83% of Websites We Audited Were Non-Compliant. Is Yours?
We analyzed 2,000+ business websites for security headers, CCPA/GDPR compliance, and ADA accessibility. 83% failed.
83% of business websites fail basic compliance checks
Over the past year, I built a system that runs 25 automated scans across every website in my portfolio. 2,000+ sites. ~300 data points each. The goal was to find which sites needed attention and which were fine.
The results were worse than expected.
83% of sites had at least one critical compliance or security issue. Not minor stuff — real liabilities that could result in fines, lawsuits, or data breaches.
What a website compliance audit actually checks
A proper compliance audit covers four areas most businesses ignore:
Security headers protect your visitors from attacks. Without them, your site is vulnerable to cross-site scripting, clickjacking, and data injection. In our analysis, 1 in 3 sites scored an F on security headers. That means no Content Security Policy, no XSS protection, no clickjacking defense.
Cookie consent and CCPA/GDPR compliance requires asking visitors before tracking them. If you run Google Analytics, Meta Pixel, or any marketing tool without a consent banner, you're violating privacy regulations. 96% of sites we audited had no consent management platform installed. Fines start at $7,500 per violation under CCPA.
Email authentication (SPF, DMARC, DKIM) prevents email spoofing. Without it, anyone can send emails pretending to be your business. 4 in 10 sites had no DMARC record. That's an open door for phishing attacks targeting your customers.
ADA accessibility is a legal requirement under Title III. More than 1 in 3 sites had critical WCAG violations. ADA lawsuits have increased 300% since 2018 — plaintiffs actively scan for these issues.
Why most businesses don't know they're non-compliant
Nobody told them.
Most web developers focus on making sites look good and function correctly. Security headers, consent management, and accessibility compliance are afterthoughts — if they're thoughts at all.
Your hosting provider won't flag these. Google won't tell you (they'll just rank you lower). Your customers won't complain — they'll just leave.
The only way to know is to run a proper audit.
How to check your website compliance for free
Step 1: Run a free scan. I built a free website health checker that tests your site in 30 seconds. It won't catch everything — the free version covers 5 checks — but it tells you where you stand on the basics.
Step 2: Check your cookie consent. If you run any analytics or tracking pixels and don't have a cookie banner, you have a compliance gap. OneTrust, Cookiebot, and Osano all have free tiers.
Step 3: Test your security headers. Visit securityheaders.com and enter your domain. If you score below a B, you need to add Content Security Policy, X-Content-Type-Options, and X-Frame-Options headers.
Step 4: Run an accessibility check. WAVE (wave.webaim.org) will scan your homepage for free. Focus on critical and serious violations first.
What a full website compliance audit costs
The free scan covers the surface. The full $97 audit runs all 25 scans — security, compliance, SEO, performance, accessibility, technology, and conversion readiness — and gives you a prioritized action plan with estimated fix hours.
Every audit includes a free 30-minute walkthrough call where I explain the findings and help you prioritize. No pitch. Just your data.
The real cost of ignoring compliance
CCPA fines: $2,500-7,500 per violation. If your site gets 1,000 visitors a month without consent, that's exposure.
ADA lawsuits: Average settlement is $10,000-50,000. Legal fees on top. And they target businesses that haven't fixed known issues.
Email spoofing: One phishing email sent "from" your domain can destroy customer trust overnight.
Google penalties: Security issues and poor page experience directly impact search rankings. Your competitors who've fixed these issues will outrank you.
The sites that score well have one thing in common: someone was paying attention. The audit is how you start paying attention.
What to do next
If compliance is on your radar, here are three options:
1. Run a free site scan — 60 seconds, no email required. See where you stand across security, SEO, and performance.2. Book a free strategy call — 30 minutes. I'll review your full digital presence and tell you what to prioritize.
3. See how other businesses have improved — Real results from real engagements across construction, SaaS, and compliance.
Related reading: What is a fractional CMO? | Google Ads audit checklist | All services