No Global Privacy Control (GPC) acknowledgement

Global Privacy Control (GPC) is a setting built into some browsers that automatically sends a signal to websites saying the user does not want their data sold or shared. Privacy laws in California, Colorado, and other US states legally require websites to honour this signal. Failing to detect and act on GPC signals is a direct compliance risk under CCPA/CPRA (California) and similar state laws. Regulators have begun enforcement actions specifically around GPC non-compliance. Ask your developer to add server-side or JavaScript logic that checks for the GPC signal (the Sec-GPC request header or navigator.globalPrivacyControl property) and, when present, suppresses data-sharing and ad-targeting for that visitor.

Why this matters

Failing to detect and act on GPC signals is a direct compliance risk under CCPA/CPRA (California) and similar state laws. Regulators have begun enforcement actions specifically around GPC non-compliance.

How to fix it

Ask your developer to add server-side or JavaScript logic that checks for the GPC signal (the Sec-GPC request header or navigator.globalPrivacyControl property) and, when present, suppresses data-sharing and ad-targeting for that visitor.