Is canva.com legit?

68
/ 100
Mostly Safe
Industry: SaaS

Canva.com appears mostly safe due to its strong technical foundation and widespread recognition. However, significant red flags around missing crucial legal pages and contact information mean users should proceed with caution.

SaaS average: 81/100 · based on 62 sites

Checked: April 12, 2026 at 10:18 PM UTC · Refresh

Is canva.com a scam? Here's what we found.

Security 75/100

While technical security is strong with TLS 1.3, HSTS, and clean Google Web Risk results, the HTTP 403 status is concerning for user access and functionality, preventing a higher score.

Identity 90/100

This domain boasts impressive longevity at 24 years, with a clear registration through a known registrar, indicating a well-established and long-standing presence.

Reputation 80/100

With a high Tranco rank (one of the most visited sites globally) and clean DNS blacklists, Canva has a very strong reputation, despite a middling Trustpilot score that doesn't fully capture its market standing.

Transparency 40/100

Transparency is a significant weak point, with no obvious contact information or social media links on the homepage, making it difficult for users to connect or resolve issues directly.

Compliance 25/100

The complete absence of a privacy policy and terms of service is a critical compliance failure, which is especially problematic for a service handling user-generated content and personal data.

Infrastructure 90/100

The underlying infrastructure is robust, featuring modern DNSSEC, SPF, and DMARC records, alongside multiple IP addresses and efficient page load times, signaling a well-managed technical backend.

Signals Detected

[+]
Tranco Rank: Rank #226

This is one of the most visited websites globally

[?]
Structured Data: None found

No structured data markup found

[+]
SSL Certificate: Valid

Valid certificate, expires in 249 days

[?]
Certificate Issuer: Amazon

Certificate issued by Amazon

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[+]
Domain Age: 24 years, 3 months

Domain created 2001-05-05T00:03:52Z (24 years, 3 months ago)

[?]
Registrar: Gandi SAS

Registered through Gandi SAS

[+]
Domain Expiry: 2030-05-05T00:03:52Z

Expires in 1483 days

[+]
DNSSEC: signedDelegation

DNSSEC status from WHOIS

[+]
HSTS Header: Present

Site enforces HTTPS via HSTS

[+]
Clickjacking Protection: Present

X-Frame-Options: SAMEORIGIN

[?]
Server: cloudflare

Web server: cloudflare

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[?]
Branding: Basic

Site has a favicon but no social sharing metadata

[?]
Sitemap: Not found

No sitemap found — common for smaller sites

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[~]
Website Status: HTTP 403

Website returned status 403

[~]
Contact Info: Not found

No obvious contact information found on homepage

[-]
Legal Pages: Missing

No privacy policy or terms of service found

[~]
Social Media Presence: None found

No social media links found on homepage

[+]
robots.txt: Present

robots.txt has 225 directives and references a sitemap

[?]
Trustpilot: 3.7/5 (4270 reviews)

Trustpilot rating: 3.7/5 based on 4270 reviews

[+]
DNS Resolution: 12 IP(s)

Resolves to: 2600:9000:2130:1e00:b:add6:7500:93a1, 2600:9000:2130:1800:b:add6:7500:93a1, 2600:9000:2130:6200:b:add6:7500:93a1, 2600:9000:2130:9c00:b:add6:7500:93a1, 2600:9000:2130:8e00:b:add6:7500:93a1, 2600:9000:2130:400:b:add6:7500:93a1, 2600:9000:2130:a400:b:add6:7500:93a1, 2600:9000:2130:b000:b:add6:7500:93a1, 18.245.46.84, 18.245.46.29, 18.245.46.39, 18.245.46.76

[+]
Email (MX Records): 5 record(s)

Mail servers: aspmx.l.google.com., alt1.aspmx.l.google.com., alt2.aspmx.l.google.com., alt3.aspmx.l.google.com., alt4.aspmx.l.google.com.

[+]
SPF Record: Present

Domain has SPF email authentication configured

[+]
DMARC Record: Present

Domain has DMARC email authentication configured

[+]
Name Servers: 4 server(s)

DNS providers: ns-1421.awsdns-49.org., ns-1851.awsdns-39.co.uk., ns-253.awsdns-31.com., ns-730.awsdns-27.net.

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[?]
Certificate Transparency: Unable to check

crt.sh returned status 503

[+]
Page Load Time: 87ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for canva.com
<a href="https://verified.fyi/review/canva.com"><img src="https://verified.fyi/badge/canva.com?size=medium&style=full&theme=dark" alt="canva.com trust score — verified.fyi" /></a>
[![canva.com trust score](https://verified.fyi/badge/canva.com?size=medium&style=full&theme=dark)](https://verified.fyi/review/canva.com)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

As a platform for graphic design, Canva.com is a Software as a Service (SaaS) provider, and like any online tool, users need to know if they can trust it. When evaluating a service like Canva, it's crucial to look beyond just its popularity and into its operational transparency and user protection. For a SaaS company, having easily accessible legal pages like a Privacy Policy and Terms of Service is not just good practice, it's often a legal requirement. These documents outline how your data is handled and what your rights are as a user. Their absence on the main site for a service handling user content is a significant red flag that users should be aware of, even for a globally recognized brand. Most legitimate SaaS providers prominently display this information to build user confidence and meet regulatory mandates. While Canva's technical infrastructure is solid, including strong domain age and security protocols, the lack of clear contact information and social media presence on the homepage makes direct communication challenging. For any creative platform, accessibility and support are key. Users considering Canva should try to locate these crucial pieces of information before committing, as clear communication channels are a hallmark of a trustworthy service that values its users.