What are security limitations of AMP emails?

AMP's security model is restrictive by design to protect both users and email providers. No custom JavaScript is allowed-all interactivity must use approved AMP components. This prevents malicious scripts from executing in the inbox environment, eliminating entire categories of attacks that plague web browsing. You work within AMP's component library, not with arbitrary code.

External resource restrictions limit what AMP can load. Images must come from HTTPS sources. External tracking pixels are prohibited. Fonts must be from approved providers. XHR requests (for live data) must go to endpoints that implement proper CORS headers and meet AMP's security requirements. All server endpoints must use HTTPS. These constraints prevent data exfiltration and reduce tracking capabilities compared to web pages.

CSS restrictions also apply: no external stylesheets, limited use of certain properties, and restrictions designed to prevent visual spoofing attacks. Some CSS that works in standard HTML email won't pass AMP validation. AMP's security limitations are features, not bugs-they're why email providers trust AMP content enough to render interactive elements in the inbox. Working within these constraints is the price of that trust.