Link to your terms of service in the footer
Websites offering services to users should publish Terms of Service and link to them from every page — this establishes the legal agreement governing use of the service.
- Link to Terms of Service from the site footer on every page
- Terms of Service (ToS) are not legally required in most jurisdictions, but they are best practice for any service with user accounts
- Courts have found ToS unenforceable when they were not clearly presented or linked before the user took action
- For enforceable acceptance, require users to check a checkbox 'I agree to the Terms of Service' during signup
- Keep terms up to date — outdated terms that contradict current practices can create legal liability
Rule Details
Terms of Service (ToS), also called Terms and Conditions or Terms of Use, define the legal relationship between your service and its users. They sit alongside disclosures users reasonably need before acting, which is why both the FTC disclosure guidance (opens in new tab) and GDPR Article 13 (opens in new tab) push teams toward visible, accessible legal information rather than burying it.
Code Example
<footer>
<nav aria-label="Legal">
<ul>
<li><a href="/terms">Terms of Service</a></li>
<li><a href="/privacy">Privacy Policy</a></li>
<li><a href="/cookies">Cookie Policy</a></li>
</ul>
</nav>
<p>© 2025 Example Corp. All rights reserved.</p>
</footer>Why It Matters
Terms of Service protect your business by limiting liability, establishing jurisdiction, setting rules for user conduct, and specifying your rights to user-generated content — but only if users could reasonably discover and read them.
When You Need Terms of Service
| Scenario | ToS Recommended |
|---|---|
| Informational website only (no accounts, no purchases) | Optional |
| Website with user accounts | Yes |
| E-commerce / payments | Yes — required by most payment processors |
| Software as a Service (SaaS) | Yes |
| Platform with user-generated content | Yes — specifies content ownership and moderation rights |
| Mobile app | Yes — required by Apple App Store and Google Play |
Enforceable Acceptance: Clickwrap vs Browsewrap
Browsewrap (Weak — Link Only)
Simply linking to terms without requiring acknowledgment. Courts have found these difficult to enforce because users may not have seen them:
<!-- Browsewrap — weak legal enforceability -->
<footer>
<a href="/terms">Terms of Service</a>
</footer>Clickwrap (Stronger — Explicit Acceptance)
Requiring a checkbox during signup makes it harder to claim the user was unaware of the terms:
<!-- Clickwrap during registration — stronger enforceability -->
<form method="POST" action="/register">
<input type="text" name="email" placeholder="Email" required>
<input type="password" name="password" placeholder="Password" required>
<label>
<input type="checkbox" name="terms_accepted" required>
I agree to the
<a href="/terms" target="_blank" rel="noopener noreferrer">Terms of Service</a>
and
<a href="/privacy" target="_blank" rel="noopener noreferrer">Privacy Policy</a>
</label>
<button type="submit">Create account</button>
</form>// Server: record acceptance
const termsAccepted = formData.get('terms_accepted')
if (!termsAccepted) {
return Response.json({ error: 'You must accept the terms' }, { status: 400 })
}
// Store acceptance with timestamp and version
await db.user.create({
data: {
email,
passwordHash,
termsAcceptedAt: new Date(),
termsVersion: '2025-01-15', // Current version date
}
})Terms URL Conventions
Use a stable, predictable URL:
https://example.com/terms
https://example.com/terms-of-service
https://example.com/legal/termsStore the current version date in the document and in your database so you can notify users when terms change and re-obtain consent if required.
Key Clauses in Terms of Service
| Clause | Purpose |
|---|---|
| Acceptance of terms | How users agree to be bound |
| User conduct | What users can/cannot do |
| Intellectual property | Who owns content and IP |
| Limitation of liability | Cap on your legal exposure |
| Dispute resolution | Arbitration, jurisdiction, governing law |
| Termination | Conditions for account suspension |
| Changes to terms | How and when you can update them |
| Contact information | How users can reach you |
Terms of Service that describe features, data practices, or pricing that no longer apply can create legal liability. Review your terms annually and whenever your data practices or service changes significantly.
Exceptions
- Scanner output, leaked-secret detections, or stack traces should be confirmed as production-relevant before being escalated as blockers.
- Archived dependencies, sample values, or test fixtures can create false positives, but they should still be documented and bounded clearly.
- If multiple findings overlap, prioritize the issue that most directly enables compromise or data exposure.
Verification
Automated Checks
- Test the affected flow in a production-like environment, not just local development.
- Document any intentional exceptions explicitly.
Manual Checks
- Inspect the final HTTP response or browser behavior to confirm the control is actually enforced.
- Verify third-party integrations or embeds still work after the restriction is applied.
Use with AI
Copy these prompts to use with your AI assistant, or install the MCP server to use directly from Claude, Cursor, or Windsurf.
Check
Verify implementation
Check whether the website footer contains a link to a Terms of Service page. Verify the link is present on all pages including interior pages. Check that during user registration there is a checkbox or explicit acceptance step for the terms.
Fix
Auto-fix issues
Add a 'Terms of Service' link to the site footer on every page. For services with user accounts, add an explicit acceptance checkbox during registration that links to the terms. Ensure the terms page has a stable URL.
Explain
Learn more
Explain what Terms of Service are for, why they need to be discoverable before a user takes action, and the difference between browsewrap (just a link) and clickwrap (explicit acceptance) agreements.
Review
Code review
Review server config, headers, forms, and integration points related to Link to your terms of service in the footer. Flag exact responses, cookies, or browser behaviors that violate the rule, and verify them against the effective production-like response.