Security Hall of Fame

Security Hall of Fame

Here we maintain a list of security researchers and their findings, to recognize them for having responsibly disclosed security issues to us in the past.

If you think you've found a security issue relating to our apps or infrastructure, please see our Cloud Security Statement on how to report it to us.

2025-08-23 - Parth Narula
Reported a missing Content Security Policy (CSP). Classified as Low / Informational since the site only serves static content without user input or cookies.
2025-08-11 - Parth Narula
Reported the absence of an MTA-STS record. Encryption is already enforced by default; strict MTA-STS was not implemented to maintain compatibility.
2023-12-31 - Kunal Mhaske
Discovered a missing X-Frame-Options header which means that this website could be at risk of a clickjacking attack.
2023-12-31 - Kunal Mhaske
Discovered the absence of DMARC records that could allow spoofing of our email domain.