The European Union’s General Data Protection Regulation (GDPR) will be enforced from May 25th
forward. In the light of this I adjusted some things on
No External Resources
I have never used many external resources but now even those few are gone. This means:
Fonts that were previously hosted by Google Fonts are now locally hosted. So Google won’t get any IP adresses or other data.
The disadvantage of this approach is that browser caching won’t be as effective. However, this is offset by using longer caching times due to the use of new cache-busting features of webgen.
I still use StatCounter for site analytics. So “no external resources” was not 100% correct. The thing is, however, that the websites would work without it and that StatCounter is blocked by default by systems like uMatrix. For example, if you are using uMatrix, the websites will work even if you only enabled 1st-party content.
To enhance the privacy of the data I have enabled IP address masking (which replaces the last octet of the IP address with a dummy value) and disabled the tracking cookies in StatCounter (which means that every visit is the first visit).
If you see a cookie named
__cfduid: It is from CloudFlare and is not used for tracking. See the
CloudFlare site for more information.
Web Server Enhancements
Additionally, I’m now using some HTTP headers that will enhance the privacy:
If you click on a link to an external website, the external site will normally get the URL of the original site sent during the request. This header tells the browser to do this only for the website itself and not for external websites (which get nothing).
Also called HSTS, this header will mandate the use HTTPS for one year after the first access, even if the link entered into the browser is HTTP. So, essentially, it forces the browser to use HTTPS.
This header disallows embedding the website into another website by use of
Website Checking Tools
If you want to check your website for trackers, HSTS or security related headers, have a look at the following websites:
Checks for trackers and other things
Checks whether HTTPS is correctly set up
Checks for security related HTTP headers
Since StatCounter doesn’t seem to be compliant with EU regulations, I have decided to drop it and use a self-hosted installation of Matomo instead. Now there are really no external dependencies anymore.