CMS Plugin: Security and Privacy FAQ

This article explains how Siteimprove’s CMS plugins handle authentication, data transmission, storage, and user privacy. It is intended to help customers, IT teams, and compliance stakeholders understand how the plugin operates in secure environments.

Data Transmission and Encryption

Q: Is data transferred between the CMS and Siteimprove encrypted?

A: Yes. All communication between the CMS plugin and Siteimprove is encrypted using HTTPS with SSL/TLS protocols. This ensures that data is protected while in transit and cannot be read or modified by unauthorized parties.

Authentication and API Security

Q: How does the CMS plugin ensure secure API communication?

A: All API communication is secured using token-based authentication. Tokens are issued after successful login and are required for all requests between the plugin and Siteimprove services.

This prevents unauthorized access and ensures that only authenticated users can interact with the platform.

Q: If I am already logged in to Siteimprove, will I be automatically logged in to the CMS plugin?

A: No. The CMS plugin runs in a separate browser context and maintains its own session.

Even if you are logged in to the Siteimprove platform in another tab or window (via SSO or local login), the plugin may still require you to log in. This is expected behavior due to browser security and session isolation.

Q: What is the CMS plugin token?

A: The CMS plugin token is a small authentication value used to link the plugin to your Siteimprove account.

Each CMS type (for example, Drupal, WordPress, or Optimizely) has its own token endpoint. The plugin automatically retrieves and uses this token after login to establish a secure connection.

The token alone does not provide direct access to the Siteimprove platform or customer data.

Note: Tokens are primarily associated with Plugin SDK v1. As this version is being deprecated, token configuration fields in some CMS environments will be removed. Authentication will continue to be handled securely in the background.

Q: Do I need to manually enter API credentials or tokens in the plugin configuration?

A: No. Manual entry of credentials is not required.

Prepublish and Live checks are enabled based on your Siteimprove subscription and user permissions, not on values entered in the CMS configuration.

User Login, Tracking, and Logging

Q: What happens if a user clicks the plugin button while not logged in?

A: If the user is not authenticated, clicking the plugin button opens the Siteimprove login page in a new browser window.

No interaction data is tracked inside the CMS until the user has successfully logged in.

Q: Does Siteimprove track behavior when a user is logged in?

A: Once authenticated, Siteimprove may use Pendo to collect interaction data within the plugin. This data is used solely for product improvement and user experience optimization.

In addition, API request logs are retained for approximately 14 days for troubleshooting and diagnostic purposes.

Q: How long are logs retained?

A: API request logs are retained for approximately 14 days for troubleshooting and diagnostics.

Q: Can I audit plugin usage and activity?

A: End users do not have direct access to detailed system logs.

Siteimprove retains request logs for a limited period and can assist with audits, investigations, or troubleshooting upon request through Siteimprove Support.

Handling of Unpublished and Draft Content (Prepublish View)

Q: How is unpublished content handled in Prepublish View?

A: When Prepublish is enabled, the plugin captures a snapshot of the draft page’s full DOM (including relevant HTML, CSS, and JavaScript).

This snapshot is transmitted via a secure API to Siteimprove’s Content Check engine for analysis.

Q: How long is Prepublish data stored?

A: Prepublish data is encrypted at rest, stored temporarily, and scheduled for automatic deletion after approximately 72 hours.

Temporary storage is used only for processing, troubleshooting, and diagnostics.

Q: Is Prepublish data handling GDPR compliant?

A: Yes. Temporary storage and processing of Prepublish data is designed to comply with applicable data protection regulations, including GDPR.

Data is handled securely, retained only as long as necessary, and deleted according to defined retention policies.

Q: Is unpublished content crawled or indexed?

A: No. Unpublished content is only analyzed through secure, temporary snapshots and is not crawled, indexed, or made publicly accessible.

Infrastructure, Hosting, and Compliance

Q: Where is the CMS plugin hosted?

A: The plugin loads content and services from Siteimprove’s platform infrastructure, which is hosted in environments designed to meet applicable security and compliance requirements.

For detailed information about data residency or regional hosting, contact Siteimprove Support.

Q: Are credentials or personal user data transmitted through the plugin?

A: The plugin does not intentionally transmit user passwords or unnecessary personal data.

Authentication is handled through secure login mechanisms and token-based sessions.

Q: Can third parties intercept plugin data?

A: No. Data interception is prevented through SSL/TLS encryption, secure authentication tokens, and session validation mechanisms.

Secure Implementation and Configuration

Q: How can I ensure a secure plugin implementation?

A: To ensure secure deployment:

• Follow official implementation guides at http://developer.siteimprove.com
• Install plugins only from verified CMS marketplaces
• Keep your CMS and plugin versions up to date
• Restrict access based on user roles and permissions

Q: Does embedding the plugin as an iFrame pose security risks?

A: No. The plugin iFrame loads secure content from Siteimprove’s platform and operates within browser security boundaries.

All interactions are isolated by same-origin policies and modern browser protections.

Security Incidents and Support

Q: What should I do if I suspect a security issue?

A: If you believe there may be a security vulnerability or incident related to the CMS plugin:

1. Contact Siteimprove Support immediately
2. Provide relevant details and examples
3. Avoid sharing sensitive data publicly

Siteimprove operates a responsible disclosure process and treats security matters with high priority.

CMS Plugin Data Flow Overview

The CMS plugin follows a structured and secure data flow.

1. Initialization: When a user opens the CMS admin interface, the plugin script adds a Siteimprove button. No data is transmitted at this stage.

2. User Interaction: If logged in, the plugin opens in an embedded iFrame. If not logged in, the Siteimprove login page opens in a new window.

3. Live View: The plugin sends the current page URL to Siteimprove via HTTPS. The platform returns existing crawled insights for display.

4. Prepublish View (if enabled): A DOM snapshot of unpublished content is captured. The snapshot is sent to the Content Check API. Data is temporarily stored (approximately 72 hours) for processing.

5. Authentication and Logging: All requests use token-based authentication. Request logs are retained for around 14 days. Authenticated interactions may be analyzed using Pendo for UX improvement.