PGP mail support
Es efail has showed some mail clients with PGP are not that good at preventing leaks (access from mail client to server). I guess you won't want to add efail tests (although it would be awesome, of course), but some simple privacy tests. Of course efail was special as they even exfiltrated the plaintext with that, but well…
So I first suggest that it would be nice if one could add their PGP public key, and the tester would send all the usual stuff – but just encrypted to my mail client.
E.g. Mailvelope does behave badly and does not even block images in the HTML. Other things may be done, too, when there are PGP clients, which interpret the plaintext mail themselves, or something similar.