If Cloudflare is flagging WhatsApp or requests, you can allow the WhatsApp user-agent to bypass challenges by creating a configuration rule. Go to Rules > Overview, then select Create Rule > Configuration Rule. In the new rule, choose "Custom filter expression" under "When incoming requests match...". Use the expression editor to set the condition to starts_with(http.request.headers["user-agent"][0], "WhatsApp/"). Under the "Then" section, set the action to Browser Integrity Check or Under Attack mode, depending on what you need. This should resolve the issue.