The State of Compliance Report in the United States
Are U.S. websites really honoring “Reject All”?
We audited 450 leading U.S. websites to see how well they comply with consent requirements under today’s privacy laws—and what that means in real financial risk.
What's Inside?
Consent requirements under U.S. privacy laws: clear explanation of what laws expect when users accept, ignore, or reject consent (including GPC).
How websites behave in real life:
- Average number of tags loading
- Tags by category (necessary, targeting, performance, etc.)
- What still fires after reject or GPC
- Results in aggregate and by industry: Media, Finance, Healthcare, E-commerce/CPG
High-risk tags & sensitive data:
- Presence and behavior of major marketing pixels
- Special focus on healthcare sites and consumer health data
- How often performance/targeting tags still load when they shouldn’t
How We Ran The Study
Using Tag Inspector, we scanned 100 pages per site across 450 U.S. websites and simulated four user consent states:
- No consent choice made
- Consent accepted
- Consent rejected (explicit opt-out)
- Consent rejected via GPC signal
For each scenario, we captured which tags fired, in what categories, and where that behavior conflicts with legal expectations.
Who The Study Is For
- DPOs / privacy & legal teams
- Compliance leaders
- Digital, marketing, and analytics teams
View This Resource
Thank you! Your resource will load now.
