Netflix Content Safety Report
Standard profiles with maturity restrictions only filter content in the browse/search UI. Direct navigation to a title URL (e.g., /title/81287562) completely bypasses the maturity filter, exposing full TV-MA content details including title, description, episode list, and a functional Play button. A child sharing a link via text message or social media could access any mature content on the platform.
Affected profiles: TestChild12 (TV-PG), TestTeen16 (TV-14)
The /watch/ endpoint has ZERO maturity enforcement for any profile type, including Kids profiles. While the /title/ endpoint at least redirects Kids profiles, the /watch/ endpoint loads the video player for all profiles regardless of maturity settings. In a browser with Widevine DRM support, any child on any profile could play TV-MA content by navigating to a direct /watch/ URL. This is the most severe finding because it bypasses even the Kids profile's server-side protections.
Affected profiles: TestChild7 (Kids), TestChild12 (TV-PG), TestTeen16 (TV-14)
The 'Exit Kids' button on the Netflix Kids experience immediately exposes the full profile picker with no authentication barrier. Any unlocked profile can be accessed in a single additional click. While the TestAdult profile is PIN-protected, any standard profile (TestChild12, TestTeen16) without a PIN can be freely accessed.
Affected profiles: TestChild7 (Kids)
Cross-Profile Comparison
| Category | Child (7) | Child (12) | Teen (16) |
|---|---|---|---|
| Profile Esc.5x | 3 | -- | -- |
| Search5x | 0 | 0 | 0 |
| Direct URL3x | 3 | 3 | 3 |
| Kids Mode3x | 0 | -- | -- |
| Rec. Leak4x | 0 | 0 | 0 |
| X-Profile3x | -- | -- | -- |
| Rating Gaps2x | -- | -- | -- |
| PIN/Lock4x | -- | -- | -- |
| Maturity4x | -- | 0 | 0 |
| Overall Grade | A- | A | A |