I reported the following to the support email on 21 Dec 2018, but it still isn’t fixed (I did get a mail confirming receipt of the report, though; and two other issues I reported in the same email were fixed).
On https://codecov.io/site/security
- the title of section 5 shows up in the table of contents as ‘Is my Team's data isolated from other Teams?’
- on the same page, I am seeing this error in the JavaScript console (with Safari 12.0.2 on Mac OS X 10.14): “[Error] Refused to execute a script because its hash, its nonce, or ‘unsafe-inline’ does not appear in the script-src directive of the Content Security Policy. (security, line 0)”
A similar error appears with Firefox 64; I have not tried Safari - the links from the TOC to the questions do not work; indeed, none of the section
<h2>s has the appropriate anchors