Required web content and links

A list of required links that all federal websites need to have.

If you manage a public website in the federal government’s executive branch, various policies require you to have certain content—or provide links to content—from specific places on your website.

This page makes it clear:

  • what links are required and the purpose they serve
  • the text that you should use for each link
  • where the link should be located on your site
  • which law or policy requires those links

The easiest way to implement these required links in a clear, user-friendly way is by using the two core U.S. Web Design System components:

Together, these two components are the most recognizable and standardized design elements of federal websites. Use the banner at the top to identify your site as an official federal government site. Use the identifier at the bottom to communicate the site’s parent agency and display the links required by federal laws and policies.

Questions? send an email to digitalgov@gsa.gov

Note

Sub-agency sites are sites managed by or focused on a branch or division of a Department-level agency, such as the National Institutes of Health (NIH) website, www.nih.gov, which is a sub-agency of the U.S. Department of Health and Human Services (HHS). The content is focused on the work of the agency.

Secondary sites are sites (including microsites) managed by a federal agency on a certain topic, such as the Federal Student Aid website, www.studentaid.gov, which is managed by the U.S. Department of Education. The content is focused on a program or topic, rather than the agency that runs the program.


About Page

You need to have an “About” page on your site.

On your primary agency site, include information about the agency with descriptions of the agency organization structure, mission, and statutory authority, and links to the following information:

  • the agency’s strategic plan and annual performance plans
  • the agency’s privacy policy page (more on this below)
  • the agency’s Small Business point of contact, as described by the Small Business Paperwork Relief Act of 2002
  • the agency’s Open Government page
  • the agency’s Plain Writing page
  • information as required under the No Fear Act of 2002 (more on this below)
  • information associated with the agency’s implementation of the Information Quality Act

Secondary agency sites also need an “About” page that describes your site and links to your own website policies. It should also link to the primary agency’s “About” page.

About or About us

  • Your principal website
  • Any known sub-agency site
  • Any known major entry points to your sites

Learn more about what content helps provide your users with clear, contextualized digital experiences in Requirements for delivering a digital-first public experience.

Accessibility Statement

Federal agencies must:

  • develop an accessibility statement,
  • add it as an “Accessibility” page on the agency’s main website and provide a link to it,
  • link to it on all secondary public-facing websites, and
  • link to it on the agency’s Intranet website.

The accessibility statement should, at a minimum, include:

  • contact information for the agency Section 508 program,
  • date of the last update, and
  • the ability for website visitors to provide comments and/or feedback regarding the agency Section 508 program.

Sample and best-in-practice accessibility statements can be found at Section508.gov on the pages for IT Accessibility Laws and Policies, and Executive Guide to Federal IT Accessibility.

Accessibility or Accessibility statement

Required on:
  • All agency websites, internal and external.
  • Secondary sites can link to the accessibility statement on the domain website.

Learn more about what content helps provide your users with accessible digital experiences in Requirements for delivering a digital-first public experience and the OMB Memorandum: Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act (PDF, 212 kb, 13 pages, January 2013).

Budget and Performance Reports

Agencies are required to have a page on their website that has the following information:

  • Strategic plan
  • Annual performance plan (APP) and Annual performance report (APR)
  • Annual financial statements
  • GAO high-risk improvement plans with status of implementation (if not included in APP and APR)
  • Inspector General audits and investigative reports, and a method to report evidences of waste, fraud, or abuse to the Inspector General

Budget and Performance

Required on:
  • The homepage of your agency’s principal website

Learn more about transparency around budgeting and performance reoports in Requirements for delivering a digital-first public experience and OMB Circular A-11, Part 6.

