Measured data, July 9, 2026
Among Fortune 500, GPC is niche, DNT is gone
Two small, machine-readable privacy declarations live under
/.well-known/: GPC (gpc.json) tells
browsers the site will honor
Global Privacy Control
opt-out signals; DNT (dnt-policy.txt) is the
legacy
EFF Do Not Track policy
Privacy Badger looks for. We fetched both for every Fortune 500 company.
01 GPC vs. DNT
One signal got traction; the other vanished
4%
20/500 companies
serve gpc.json
20 companies publish a W3C GPC support declaration. Of
those, 16 set
gpc: true.
0%
0/500 companies
serve dnt-policy.txt
Not a single Fortune 500 domain hosts the canonical EFF Do Not Track
policy at the well-known path.
16
companies out of 500 publish a valid GPC declaration
(
gpc: true, lastUpdate, HTTPS,
application/json). The rest of the list is silent on both
standards.
02 The adoption funnel
Privacy well-known files, across all 500
Publish either well-known file4.0% · 20
Serve gpc.json4.0% · 20
GPC compliant (gpc: true)3.2% · 16
EFF dnt-policy.txt0.0% · 0
03 What they publish
GPC details
A compliant gpc.json is a JSON object with
gpc: true (or false to explicitly decline) and a
valid RFC 3339 lastUpdate, served over HTTPS as
application/json. The EFF DNT policy is a verbatim plain-text
document. None of the Fortune 500 serve it.
GPC + DNT footprint of 500 surveyed
GPC breakdown of 20 gpc.json files
80%
of the 20 companies that publish
gpc.json set
gpc: true with a valid lastUpdate. The rest are
partial (3) or explicitly decline (1).
04 The roll call
20 companies with a privacy well-known file
Every company that serves gpc.json or
dnt-policy.txt. 16 honor GPC;
1 explicitly decline; 0 post the EFF DNT
policy.
No domains match “”.