Federal websites not using a .gov domain — or lacking documented agency approval for an alternative — are indistinguishable from phishing sites to the public. Citizens rely on .gov to verify legitimacy before submitting personal data or completing government transactions. The 21st Century IDEA Act (Sec. 3) and OMB M-23-22 both require .gov domains for federal public-facing sites. Missing or incomplete agency branding in header and footer compounds the risk: users cannot confirm the site belongs to the agency they intend to contact, undermining the trust that government services depend on.
Critical because a missing .gov domain or absent branding eliminates the primary trust signal citizens use to distinguish authentic government sites from impersonators, enabling phishing and eroding public confidence in legitimate services.
Register a .gov domain through the Cybersecurity and Infrastructure Security Agency (CISA) at get.gov, then update your deployment config. If a non-.gov domain is unavoidable, obtain and document written agency approval. Add agency name and logo to both the header and footer in app/layout.tsx:
// app/layout.tsx
export default function RootLayout({ children }: { children: React.ReactNode }) {
return (
<html lang="en">
<body>
<header>
<img src="/agency-seal.png" alt="Department of Example" width={64} height={64} />
<span>Department of Example</span>
</header>
<main>{children}</main>
<footer>
<p>An official website of the Department of Example</p>
<img src="/agency-seal.png" alt="Department of Example" width={48} height={48} />
</footer>
</body>
</html>
)
}
ID: gov-web-standards.required-content.domain-and-branding
Severity: critical
What to look for: Check the project's domain configuration (environment variables, deployment config, or documentation). Look for .gov TLD in domain, or if non-.gov, verify documented agency approval. Enumerate all layout files (e.g., app/layout.tsx, app/(marketing)/layout.tsx) and for each one, count every occurrence of agency name or logo in header and footer regions. Quote the exact domain string found in deployment config or environment references.
Pass criteria: Site uses a .gov domain (strong), OR uses an agency-approved non-.gov domain with documented approval. Both header and footer (at least 2 locations) display the agency name and/or logo clearly. Report the count of branding elements found even on pass (e.g., "Found agency name in header and footer across 3 layout files").
Fail criteria: Site uses a non-.gov domain with no documented agency approval, OR header and footer lack agency branding (name or logo). A single mention in only one location (header OR footer, but not both) does not count as pass.
Skip (N/A) when: Not a federal government agency website (check with user before skipping).
Detail on fail: "Non-.gov domain (example.com) with no documented agency approval" or "Footer displays agency name but header lacks agency logo; branding is incomplete"
Cross-reference: For deeper accessibility and usability evaluation of branding elements, the Accessibility Basics audit covers heading hierarchy and landmark regions.
Remediation: For government websites, use a .gov domain to establish trust and comply with federal standards. If a .gov domain is unavailable, document agency approval. Add the agency name and logo to both header and footer of your root layout:
// app/layout.tsx
export default function RootLayout({ children }) {
return (
<html>
<header>
<img src="/agency-logo.png" alt="Agency Name" />
</header>
<main>{children}</main>
<footer>
<p>© {new Date().getFullYear()} Agency Name</p>
</footer>
</html>
)
}