Part 6, Section 210 | PUBLIC REPORTING AND PERFORMANCE.GOV

210.6 How are agency-specific plans and reports made available to the public on the agency’s website?

To enhance transparency of performance data, all Federal agencies should make information, including prior plans and reports, as easy as possible to locate from the agency’s individual website (e.g., www.usda.gov). Federal Agencies must also provide a hyperlink on Performance.gov to the agency’s public website (e.g., https://www.usda.gov/our-agency/about-usda/performance) where the agency has published current and past performance plans and reports. In adherence to OMB Memorandum M-17-06, agencies must create a prominent link directly to their performance plans and reports from their “About Agency” or “About Us” page, which is directly off of the agency’s homepage.

Agencies may also want to create links from this page to other planning and performance reporting documents, such as the human capital operating plans, information resources management plans, Agency Financial Reports or Performance and Accountability Reports, Congressional Budget Justifications, and other acquisition or capital asset management plans where those other documents are publicly available and relevant to performance on strategic objectives. Agency performance planning and reporting documents available on the agency website should be consistent with Administration policies and not include predecisional information.

When developing performance information for publication, agencies should be open, transparent, and accountable for results of progress against stated performance goals and objectives, publishing information online consistent with the Federal Records Act, privacy and security restrictions, and other applicable law and policy including OMB Circular A-130, Managing Information as a Strategic Resource. It is important that agencies communicate relevant, reliable, and timely performance information within and outside their organizations to improve performance outcomes and operational efficiency.

Machine-readable. Consistent with the GPRA Modernization Act of 2010, information published through Performance.gov will be made available to the public in a machine-readable format. See section 240 for additional information on an initiative to make agency performance plans and reports ‘machine readable’ with the 2021 Budget and Performance Planning / Reporting cycle.

View the full legislation

Equal Employment

All federal public websites must comply with the existing No Fear Act Notification and Federal Employee Anti-Discrimination and Retaliation of 2002 (No Fear Act) Public Law No. 107-174). Organizations should review the relevant law to ensure that their public websites meet the full range of requirements.

No FEAR Act Data

Required on:
  • The homepage of your agency’s principal website
Required by:

Link Location, Link Name, Search Engines and URLs

Section 1614.703(d) of the interim rule requires an agency to title its posted EEO information Equal Employment Opportunity Data Posted Pursuant to the No Fear Act. This section further requires an agency to prominently place a hyperlink to the data on the homepage of its public Web site. There was some objection both to the location of the hyperlink and its name.

As for the location, agencies argue that their homepages already are well populated with hyperlinks which primarily are mission-specific. Adding another hyperlink, thereby producing crowding, may in fact be counter-productive. Moreover, many people visiting an agency Web site do so through hyperlinks from other non-agency Web sites or search engines that bypass an agency’s homepage. Some agencies allow internet users to compose a personal homepage, which again bypasses the agency’s standard homepage. For these and other reasons, the agencies that commented uniformly were of the opinion that a hyperlink on an agency’s homepage is not the best way to ensure the public’s assess to an agency’s posted EEO data. These agencies therefore suggested that each agency decide itself where to place its EEO data and hyperlinks to that data since each agency best knows where a target audience goes to look for certain information. A number of agencies offered suggestions where the hyperlink would be better placed, such as on the “About the Agency” or “Working for the Agency/Employment” pages.

The Commission is concerned that without a uniform hyperlink location members of the public seeking EEO data from more than one agency will have trouble finding the data. If one agency’s hyperlink is on the “About the Agency” page, another’s is on the “Employment Opportunities” page, another’s is on a page entitled “Civil Rights”, and another’s is on the homepage, locating the data for multiple agencies could well end up as an exercise in trial and error. Even assuming that the homepage is not the best or most intuitive location for the hyperlink, EEOC is convinced that it would not be in the public interest to allow each agency to decide where on its Web site it will place the hyperlink. Thus, if not the homepage, EEOC must dictate another uniform location. The problem is that there are no other locations common to all agency public Web sites. Agencies do not label their “About the Agency” and “Employment” pages identically. Not every agency has an Employment Opportunities page. Thus, there is no way to standardize through a rule an alternative location for the link. This leaves only the homepage as the one Web page all agencies possess in common, and therefore it is the homepage which shall house the link.

