Support » Plugin: Security Headers » GDPR – Any website visitor personal data collected by plugin?

  • Resolved adamno1

    (@adamno1)


    Hi,

    I just wish to double check whether any personal data is collected by the Plugin from website visitors? (I imagine not, but wish to double check).

    Thanks in advance and thanks for your hard work.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author SimonRWaters

    (@simonrwaters)

    Thanks for the question.

    The plugin is currently entirely self contained, and there is no direct storage of personal data, and so no direct GDPR implication. There is no inclusion of third party hosted code or images, and no tracking.

    The plugin does allow setting of reporting URI for Certificate Transparency and Public Key Pinning violations, but you would have to provide or acquire 3rd party services to use this feature (report-uri.com for example). The data stored in such services is typical of that required to resolve technical issues or identify misuse (including potential criminal activity). I would imagine such services have no or miminal GDPR implications but I am not a lawyer, you might want to include this activity in a comprehensive privacy statement.

    Some documentation, such as how to do Public Key Pinning is provided via my personal blog that records standard W3C style logging of web requests (date/time, IP, browser user-agent, and referrer).

    Thread Starter adamno1

    (@adamno1)

    Hi Simon,

    Wow! What a quick reply. That’s great, thanks for such a quick and detailed reply. That has answered my question completely.

    Thanks once again and thanks for a great plugin.

    Best regards,
    Adam

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘GDPR – Any website visitor personal data collected by plugin?’ is closed to new replies.