Is cars.com legit?
While Cars.com has a long history and strong underlying technical infrastructure, I recommend using caution due to several critical missing elements. The inability to access the site content via a standard HTTP 403 error, coupled with the absence of essential legal pages and clear contact information, raises serious concerns about transparency and consumer protection.
Automotive average: 73/100 · based on 29 sites
Checked: April 18, 2026 at 7:58 AM UTC · Refresh
Is cars.com a scam? Here's what we found.
The security posture appears robust with a valid SSL certificate from a reputable issuer, modern TLS, and a clean Google Web Risk report. Clickjacking protection is also in place, indicating a good effort to secure user interaction.
This domain boasts an impressive 28-year age registered through a reputable registrar, strongly suggesting a long-established and authentic entity. The only minor quibble is the missing favicon, which is unusual for such a long-standing brand.
With a high Tranco Rank and a decades-old domain, Cars.com has a significant web presence and history. It's clean on DNS blacklists, reinforcing its position as a long-standing, legitimate player in its industry.
The inability to access the site and the complete lack of contact details or social media presence are significant issues. For a well-known entity, this lack of accessibility and clear communication channels is concerning and hinders user trust.
The complete absence of a privacy policy and terms of service is a critical flaw. For any online business, especially one involved in high-value transactions like car sales, these are non-negotiable legal and ethical requirements.
The site benefits from a professional infrastructure, including reliable DNS servers, multiple robust mail servers with SPF and DMARC, and Cloudflare. The fast page load time further indicates a well-maintained technical foundation.
Signals Detected
This is a well-known, high-traffic website
No structured data markup found
This business has no Trustpilot presence — not unusual for smaller or newer companies
Domain created 1998-02-12T05:00:00Z (28 years, 7 months ago)
Registered through MarkMonitor Inc.
Expires in 298 days
DNSSEC status from WHOIS
crt.sh returned status 429
No favicon found — unusual for an established business
X-Frame-Options: SAMEORIGIN
Web server: cloudflare
No threats detected by Google Web Risk
Website returned status 403
No obvious contact information found on homepage
No privacy policy or terms of service found
No social media links found on homepage
No sitemap found — common for smaller sites
No robots.txt file — common for small sites
Not found on any DNS blacklists
Valid certificate, expires in 199 days
Certificate issued by GlobalSign nv-sa
Connection uses TLS 1.2
Resolves to: 3.93.126.98, 54.80.177.85
Mail servers: aspmx.l.google.com., alt1.aspmx.l.google.com., alt2.aspmx.l.google.com., alt4.aspmx.l.google.com., alt3.aspmx.l.google.com.
Domain has SPF email authentication configured
Domain has DMARC email authentication configured
DNS providers: ns-1142.awsdns-14.org., ns-1879.awsdns-42.co.uk., ns-285.awsdns-35.com., ns-1005.awsdns-61.net.
Could not query Wayback Machine
Fast page load
Embed This Badge
Stay Safe Online
Good habits to protect yourself, no matter the scan result.
Never reuse passwords across sites.
Add a second layer of security to your accounts.
Always verify unfamiliar stores before entering payment info.