Summary of open.spotify.com [Mobile version] Website Security Test
Provided "as is" without any warranty of any kind.
Date/Time:Mar 13th, 2026 02:25 GMT+0
Server IP:151.101.139.42
Reverse DNS:-
Location:Montreal, Canada
Version:for iPhone 6
Your final score:
- A
- B
- C
- F
A
This test was made 19 days ago and may be outdated
Refresh Test
Executive Summary for open.spotify.com
- No third-party web software dependancies were identified. Show details.
- Potential GDPR compliance issues were identified related to Privacy Policy, Cookie Disclaimer. The following checks were not performed, as no corresponding cookies with personal or tracking information seem to be sent by the website: Website Security. Show details.
- The website is compliant with PCI DSS Requirement 6.3, while being non-compliant with Requirement 6.4. Show details.
- Issues were identified with key security headers: missing X-Frame-Options; misconfigured Content-Security-Policy. Optional HTTP header appears to be properly configured: Server. Show details.
- Content-Security-Policy is enforced but configuration issues were identified: overly permissive directives, directive errors. A report-only Content-Security-Policy is not present. Show details.
- 5 cookies detected; sp_t, sp_new, sp_landing have security or privacy-related configuration issues. Show details.
- 10 external requests detected; all requests completed successfully. SRI is not used for 5 third-party JavaScript and CSS files. Show details.
- 7 robots.txt rules, 12 User-Agent blocks and 10 bot protection mechanisms detected. No protection detected via meta restrictions. Show details.
- DNS CNAME record detected; DNSSEC signatures are not present. Show details.
