Here we maintain a list of security researchers and their findings, to recognize them for having
responsibly disclosed security issues to us in the past.
If you think you've found a security issue relating to our apps or infrastructure, please see
our Cloud Security Statement on how to report it to
us.
Reported a missing Content Security Policy (CSP). Classified as Low
/ Informational since the site only serves static content without user input or cookies.
Reported the absence of an MTA-STS record. Encryption is already
enforced by default; strict MTA-STS was not implemented to maintain compatibility.
Discovered a missing X-Frame-Options header which means that this
website could be at risk of a clickjacking attack.
Discovered the absence of DMARC records that could allow spoofing of
our email domain.