Regarding the title of the hyperlink, EEOC agrees that it is too wordy. EEOC, however, does not agree that the label “No FEAR” will be widely misunderstood by members of the public. On the contrary, the term “No FEAR Act” has attained familiarity among employees and those involved in EEO matters. Accordingly, the final rule provides that the hyperlink shall be called “No FEAR Act Data”. However, agencies will be required to title the page where its data appears as follows:

“Equal Employment Opportunity Data Posted Pursuant to Title III of the Notification and Federal Employee Antidiscrimination and Retaliation Act of 2002 (No FEAR Act), Pub. L. 107-174.”

In furtherance of making every agency’s No FEAR Act data easily accessible, it was suggested that agencies maintain their posted data so that it is readily retrievable by commercial search engines. EEOC agrees and has added a subsection setting forth this requirement.

Finally, some commenters suggested that each agency provide EEOC with the hyperlink to its No FEAR data and that EEOC post the agency hyperlinks in one location on EEOC’s public Web site. EEOC has decided to adopt this suggestion. Therefore, the final rule contains the requirement that an agency provide EEOC with the URL for the location of its No FEAR data and provide URL updates as necessary. Agencies can e-mail their URLs to EEOC at NoFEAR.URLS@eeoc.gov.

View the full legislation

Agencies must clearly identify external links from their websites. Agency websites must clearly state that the content of external links to non-federal agency websites is not endorsed by the federal government and is not subject to federal information quality, privacy, security, and related guidelines.

Any link that is not a federal .gov or .mil website is considered an external link.

Agencies should choose the best approach to identify external links to users in a way that minimizes the impact on the usability of their websites and digital services

Required on:
  • Your principal website
  • Any known sub-agency site
  • Any known major entry points to your sites

Learn more about what links provide your users with clear, trustworthy digital experiences in Requirements for delivering a digital-first public experience.

Freedom of Information Act (FOIA)

All federal public websites must comply with existing laws and directives that relate to the Freedom of Information Act (FOIA).

There are two requirements that all federal public websites must have:

  1. A page that includes certain content as required by the FOIA that includes information about how the public can request information under the Freedom of Information Act (FOIA). This page us usually located on the agency’s principal website.
  2. A link to this page needs to be on the agency’s principal website and on any known sub-agency or other major entry points.

Organizations should review the FOIA and implementation guidance to ensure that their public websites meet the full range of requirements.

FOIA or Freedom of Information Act

Required on:
  • Your principal website
  • Any known sub-agency site
  • Any known major entry points to your sites

Learn more about what content helps provide your users with necessary information in Requirements for delivering a digital-first public experience.

Government Customer Support

USA.gov is the official web portal for the U.S. government.

When you link to USA.gov, please do it in an appropriate context as a service to your customers when they need to find official U.S. government information and services.

We also encourage you to link to USAGov en Español, the official Spanish language web portal of the U.S. government.

Have a question about government services? Contact USA.gov

<a href="https://www.usa.gov/" title="Contact USA.gov">Contact USA.gov</a>
Required on:
  • Your principal website
  • Any known sub-agency site
  • Any known major entry points to your sites

Learn more about providing straightforward customer support in Requirements for delivering a digital-first public experience.

Privacy Policy

All federal public websites must comply with existing laws and directives that address the need to protect the privacy of the American people when they interact with their government. Some of the key requirements for federal public websites include:

  • Conducting privacy impact assessments;
  • Posting privacy policies on each website, including instructions on how to “opt-out” of any web tracking and measurement technologies the agency may use;
  • Posting a “Privacy Act Statement” that tells visitors the organization’s legal authority for collecting personal data and how the data will be used; and
  • Translating privacy policies into a standardized machine-readable format.

