Deployment - Data Security, Performance and Vulnerabilities
  • 24 Aug 2022
  • 1 Minute To Read
  • Dark
  • PDF

Deployment - Data Security, Performance and Vulnerabilities

  • Dark
  • PDF

The Whatfix solution is developed using globally accepted security measures. In this section, we outline how each of them works.

Whatfix Data Security

Whatfix does a routine security review and testing as an inherent part of our software development to make sure there are no vulnerabilities in the application.

Whatfix maintains the following data security measures for its users:

  1. Whatfix export version is placed as a part of your web servers. It can attain the same level of security requirement as your other in-house products.
  2. The Whatfix JavaScript makes only GET requests (read-only requests) to your web servers. No external calls are made to any outside servers.

Whatfix JavaScript Architecture

After unzipping the compressed export file (.zip), your product team needs to integrate a single line Whatfix JavaScript from the extracted package into your application. Whatfix follows all the regular best practices in ensuring JavaScript security.

The design of Whatfix JavaScript ensures that:

  • Only GET requests (read-only requests) are made to your servers from Whatfix’s JavaScript
  • No calls are made from Whatfix’s JavaScript to any server except your server
  • No third party libraries are used/required to run Whatfix on your application
  • No need to have any specific libraries/software on your server. The unzipped file can be placed on any web server software
  • Seamless operations with your CDN

Whatfix Security & Deployment Architecture

Vulnerability Scans and Penetration Test

Whatfix performs regular security assessments, penetration tests, and vulnerability scans along with multiple rounds of reviews. These tests ensure that nothing gets overlooked and human mistakes are rectified on time.


In the case of a failover, you can serve Whatfix JavaScript from multiple servers and use CDN for distributing the content.


Whatfix has a negligible impact on the performance of your application because of the following:

  • The Whatfix JavaScript execution during page load takes approximately 400 milliseconds.
  • The Whatfix JavaScript file gets cached at the browser side and ensures that the script is downloaded only once for the user (first-time access).
  • The compressed Whatfix JavaScript is just 700 KB in size. The browser caches this file and ensures that the user downloads them only once (first access).

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.