WordPress / #GDPR / #DSGVO
?? a pain in the ass if not self hosted??
What we need to check and resolve to get it done:
- HTTPS as a default (DSGVO Art25)
- HTTP Strict Transport Security (HSTS)
- Content Security Policy (CSP) ((DSGVO Art32.2)
- !! this may/will break some of your plugins or everything !!
- Referrer Policy (DSGVO Art5.1.c & 25 & 32.2)
- Subresource Integrity (SRI) (DSGVO Art5.1.f & 25 & 32.2)
- HTTP-Header (DSGVO Art5.1.c & Art5.1.f 25 & 32.1-2)
- X-Content-Type Options
- X-Frame Options
- X-XSS-Protection
- Cookies yes/no (DSGVO Art5.1.a c e & Art21 & 22 & 23)
- First Party Request
- Third Party Request (DSGVO Art5.1.b-c Art25)
We’ll keep u posted what comes next! oh yes there is still some more …