ptprog

SPF should only whitelist whatever servers you use to send emails with your domain. So, unless you use Google to send emails for your domain, you are not supposed to add Google servers to your SPF records.

@Adlago if you replace the line you show with <link rel="manifest" href="{url='app=core&module=system&controller=metatags&do=manifest' seoTemplate='manifest'}" crossorigin="use-credentials"> the new connection issue is solved. (I tested this, and it solved the issue in my case.) BTW, after start using SSL and HTTP/2, my tests (using RUM) showed that the use of cookie-free domains was only slightly beneficial when I was using a CDN. Otherwise it was degrading performance, despite most of the synthetic tests (like YSlow and Webpagetest) giving better result

Regarding performance, my experiments show a small degradation of performance (15% ~ 20%, measured with a RUM script) during the period I used the preload setting.

Has anybody tried to use '<link rel="preload" ...>' to load fonts? Any idea if this improves performance?

That option is enabled. The problem is the primary group 🙂 Thanks!

Aren't admins supposed to receive notifications when there is an account deletion request?

Does this means that we can choose between keeping the username or anonymizing member's content, as when we delete a member from AdminCP?

Hashes are not difficult to reverse when you have a small set of possible unhashed values (the number of IPv4 addresses is small enough that you can hash all of them quickly, to create a lookup table; for IPv6 may take a little longer, though). Also, actual IPs may be useful in proofs of consent (to prove somebody subscribed a newsletter, for example). In case you don't need actual IPs in any case, you can easily anonymize IPs adding a few lines of code your constants.php file, I believe. (I had this kind of solution in place, until I realized I needed actual IPs in some cases.)

This plugin seems to be adding some additional tag&prefix settings for blogs, which I'm trying to use. I want to override the "Minimum Tags Allowed" of a group blog in its "Blog Settings" (AdminCP). I removed the check from the "Default" option, and put the value "1", for example, in the input field. However, after saving and going again to the settings page, the value I set disappeared, and the "Default" option is checked again. So, it seems there is a bug preventing the changes made from being persisted.

For contact forms probably only Privacy Policy is relevant. For guest posts I believe both are important. (In general I agree with you that this is stupid, and it is unlikely anybody will have problems with this. But I wouldn't be surprised if this is indeed required.)

As I mentioned in other post, at least in the European Court, the decision was favorable to the use of legitimate interest as a reason to store IP addresses, even though they were classified as personal information. But I agree when you say that storing IP addresses is risky,

Note that you can use the contact form without agreeing to the ToS, I believe. Probably there are other guest forms in a similar situation. I'm checking European Commission websites to see how they are complying with GDPR, and their contact forms (or at least some) have the consent checkboxes. So, even though I'm not particularly concerned with this issue, I think it would be wise to add this to contact forms and some other guest forms (maybe put it in the same places where you may place a CAPTCHA for avoiding guest spam messages).

My understanding of the European Court decision is that not only it decided that IP address are personal data, but also said the the German law limitations on storing personal data based on legitimate interest were not in accordance with the EU directive. https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-10/cp160112en.pdf This latter part has been interpreted by some as meaning you can store the IP addresses for some time based on legitimate interest. It is also my interpretation, but I'm not a lawyer. I agree. I was just stressing that the rules to keep pers

The account history is actually a particular cases where we need to keep some IP addresses indefinitely (the ones that are associated with "consents"). I disagree that you need to completely disable IP address collection (or even anonymize all IP addresses before storing then). Recital 49 says: Storing IP addresses for a limited amount time (a few months) is a perfectly proportionate measure to be able to investigate a security incident or block brute force attempts, for example. This is something you cannot simply enable after the fact, so you need to collect them under