Compliance Isn't a Plugin. It's the Foundation.
Vigil verifies WCAG 2.2 AA accessibility, state-specific privacy law coverage, security hardening, and cookie consent on every edit and every deploy. No bolt-ons. No monthly fees. No broken updates.
AccessiBe charges $490/yr. OneTrust starts at $1,000/yr. We include Vigil in every plan — by default.
Meet Vigil
Your compliance engine — the building inspector who genuinely wants every site to pass.
Compliance Is a Minefield
ADA lawsuits against websites have increased 300% since 2018. California's CCPA, New Jersey's NJDPA, Virginia's VCDPA, and a dozen more state privacy laws are now active. Google's Consent Mode v2 became mandatory in March 2024. And most web agencies are still shipping sites with broken contrast ratios, missing alt text, and cookie tracking that fires before consent.
What Most Businesses Are Dealing With:
An accessibility overlay that costs $490/year and gets sued anyway because overlays don't fix the source code
A cookie banner plugin that tracks visitors before they click "Accept" — violating GDPR and the CCPA in one invisible script
No security headers at all — meaning any script injection or clickjacking attack goes unblocked
A privacy policy copy-pasted from a template that doesn't reference your state's actual privacy law
Vigil's Promise: Every Forged Site ships with real compliance — not an overlay, not a plugin, not a band-aid. The actual source code is accessible, the actual privacy policy references your state's law, the actual security headers are present, and the actual cookie consent blocks tracking until the user says yes. Verified by AI on every change.
18 Automated Checks. Every Deploy.
Vigil runs a comprehensive compliance audit before any change reaches your live site. Nothing ships broken.
Accessibility (WCAG 2.2 AA)
Every element tested against 80+ accessibility rules
Every text element meets 4.5:1 minimum ratio
Tab order, focus rings, skip-nav, no focus traps
Minimum 24x24px desktop, 44x44px mobile
Logical structure, no skipped levels
Every input labeled, every image described meaningfully
Animations respect user preferences
Sticky headers don't hide focused elements
Privacy & Consent
Zero analytics or ad scripts fire before user consent
Google Analytics defaults to denied, grants only on user action
CCPA, NJDPA, VCDPA, CPA, CTDPA, TDPSA — your state's law, specifically
Footer link present, honoring Global Privacy Control signal
Security & Performance
HSTS, CSP, X-Frame, X-Content-Type, Referrer, Permissions
Zero mixed content, strict transport security with preload
Tiered thresholds per page type, mobile and desktop
LocalBusiness JSON-LD for rich search results
Them vs. Us
What $490/year buys you elsewhere versus what's included by default.
| Capability | Overlay Plugins | Vigil (Included) |
|---|---|---|
| Accessibility | JavaScript overlay on top of broken source | Source code is accessible from build |
| Privacy Policy | Generic template, one-size-fits-all | State-specific, references your actual law |
| Cookie Consent | Banner appears, tracking fires anyway | Zero scripts before consent, verified by AI |
| Security Headers | Not included | 6 headers, HSTS preload, CSP enforced |
| Ongoing Verification | Annual manual audit ($2,000+) | 18 checks on every deploy, automated |
| ADA Lawsuit Risk | Overlays named in 30%+ of ADA lawsuits | Source-level compliance, no overlay liability |
| Cost | $490 – $1,500+/year per site | $0 additional — included in your plan |
How Vigil Works
Built into the build process, not bolted on after.
Build
Every Forged Site ships with accessible source code, state-specific legal pages, security headers, and consent infrastructure from day one. Compliance is in the foundation, not the trim.
Verify
On every edit and every deploy, Vigil runs 18 automated checks across accessibility, privacy, security, and performance. Two independent AI substrates review independently. Nothing ships until both pass.
Prove
Every Forged Site has a live /compliance-report page showing current scores, last verification date, and check-by-check results. Your proof URL — public, auditable, always current.