Privacy Policy

Required on:
  • Your principal website
  • Any known sub-agency site
  • Any known major entry points to your sites
  • Any web page that collects substantial information in identifiable form

Learn more about what content helps provide your users with clear, contextualized digital experiences in Requirements for delivering a digital-first public experience and in OMB M-03-22, Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (See Attachment A, Section III, Privacy Policies on Agency Websites)

III. Privacy Policies on Agency Websites

  1. Privacy Policy Clarification. To promote clarity to the public, agencies are required to refer to their general web site notices explaining agency information handling practices as the “Privacy Policy.”

  2. Effective Date. Agencies are expected to implement the following changes to their websites by December 15, 2003.

  3. Exclusions: For purposes of web privacy policies, this guidance does not apply to:

    1. information other than “government information” as defined in OMB Circular A-130;
    2. agency intranet web sites that are accessible only by authorized government users (employees, contractors, consultants, fellows, grantees);
    3. national security systems defined at 40 U.S.C. 11103 as exempt from the definition of information technology (see section 202(i) of the E-government Act).
  4. Content of Privacy Policies.

    1. Agency Privacy Policies must comply with guidance issued in OMB Memorandum 99-18 and must now also include the following two new content areas:

      1. Consent to collection and sharing 15. Agencies must now ensure that privacy policies:

        1. inform visitors whenever providing requested information is voluntary;
        2. inform visitors how to grant consent for use of voluntarily-provided information; and
        3. inform visitors how to grant consent to use mandatorily-provided information for other than statutorily-mandated uses or authorized routine uses under the Privacy Act.
      2. Rights under the Privacy Act or other privacy laws 16. Agencies must now also notify web-site visitors of their rights under the Privacy Act or other privacy-protecting laws that may primarily apply to specific agencies (such as the Health Insurance Portability and Accountability Act of 1996, the IRS Restructuring and Reform Act of 1998, or the Family Education Rights and Privacy Act):

        1. in the body of the web privacy policy;
        2. via link to the applicable agency regulation (e.g., Privacy Act regulation and pertinent system notice); or
        3. via link to other official summary of statutory rights (such as the summary of Privacy Act rights in the FOIA/Privacy Act Reference Materials posted by the Federal Consumer Information Center at www.Firstgov.gov).
    2. Agency Privacy Policies must continue to address the following, modified, requirements:

      1. Nature, purpose, use and sharing of information collected. Agencies should follow existing policies (issued in OMB Memorandum 99-18) concerning notice of the nature, purpose, use and sharing of information collected via the Internet, as modified below:

        1. Privacy Act information. When agencies collect information subject to the Privacy Act, agencies are directed to explain what portion of the information is maintained and retrieved by name or personal identifier in a Privacy Act system of records and provide a Privacy Act Statement either:

          1. at the point of collection, or
          2. via link to the agency’s general Privacy Policy 18.
        2. “Privacy Act Statements”. Privacy Act Statements must notify users of the authority for and purpose and use of the collection of information subject to the Privacy Act, whether providing the information is mandatory or voluntary, and the effects of not providing all or any part of the requested information.

        3. Automatically Collected Information (site management data). Agency Privacy Policies must specify what information the agency collects automatically (i.e., user’s IP address, location, and time of visit) and identify the use for which it is collected (i.e., site management or security purposes).

        4. Interaction with children: Agencies that provide content to children under 13 and that collect personally identifiable information from these visitors should incorporate the requirements of the Children’s Online Privacy Protection Act (“COPPA”) into their Privacy Policies (see Attachment C) 19.

        5. Tracking and customization activities. Agencies are directed to adhere to the following modifications to OMB Memorandum 00-13 and the OMB follow-up guidance letter dated September 5, 2000:

          1. Tracking technology prohibitions:

            1. agencies are prohibited from using persistent cookies or any other means (e.g., web beacons) to track visitors’ activity on the Internet except as provided in subsection (b) below;

            2. agency heads may approve, or may authorize the heads of sub-agencies or senior official(s) reporting directly to the agency head to approve, the use of persistent tracking technology for a compelling need. When used, agency’s must post clear notice in the agency’s privacy policy of:

              • the nature of the information collected;
              • the purpose and use for the information;
              • whether and to whom the information will be disclosed; and
              • the privacy safeguards applied to the information collected.
            3. agencies must report the use of persistent tracking technologies as authorized for use by subsection b. above (see section VII) 20.

