Security at R6

Infrastructure Security

• —All web traffic is encrypted with TLS 1.3 and HSTS preloading is enabled
• —Website is deployed on Cloudflare Workers with DDoS protection
• —No third-party analytics, tracking scripts, or advertising pixels
• —Security headers enforced: HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy

Code Security

• —Phoenix Core is open source — inspect the code yourself on GitHub
• —Dependencies are monitored for known vulnerabilities
• —All code changes go through review before deployment

Product Security

• —Phoenix operates as a Kubernetes Operator with RBAC-scoped permissions
• —Zero-agent architecture — no sidecars, no code injection, no instrumentation
• —All telemetry stays within your cluster — no data is sent to R6 Security

Vulnerability Disclosure

If you discover a security vulnerability in Phoenix or any R6 Security product, please report it responsibly to security@r6security.com. We take all reports seriously and will respond within 48 hours.