*.fester.com.mxWILDCARDCriticalNo Bounty
*.flamecontrol.comWILDCARDCriticalNo Bounty
*.fp-academy.inWILDCARDCriticalNo Bounty
*.fyfeco.comWILDCARDCriticalNo Bounty
*.glemvital.atWILDCARDCriticalNo Bounty
*.gliss.comWILDCARDCriticalNo Bounty
*.got2b.comWILDCARDCriticalNo Bounty
*.hairshop.hrWILDCARDCriticalNo Bounty
*.henkel-adhesives.cnWILDCARDCriticalNo Bounty
*.henkel-adhesives.comWILDCARDCriticalNo Bounty
*.henkel-cashback.deWILDCARDCriticalNo Bounty
*.henkel-consumer-brands.cnWILDCARDCriticalNo Bounty
*.henkel-loctite.bgWILDCARDCriticalNo Bounty
*.henkel-reiniger.deWILDCARDCriticalNo Bounty
*.henkel-researchers-world.cnWILDCARDCriticalNo Bounty
*.henkel-researchers-world.krWILDCARDCriticalNo Bounty
*.henkel.cnWILDCARDCriticalNo Bounty

Showing 50 of 249 in-scope assets. View all on HackerOne.

Tips for Hacking Henkel

  1. Read the policy — Understand what's in scope, out of scope, and any specific testing restrictions before you start.
  2. Enumerate the attack surface — Use subdomain enumeration and directory bruteforcing to map all accessible endpoints.
  3. Focus on high-impact bugs — Look for SQL injection, SSRF, and IDOR vulnerabilities first.
  4. Test authentication flows — Check for OAuth misconfigurations and CSRF in login/signup flows.
  5. Write clear reports — Include steps to reproduce, impact assessment, and suggested remediation. Use Burp Suite to capture evidence.

Frequently Asked Questions

How do I start hacking Henkel?

Sign up on HackerOne, read the program policy carefully, review the in-scope assets listed above, and start testing. Always stay within scope and follow responsible disclosure guidelines.

Does Henkel pay bounties?

No, Henkel runs a Vulnerability Disclosure Program (VDP) without monetary rewards. You may receive recognition or swag.

What types of vulnerabilities does Henkel accept?

Henkel accepts reports for vulnerabilities found in their 249 in-scope assets. Common accepted vulnerability types include XSS, SQL injection, SSRF, IDOR, authentication bypass, and RCE. Check the program policy for specific exclusions.

Similar Programs on HackerOne

Blend Labs

HackerOne · Bug Bounty · 1 assets

Stripchat

HackerOne · Bug Bounty · 2 assets

Myndr

HackerOne · VDP · 3 assets