Security Report Summary
F
Site: | http://web.whatsapp.com/ - (Scan again over https) | ||
---|---|---|---|
IP Address: | 2a03:2880:f231:c6:face:b00c:0:167 | ||
Report Time: | 03 May 2024 18:06:51 UTC | ||
Headers: |
|
||
Warning: | Grade capped at A, please see warnings below. | ||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
X-Frame-Options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN". |
X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Warnings
Site is using HTTP | This site was served over HTTP and did not redirect to HTTPS. |
---|---|
Response is not HTML | The content-type of the response does not indicate HTML. Not all headers, and therefore the score, may be appropriate. |
Status code indicates error | The status code of the response indicates an error. Not all headers may be set when the response is an error. |
Scan was blocked | We got a 403 when trying to scan, please ensure we aren't being blocked. You can find our IP addresses to allow scans in our FAQ. |
Raw Headers
HTTP/1.1 | 403 Forbidden |
---|---|
Content-Type | text/plain |
Server | proxygen-bolt |
Proxy-Status | http_request_error; e_fb_configversion="AcJXD-hFlmEWBP3n_MSiRl8axT8hM3BiGB4r61ZEdxOZ3HU1nEseLbS4o0qdZA"; e_clientaddr="AcJdmzgmi__eXJyoNYnanzAjVFKlp4VY9U7VOuSXj3rjz8yg1q9GBQbJ6_oHVBWMz3CgAmuGDz4_Lh08UGZVrIC3yfWwBGkaabej"; e_fb_vipport="AcI_fBTIOVNzMSOnS1sKdCdyiv_M0DHPv_gjkSQwUPs0wEHxmccV7pf0I6s"; e_fb_vipaddr="AcKQEw7s7YxBz9u-sUm1PADrFQzQi9TvXrB6p26DY4sb8ensWN08W_r9fWjcaQAFCXnkGy0PIi819KLpmbUVzE8hyNNaafamPFnd"; e_fb_requestsequencenumber="AcISpJiyfOdO-SJuuuturHEPP5hMyMn3ZZCKahIsWrCCd5cIlgWssALzxA"; e_fb_hostheader="AcIA826TF_X8Nphbo-cHxll3-egdCy8T_fasP0geVsgaBfN8BzEwcBCgF1aSxOmdwyNdP-5N5vUqVg"; e_fb_requesttime="AcIaT8uMhOT4-vd5ZaQFugw1tYID7z9m0VPduhOCvnV-TlusEqMbPaT1grDBckuPV6GpEOqG5A"; e_fb_builduser="AcIiQx6i5cRj5SeCHDWTuoe2k0DNHCqkvTVJ68MFW0qpLfDiTtkF5gIa0FccSoRfO14"; e_fb_httpversion="AcLEVrA8zJhMkGA_PbX3e3FtBjXWxnfpYDBbQxGYI6VFwCGmBiiRJdtGMbZ7"; e_fb_binaryversion="AcIhi7EZjVcif0-acyy4HoLbrF3D9cVaDvFdAD3Oma9b3EepvAwgZfA2djrU1b218Ddm_YEcRQTXjR5dEGwyUJNtVZiH0ypTbHI"; e_proxy="AcI8SohMLhAaHuRi5dukxEQw_j69kK8sZK7qiHdkIHVxTf7cAEhO2QlLYVsEgKP17qX5z_1BcgtAoJpY", http_request_error; e_fb_configversion="AcKTEu2rb3M217OkIz8dMTPAJLLhcn_T5jATcWWTCxnbg4NAG_AcSMDKauvMfQ"; e_clientaddr="AcJt__3JBU4ikmYth5KAHQhnNNvtYMI11FQJFguiFCBprilGerHfLH9KRnbi4a72HwDpkx11No6nNR7B9yPv0DKWk-sNCEyeEl6l"; e_fb_vipport="AcKf3CWfqEg_gydmy5nXfW1qQbLYc-rLi9VY70_-tcBie_lY3QB-IWTwgGg"; e_fb_vipaddr="AcJ0WvAbwgfvhQk4hhE66pHIE1_tCELiYJJ2HHc74gbm9qSwDfm9Rb3paLuLZd_EF6HhpOusFMFN_UgF9ANWDs2No3Npui15djuX"; e_fb_requestsequencenumber="AcIE2ysmYtAPnPFHTFinyFgyjT9k7yT7Tc2nQe4tXIQpqp06xSZZ_sjUhA"; e_fb_hostheader="AcJFMnMN4vjWjLgIJfKWEUjzXBaP7u-fssXW7maMacazWxPC_h-KKe2-jCVFjlgzc72q0kCU3F9pMw"; e_fb_requesttime="AcI7dxAxhNTVqK4TolwTXfgzUl4tcSZ8NQ9nVZ0UwQlk5OVbmyR591DPBbBNzPHtPHxNC_M_1g"; e_fb_builduser="AcKWt2lGo09BJxDWVBfzot2APFO6eHQYn7rlGlT894XD6nBc1pBX4DDsEhgsjp5onto"; e_fb_httpversion="AcL5wrzFmepa2ktsy1jbXTbGXmFdqFI3rbT7eufNqzuiS1jchT7MUsHB4LG5"; e_fb_binaryversion="AcKPwbVXo9j8xN0RDdbLcCb3TOM_mZ8a-h2MyNGOSs8jth6Fzv4s8qRJwcpeBL8rGit-UcBflarOgbUg56hj4mFGGgiu31Bn53E"; e_proxy="AcK95iDe6Lp0BjbGDusI-np3cjDKvP0N3Rb47e8cLaS9Fj0p1lynlw0WYFnk4ETJ9whhu4L2_4Ekh4dc" |
Date | Fri, 03 May 2024 18:06:51 GMT |
Connection | keep-alive |
Content-Length | 0 |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
Server | Server value has been changed. Typically you will see values like "Microsoft-IIS/8.0" or "nginx 1.7.2". |
---|