# Exclude Files from HackerOne Review

You may wish to restrict certain files/directories from ever being reviewed by or visible to engineers in the HackerOne reviewer network.

This can be done by adding a `.pullrequestignore` configuration file to the root directory of your repository.

The formatting and behavior is nearly identical to a conventional [**gitignore**](https://git-scm.com/docs/gitignore). When a pull or merge request is sent to our network to be reviewed, and files involved in the code changes that meet restriction criteria will be *excluded* in the diff sent to us.

{% hint style="info" %}
If **all** **files** involved in a pull or merge request is restricted per rules defined in the `.pullrequestignore`, it will not be sent to the network to be reviewed at all.
{% endhint %}

## Example

A repository contains the following rules defined in  `.pullrequestignore`:

```
packages/legacy-service/*
*.html
```

And a pull request is opened involving changes to the following files:

* `packages/new-service/Helpers.js`
* `packages/legacy-service/Helpers.js`
* `src/frontend/about.html`
* `src/components/Routes/Authentication.jsx`

Here's what would be visible to HackerOne reviewers:

| FILE                                       | EXPOSURE       |
| ------------------------------------------ | -------------- |
| `packages/new-service/Helpers.js`          | ✔️  VISIBLE    |
| `packages/legacy-service/Helpers.js`       | ⛔  NOT VISIBLE |
| `src/frontend/about.html`                  | ⛔  NOT VISIBLE |
| `src/components/Routes/Authentication.jsx` | ✔️  VISIBLE    |