Compliance - https://en.wikipedia.org/wiki/Octopus BeaverCheck Audit

F

GDPR Article 13 Disclosures

Action

0 / 8 Art. 13 categories matched in homepage body

FIX

0 / 8 Art. 13 categories matched in homepage body

GDPR Article 13 disclosure coverage: 0 / 8 categories

Scanned the homepage body text for GDPR Article 13 disclosures. Matched 0 of 8 categories: . Missing: Data Protection Officer contact (where applicable), Data retention period, Data subject rights (access, erasure, rectification, etc.), Identity / contact details of the data controller, International data transfers, Legal basis for processing, Recipients of personal data, Right to lodge a complaint with a supervisory authority. Note: this scan does not fetch the privacy policy sub-page; if Article 13 disclosures live there, they are not visible to this check.

Got: 0/8

F

Legal Page Ecosystem

Action

1 of 7 expected legal pages detected

FIX

1 of 7 expected legal pages detected

Privacy Policy detected

Found at https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy.

Got: https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy

Terms of Service not detected

No link matching common Terms of Service URL patterns or link text was found. Most websites are expected to have a Terms of Service, especially those collecting user data.

Cookie Policy not detected

No link matching common Cookie Policy URL patterns or link text was found. Most websites are expected to have a Cookie Policy, especially those collecting user data.

Accessibility Statement not detected

No link matching common Accessibility Statement URL patterns or link text was found. Most websites are expected to have a Accessibility Statement, especially those collecting user data.

DMCA / Copyright Notice not detected

No link matching common DMCA / Copyright Notice URL patterns or link text was found. Most websites are expected to have a DMCA / Copyright Notice, especially those collecting user data.

Refund / Returns Policy not detected

No link matching common Refund / Returns Policy URL patterns or link text was found. Most websites are expected to have a Refund / Returns Policy, especially those collecting user data.

Acceptable Use Policy not detected

No link matching common Acceptable Use Policy URL patterns or link text was found. Most websites are expected to have a Acceptable Use Policy, especially those collecting user data.

Privacy Policyhttps://foundation.wikimedia.org/wiki/Special:MyLa…

Terms of ServiceNot found

Cookie PolicyNot found

Accessibility StatementNot found

DMCA / Copyright NoticeNot found

Refund / Returns PolicyNot found

Acceptable Use PolicyNot found

1 of 7 common legal pages detected

C

Cookie Consent & Privacy

Action

privacy policy found

REVIEW

privacy policy found

Privacy policy link found

Got: https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy

Terms of service link found

No cookie consent banner detected

6 non-essential cookie(s) set without consent banner

Unrecognized (treated as non-essential): WMF-Last-Access, WMF-Last-Access-Global, WMF-DP, GeoIP, NetworkProbeLimit, WMF-Uniq

This is an automated check, not legal advice

BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.

Consent Banner Not detected Privacy Policy https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy Terms of Service /wiki/Somatosensory_system

Pre-consent Cookies

WMF-Last-Access Functional

WMF-Last-Access-Global Functional

WMF-DP Functional

GeoIP Functional

NetworkProbeLimit Functional

WMF-Uniq Functional

This is an automated check, not legal advice. Consult a privacy professional for GDPR/CCPA compliance.

Unrecognized (treated as non-essential): WMF-Last-Access, WMF-Last-Access-Global, WMF-DP, GeoIP, NetworkProbeLimit, WMF-Uniq

Why this matters

Setting tracking cookies without a consent banner is the single most-fined GDPR violation in EU enforcement actions.

Learn more ▾

GDPR + ePrivacy require opt-in BEFORE setting non-essential cookies. Loading Google Analytics, Facebook Pixel, or any third-party tracker on page load -- without a consent mechanism -- is the highest-frequency fine pattern in EU enforcement. Add a Consent Management Platform (Cookiebot, OneTrust, Klaro) that blocks tracker scripts until consent.

Source: GDPR + ePrivacy Directive / EU DPA enforcement

BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.

Why this matters

Disclaimer: legal-page checks identify presence/absence; consult counsel for legal sufficiency.

B

Viewport Configuration

Viewport properly configured

REVIEW

Viewport properly configured

Viewport meta tag is present

width=device-width is not set

Expected: width=device-width

User zooming is allowed

Viewport Configuration Good

Content

width=1120

width=device-width

Responsive layout enabled

initial-scale=1

Correct initial zoom level

User zooming allowed

Accessibility-friendly — users can zoom

B

Accessibility Statement

No accessibility statement detected

REVIEW

No accessibility statement detected

Sites are increasingly expected to publish an accessibility statement. Required by EU Web Accessibility Directive 2016/2102 for public-sector bodies; recommended best practice elsewhere. Common URLs: /accessibility, /accessibility-statement, /a11y.

B

Cross-Site Cookies (SameSite=None)

2 cross-site cookie(s) (2 tracking-shaped, 0 essential)

REVIEW

2 cross-site cookie(s) (2 tracking-shaped, 0 essential)

2 tracking-shaped cross-site cookie(s): NetworkProbeLimit, WMF-Uniq

Cookies with SameSite=None travel in cross-site contexts (third-party iframes, cross-origin POSTs, embedded widgets). With third-party cookies dying in Chrome/Firefox, the legitimate use cases narrowed to SSO + payment widgets + federated auth. Each tracking-shaped cookie surfaced here is a cross-site analytics or ad-tech surface that needs explicit privacy-policy disclosure beyond basic cookie banner consent. Audit each: is it conditional on consent? Does the privacy policy name the recipient + purpose? Switching to SameSite=Lax disables the cross-site travel without breaking same-site analytics.

