GoodRx

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
com.goodrx GOOGLE_PLAY_APP_ID high high critical
Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx
com.goodrx.iphone APPLE_STORE_APP_ID high high high critical
iOS Download: https://itunes.apple.com/app/id485357017
gold.goodrx.com URL high high high critical
A credit card is required for a free 30 day trial, however you can cancel at any time within the website without having the need to talk to an actual human.
heydoctor.goodrx.com URL high high high critical
While this domain is in scope, please refrain from starting a doctor consultation and interacting with doctors for the sole sake of testing. Bounties are eligible for this host as it does handle live production traffic. Questions about acceptable scope for this host can be sent to: security@goodrx.com
m.goodrx.com URL high high high critical
www.goodrx.com URL high high high critical
This our primary site. No billing information is required to go through an account registration work-flow.
api.heydoctor.com URL high high high critical
All tickets that involve api.heydoctor.com must be tied to a request stemming from an action on heydoctor.goodrx.com.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
com.goodrx.doctors APPLE_STORE_APP_ID high high high none
iOS Download: https://itunes.apple.com/app/id1122105489
com.goodrx.doctors GOOGLE_PLAY_APP_ID high high high none
Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx.doctors
com.goodrx.gold APPLE_STORE_APP_ID high high high none
iOS Download: https://itunes.apple.com/app/id1249717355
com.goodrx.gold GOOGLE_PLAY_APP_ID high high high none
Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx.gold Gold workflow and features are being migrated into the primary GoodRx consumer app. Bounties for the Gold application must be replicated within the core GoodRx application to qualify for a bounty.
sso.identity.goodrx.com URL high high high none
This sub-domain is manged by Auth0. Bugs hosted on this domain would be covered by Auth0's bug bounty program and not GoodRx's.
support.goodrx.com URL none
This subdomain is managed by Zendesk. Any issues on this page would be covered by Zendesk's bug bounty program.
remote.goodrx.com OTHER none
Please do not conduct research on this hostname.
remote2.goodrx.com URL none
Please do not conduct research on this hostname.