Website Security Test of api.whatsapp.com

Executive Summary for api.whatsapp.com

• Web Software Security Test
  No third-party web software dependancies were identified. Show details.
• GDPR Compliance Test
  No obvious GDPR-related compliance issues were detected across Privacy Policy, Website Security, TLS Encryption, Cookie Protection, Cookie Disclaimer. The following checks were not performed, as no corresponding cookies with personal or tracking information seem to be sent by the website: Website Security, Cookie Protection, Cookie Disclaimer. Show details.
• PCI DSS Compliance Test
  The website is non-compliant with PCI DSS Requirement 6.4. The assessment of PCI DSS Requirement 6.3 may be incomplete due to limited software fingerprinting. Show details.
• HTTP Headers Security Test
  Issues were identified with key security headers: missing X-Frame-Options; misconfigured Content-Security-Policy. Some optional HTTP headers may not be properly configured: Permissions-Policy, Report-To. Deprecated HTTP headers detected: X-XSS-Protection. Show details.
• Content Security Policy (CSP) Test
  Content-Security-Policy is enforced but configuration issues were identified: directive errors. A report-only Content-Security-Policy is not present. Show details.
• Cookies Privacy and Security Test
  One cookie detected; wa_lang_pref has security or privacy-related configuration issues. Show details.
• External Content Security Test
  16 external requests detected; all requests completed successfully. SRI is not used for 11 third-party JavaScript and CSS files. Show details.
• Protection from Data Scraping Test
  1 meta restriction and 1 bot protection mechanism detected. No protection detected via robots.txt rules or User-Agent blocks. Show details.
• DNSSEC Configuration Test
  DNS CNAME record detected; DNSSEC signatures are not present. Show details.