Responsible Disclosure Policy

We are committed to ensuring the privacy and safety of our users. If you think that you have discovered a security vulnerability on our web site or within our mobile apps, we appreciate your help in disclosing the issue to us. Please do this responsibly by giving us the opportunity to investigate and fix the vulnerability in a timely fashion before publicly disclosing it. Security vulnerability reports will be treated as high priority. We will validate and fix vulnerabilities in accordance with our commitment to security and privacy.

Please provide the following details to help us address and resolve your findings:

  • Describe the vulnerability (e.g., XSS on hotel results page) you have discovered and if possible, share instructions to help us reproduce it.
  • Tell us about your environment (e.g., browser product and version, operating system, mobile app platform, app version, device model).
  • If possible, attach a screenshot.
  • Send all information to vulnerability-report@kayak.com.

Exceptions from this Policy

General questions related to KAYAK are handled by our Customer Support team – for questions, comments or feedback, click here.