This request is blocked by River Security policy (e.g. well-known enumeration like WordPress paths).
We appreciate vulnerabilities disclosed responsibly. If a report is in-scope and something we plan to fix, we may reward swag. No bounty for missing security headers, missing best practices, or features working as intended.