gdpr
How to fix: Cookie policy linked
GDPR Art. 13
ePrivacy Directive
Why this matters
Visitors have a right to know exactly what cookies your site sets — by name, purpose, duration, and third-party sharing. A cookie policy page is where you publish that, separate from the broader privacy policy.
Background
GDPR requires you tell users which cookies are set + why. A dedicated Cookie Policy page meets that disclosure duty. Linking to a separate page from your Privacy Policy is cleaner than burying cookie info inside it — easier to audit and update independently.
References
GDPR Art. 13 (transparency) · ePrivacy Directive 2002/58/EC (cookies)
How to fix
Code snippet for each stack we cover. Pick the one matching your server / framework.
nginx
No server config — content page.
apache
Same.
cloudflare
Same.
wordpress
Use Cookiebot / CookieYes / Iubenda — they generate the policy + a consent banner from a cookie scan of your site.
flask
Add /cookie-policy route + template. Generate from an OS license (e.g. WebsitePolicies.com generator) and cite the consent platform you use.
express
Same.
rails
Same.
Verify it's working
curl -s https://your-site/cookie-policy | head — should return 200 with substantive cookie disclosure content.
Want to know if your site has this issue?
Run a free 53-check audit — security, GDPR, NIS2, and technical SEO.
Audit my site →