The program don’t accept any kind of csrf vulnerability and Their response time is very very bad.
Normally most of the program mention in the out of scope that csrf on unauthenticated endpoint or with no impact is out of scope, But csrf with impact is in scope. In wayfair they don’t accept any csr
Platform: HackerOne | Severity: medium | Type: ignored
Reported by: Anonymous