Please report a vulnerability to [email protected].
- Firebase initialization tokens. The Firebase tokens are really public: they must be included into client applications and consequently are not private by design.
- Exposed
/pprofor/expvar. We know they are exposed. It's intentional and harmless. - Exposed Prometheus metrics
/metrics. Like above, it's intentional and harmless.