Hall of fame

CookieLint is new. Reports that meet the criteria below will appear here with the researcher's permission. If you have sent us a finding and want to be credited, reply to our acknowledgement email with the display name and link you would like us to use.

A report qualifies when it meets all of these:

• describes a previously unknown defect in an in-scope asset
• includes enough detail for us to reproduce against a clean tenant
• gave us reasonable time to deploy a fix before public disclosure
• did not access or copy data belonging to other tenants beyond what was strictly needed to demonstrate the issue

Duplicate reports credit the first report received. The display options are: real name, handle, anonymous (counted in totals only), or company name.

Machine-readable contact details (RFC 9116) at /.well-known/security.txt.