Summary of api.whatsapp.com [Mobile version] Website Security Test
Provided "as is" without any warranty of any kind.
Date/Time:May 29th, 2025 00:02 GMT+0
Server IP:31.13.65.49
Reverse DNS:whatsapp-cdn-shv-01-atl3.fbcdn.net
Location:Lithia Springs, United States
Version:for iPhone 6
Your final score:
- A
- B
- C
- F
A
This test was made 309 days ago and may be outdated
Refresh Test
Executive Summary for api.whatsapp.com
- No third-party web software dependancies were identified. Show details.
- No obvious GDPR-related compliance issues were detected across Privacy Policy, Website Security, TLS Encryption, Cookie Protection, Cookie Disclaimer. The following checks were not performed, as no corresponding cookies with personal or tracking information seem to be sent by the website: Website Security, Cookie Protection, Cookie Disclaimer. Show details.
- The website is compliant with PCI DSS Requirement 6.3, while being non-compliant with Requirement 6.4. Show details.
- Issues were identified with key security headers: missing X-Frame-Options; misconfigured Content-Security-Policy. Some optional HTTP headers may not be properly configured: Content-Security-Policy-Report-Only, Permissions-Policy, Report-To. Deprecated HTTP headers detected: X-XSS-Protection. Show details.
- Content-Security-Policy is enforced but configuration issues were identified: overly permissive directives, directive errors, deprecated directives. The report-only Content-Security-Policy contains issues: overly permissive directives, directive errors, deprecated directives. Show details.
- One cookie detected; wa_lang_pref has security or privacy-related configuration issues. Show details.
- 14 external requests detected; all requests completed successfully. SRI is not used for 10 third-party JavaScript and CSS files. Show details.
- No significant anti-scraping protections were detected. Show details.
- DNS CNAME record detected; DNSSEC signatures are not present. Show details.