          2. The following technologies are not prohibited:

            1. Technology that is used to facilitate a visitor’s activity within a single session (e.g., a “session cookie”) and does not persist over time is not subject to the prohibition on the use of tracking technology.

            2. Customization technology (to customize a website at the visitor’s request) if approved by the agency head or designee for use (see v.1.b above) and where the following is posted in the Agency’s Privacy Policy:

              • the purpose of the tracking (i.e., customization of the site);
              • that accepting the customizing feature is voluntary;
              • that declining the feature still permits the individual to use the site; and
              • the privacy safeguards in place for handling the information collected.
            3. Agency use of password access to information that does not involve “persistent cookies” or similar technology.

        6. Law enforcement and homeland security sharing: Consistent with current practice, Internet privacy policies may reflect that collected information may be shared and protected as necessary for authorized law enforcement, homeland security and national security activities.

      2. Security of the information 21. Agencies should continue to comply with existing requirements for computer security in administering their websites 22 and post the following information in their Privacy Policy:

        1. in clear language, information about management, operational and technical controls ensuring the security and confidentiality of personally identifiable records (e.g., access controls, data storage procedures, periodic testing of safeguards, etc.), and
        2. in general terms, information about any additional safeguards used to identify and prevent unauthorized attempts to access or cause harm to information and systems. (The statement should be at a level to inform the public that their information is being protected while not compromising security.)
  5. Placement of notices. Agencies should continue to follow the policy identified in OMB Memorandum 99-18 regarding the posting of privacy policies on their websites. Specifically, agencies must post (or link to) privacy policies at:

    1. their principal web site;
    2. any known, major entry points to their sites;
    3. any web page that collects substantial information in identifiable form.
  6. Clarity of notices. Consistent with OMB Memorandum 99-18, privacy policies must be:

    1. clearly labeled and easily accessed;
    2. written in plain language; and
    3. made clear and easy to understand, whether by integrating all information and statements into a single posting, by layering a short “highlights” notice linked to full explanation, or by other means the agency determines is effective.
View the full legislation

Report Fraud to the Inspector General

A method for reporting evidence of waste, fraud, or abuse to the Inspector General, and linking to Inspector General audits and investigative reports.

Office of the Inspector General

Required on:
  • Homepage of each executive department, agency, and commission
Required by:

Sec. 534. (NOTE: 5 USC app. 6 note.) The departments, agencies, and commissions funded under this Act, shall establish and maintain on the homepages of their Internet websites

  • (1) a direct link to the Internet websites of their Offices of Inspectors General; and
  • (2) a mechanism on the Offices of Inspectors General website by which individuals may anonymously report cases of waste, fraud, or abuse with respect to those Departments, agencies, and commissions.
View the full legislation

Security

Agencies must have a way for the public to report potential security vulnerabilities, and explain how the agency will respond to such reports.

  • Ensure your site’s Security Contact and Organization are current in the .gov registrar
  • Publish a vulnerability disclosure policy at [agency].gov/vulnerability-disclosure-policy

Vulnerability Disclosure Policy

Required on:
  • Your website policies page
Required by:
  • Department of Homeland Security (DHS) Binding Operational Directive 20-01
  • OMB M-20-32, Improving Vulnerability Identification, Management, and Remediation


These requirements apply to executive branch departments and agencies and their public websites. Check the specific law or policy to see if it also applies to the judicial or legislative agencies, or intranets.

The Federal Web Managers Council recommends that government agencies use consistent link labels for common content found on government websites. These recommendations are based on industry standard link labels and a usability study of common government terms usability study of common government terms (MS PowerPoint presentation, 144 KB, 49 slides, July 2004).