Archives April 2018

Checking your website’s security, sources, and cookies – GDPR preparation part II

A week ago, I discussed the installation of an SSL certificate on an existing WordPress site in preparation for the European General Data Protection Regulation (GDPR), which will go into effect in May 2018. Today I want to explain the process to check your website’s security, sources, and whether it is setting any first or third party cookies. This is important in order to write a GDPR compliant privacy statement that every website that processes data of European Union citizens needs to include, regardless of whether the website provider is located in the European Union or not.

The easiest way to check your website’s security, sources and cookies is to download Google Chrome. Once downloaded, turn on the Developer Tools, as shown in the screenshot below.

Google Chrome Developer Tools

Google Chrome Developer Tools

Then, the window will be split into two parts, one, which displays the usual browser window, and another one, which displays a range of options. Go to your website, which should now be reachable via https://, and specifically check the security tab, which will display any unsecured elements that your website may be loading and that you may have missed when adapting your site to the new SSL certificate. Also check the “sources” tab, which will display all data sources loaded by your website, and the “cookies” tab, which will display any cookies your site may set, first and third party cookies. As you can see from the screenshots below, my site does not load any third-party objects other than the standard fonts and also does not set any cookies. At least the homepage does not.

Inspection of website sources

Inspection of website sources

Inspection of website for cookies

Inspection of website for cookies

Now, visit every single page on your site in turn and check these three items. In my case it turned out that I had missed one insecurely loaded element in the SSL adaptation, but none of my pages set any cookies. Which means that my GDPR-compliant cookie policy is fairly straightforward, because there are no cookies.