GPC (Global Privacy Control) Signal Checker
Global Privacy Control is a browser-level opt-out signal. Honoring it is mandatory in California and six other US states. We test your site with GPC enabled across 4 dedicated scenarios that no other cookie scanner covers.
Available on all paid plans
GPC testing is included on all paid plans (Starter, Pro, Agency). The free scan covers the core three scenarios without GPC.
What GPC does, technically
GPC is not a cookie or a form submission. It is a browser signal sent passively on every request.
- Sets navigator.globalPrivacyControl = true in the browser
- Sends a Sec-GPC: 1 HTTP header with every request
- Signals "Do Not Sell or Share My Personal Information" under CCPA/CPRA
- Acts as a universal opt-out without requiring the visitor to find and click a Reject button
Our 4 GPC test scenarios
Each scenario uses a fresh browser session with GPC enabled to isolate exactly how your site responds to the signal.
Send GPC signal, no banner interaction
Does the site automatically reduce tracking without the visitor needing to click Reject? Non-essential cookies should be suppressed before the banner is interacted with.
Send GPC signal + Accept All
Does GPC override even an explicit "Accept All" click for advertising and data-sale cookies? Under CCPA/CPRA, GPC must be honored even if the user clicks Accept.
Send GPC signal + Reject All
Compound rejection test - both GPC and banner rejection together. Confirms the strictest combination behaves at least as strictly as each alone.
Send GPC signal, observe banner
Does the consent banner acknowledge the GPC signal? Does it pre-set consent to rejected, reduce the options shown, or surface a GPC-specific message?
US states where GPC compliance is mandatory
If your site serves users in any of these states and processes personal data, honoring the GPC signal is a legal requirement.
| State | Law | Note |
|---|---|---|
| California (CPRA) | California Privacy Rights Act | GPC must be honored as a valid "Do Not Sell or Share" request |
| Colorado (CPA) | Colorado Privacy Act | GPC is a recognized universal opt-out mechanism |
| Connecticut (CTDPA) | Connecticut Data Privacy Act | Universal opt-out mechanisms including GPC must be honored |
| Montana (MCDPA) | Montana Consumer Data Privacy Act | Recognized opt-out signal |
| Oregon (OCPA) | Oregon Consumer Privacy Act | Recognized opt-out signal |
| Texas (TDPSA) | Texas Data Privacy and Security Act | Universal opt-out signal |
| Virginia (VCDPA) | Virginia Consumer Data Protection Act | Universal opt-out signal |
Related: Pre-Consent Tracking Checker · All 9 scan scenarios explained
Test your GPC signal handling
Cookie Compliance Checker is launching soon. Join the waitlist for early access and be among the first to scan your site.