B

Cookie & Tracker Inventory

6 cookies · 0 trackers · 2 pre-consent

REVIEW

6 cookies · 0 trackers · 2 pre-consent

2 tracking cookie(s) set before consent interaction

Under GDPR ePrivacy Art. 5(3), analytics and advertising cookies require explicit opt-in. These cookies appeared in the server response without any consent step — a likely violation.

Got: WMF-Last-Access, GeoIP

4 cookie(s) could not be classified

6 cookies · 0 trackers · 0 third-party 2 pre-consent violation(s)

2 tracking cookie(s) set before consent

Analytics and advertising cookies require explicit opt-in under ePrivacy Directive Art. 5(3). These cookies appeared in the probe response without any consent step.

Analytics 2

Unknown 4

Cookie name	Domain	Type	Expiry	Flags	Consent

Under GDPR ePrivacy Art. 5(3), analytics and advertising cookies require explicit opt-in. These cookies appeared in the server response without any consent step — a likely violation.

Why this matters

Compliance gaps create legal exposure under GDPR, CCPA, ADA, and other regulations.

C

Copyright Notice

Action

No copyright notice detected

REVIEW

No copyright notice detected

No copyright notice detected in the page content. While not legally required in most jurisdictions (copyright exists automatically), a notice is standard practice and signals site ownership.

Copyright Notice Not Detected

Copyright exists automatically — a notice is standard practice but not legally required.

C

Compliance Badges

Action

0 compliance badge(s) detected

REVIEW

0 compliance badge(s) detected

No compliance badges detected

No recognized compliance certification badges or seals were found. This is common — many sites do not display compliance badges.

SOC 2

ISO 27001

PCI DSS

GDPR Certified

HIPAA Compliant

Better Business Bureau

TRUSTe / TrustArc

Privacy Shield

McAfee SECURE / TrustedSite

Norton Secured

Badge detection is based on image alt text, link URLs, and page content. Detection does not verify that certifications are current or valid.

A+

WCAG Compliance

No testable criteria

PASS

No testable criteria

Level A

Level AA

0

Passed

0

Failed

0

Partial

0

Manual review

0

Not tested

Key accessibility barriers

Links with unclear purpose

34 link(s) have empty or generic text

Screen reader users navigating by link list

Images without alt text

Screen reader users cannot understand 21 image(s)

~8M screen reader users in the US

Automated testing covers ~30–40% of WCAG criteria. Manual review is recommended for full conformance.

Full WCAG 2.1 AA compliance checklist — paste into a client deliverable or ticket

A+

Consent UX Depth

No consent-UX depth issues detected

PASS

No consent-UX depth issues detected

A+

Tracker Inventory

No known trackers detected on this page

PASS

No known trackers detected on this page

A+

Language & i18n

Lang attribute + Content-Language header

PASS

Lang attribute + Content-Language header

<html lang> attribute is present

<html lang> value is valid

Content-Language header is set

Got: en

Language signals are consistent

Page Language DetectedContent-Language Header enConsistent Yes

A+

Hreflang Configuration

No hreflang tags on this page

PASS

No hreflang tags on this page

No hreflang tags found (single-language site)

A+

Readability & Typography

Font sizes and tap targets checked

PASS

Font sizes and tap targets checked

A+

Third-Party Trackers

No third-party trackers detected

PASS

No third-party trackers detected

A+

Tracking Pixel Inventory

No tracking pixels detected

PASS

No tracking pixels detected

A+

Browser Fingerprinting

No browser-fingerprinting libraries detected

PASS

No browser-fingerprinting libraries detected

A+

Beacon Tracking (sendBeacon)

No navigator.sendBeacon usage detected in inline scripts

PASS

No navigator.sendBeacon usage detected in inline scripts

Regulatory Indicators

2 regulatory indicator(s) detected

INFO

2 regulatory indicator(s) detected

This is a technical scan, not a legal assessment

BeaverCheck detects technical indicators that may suggest regulatory relevance. This is not a compliance audit and should not be relied upon for legal decisions. Consult qualified legal counsel for compliance assessments.

GDPR indicators detected (moderate confidence)

Indicators suggesting GDPR may be relevant: European TLD detected: .fi. EU General Data Protection Regulation — governs collection and processing of personal data of EU residents.

Got: 1 indicators: European TLD detected: .fi

HIPAA indicators detected (weak confidence)

Indicators suggesting HIPAA may be relevant: Text mentions: phi. Health Insurance Portability and Accountability Act — protects sensitive patient health information.

Got: 1 indicators: Text mentions: phi

This is a technical scan, not a legal assessment.

BeaverCheck detects technical indicators that may suggest regulatory relevance. This should not be relied upon for legal decisions. Consult qualified legal counsel.

GDPR Moderate

EU General Data Protection Regulation — governs collection and processing of personal data of EU residents.

Indicators detected

European TLD detected: .fi

HIPAA Weak

Health Insurance Portability and Accountability Act — protects sensitive patient health information.

Indicators detected

Text mentions: phi

Third-Party Data Sharing

0 third-party service(s) detected

INFO

0 third-party service(s) detected

Data inventory for transparency purposes

This inventory identifies third-party services that receive data from your site visitors. Under regulations like GDPR (Article 30), maintaining records of data processing activities is commonly considered a best practice. This automated scan provides a starting point — it may not capture all data flows.

No recognized third-party data-sharing services detected

This page does not appear to load external tracking, analytics, or advertising scripts.

No recognized data-sharing services detected.

This inventory identifies services receiving visitor data.

Under regulations like GDPR Article 30, maintaining records of data processing is commonly considered a best practice. This scan provides a starting point.

Readability Scores

8664 words, Flesch-Kincaid grade 10.2

INFO

Readability Analysis (Flesch-Kincaid)

Grade Level

10.2

Grade 10 (high school)

Reading Ease

50

Difficult

Words

8664

Sentences

545