Website Security Test of www.youtube.com

Executive Summary for www.youtube.com

• Web Software Security Test
  6 third-party web software dependancies were identified, including 3 outdated dependancies. No known vulnerabilities were detected. 3 identified third-party web software dependancies have unknown versions. The identified CMS (Drupal) appears to be up to date. The following CMS components, JS-libraries or frameworks were identified: polymer, hammer.js, spfjs, and others. Show details.
• GDPR Compliance Test
  Potential GDPR compliance issues were identified related to Privacy Policy, Cookie Disclaimer. Show details.
• PCI DSS Compliance Test
  The website is compliant with PCI DSS Requirement 6.3, while being non-compliant with Requirement 6.4. Show details.
• HTTP Headers Security Test
  Issues were identified with key security header misconfigured Content-Security-Policy. Some optional HTTP headers may not be properly configured: Content-Security-Policy-Report-Only, Permissions-Policy, Report-To. Deprecated HTTP headers detected: X-XSS-Protection. Show details.
• Content Security Policy (CSP) Test
  Content-Security-Policy is enforced but configuration issues were identified: directive errors. The report-only Content-Security-Policy contains issues: overly permissive directives, directive errors, deprecated directives. Show details.
• Cookies Privacy and Security Test
  6 cookies detected; GPS have security or privacy-related configuration issues. Show details.
• External Content Security Test
  No external requests were detected. Show details.
• Protection from Data Scraping Test
  2 User-Agent blocks and 1 bot protection mechanism detected. No protection detected via robots.txt rules or meta restrictions. Show details.
• DNSSEC Configuration Test
  DNS CNAME record detected; DNSSEC signatures are not present. Show details.