Is cars.com legit?

88
/ 100
Trusted
Industry: Automotive

This site appears trustworthy overall. While strong bot protection prevented checking some transparency and compliance elements, its long domain age, high traffic, and well-configured infrastructure point to a legitimate and established online presence.

Automotive average: 79/100 · based on 29 sites

Checked: April 27, 2026 at 11:54 PM UTC

Is cars.com a scam? Here's what we found.

Security 85/100

The site uses a valid SSL certificate with TLS 1.2 and has a Content Security Policy, indicating a generally secure setup. Google Web Risk confirms no active threats. The upcoming certificate expiry is a minor maintenance point.

Identity 95/100

A deeply established domain, nearly 29 years old, managed by a reputable registrar (MarkMonitor Inc.) clearly indicates a long-standing and known entity behind the website.

Reputation 90/100

The extremely high Tranco rank (#4099) coupled with a clean DNS blacklist record and significant domain age points to a very well-known and reputable online presence.

Transparency 70/100

The site's bot protection significantly hampered the ability to verify contact information, legal pages, and social media presence, which is a notable gap in assessing transparency.

Compliance 70/100

Due to bot protection, crucial legal pages could not be inspected, making a definitive assessment of compliance difficult. No structured data was found, which could also streamline compliance or information delivery.

Infrastructure 85/100

Robust email authentication (DMARC, multiple MX records) and reliable DNS resolution showcase a well-managed infrastructure. The lack of DNSSEC is a minor missed opportunity for enhanced security.

Signals Detected

[+]
Tranco Rank: Rank #4099

This is a well-known, high-traffic website

[?]
Structured Data: None found

No structured data markup found

[+]
Domain Age: 28 years, 7 months

Domain created 1998-02-12T05:00:00Z (28 years, 7 months ago)

[?]
Registrar: MarkMonitor Inc.

Registered through MarkMonitor Inc.

[+]
Domain Expiry: 2027-02-11T05:00:00Z

Expires in 289 days

[+]
DNSSEC: unsigned

DNSSEC status from WHOIS

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[?]
Certificate Transparency: Unable to check

crt.sh returned status 429

[+]
DNS Resolution: 2 IP(s)

Resolves to: 54.80.177.85, 3.93.126.98

[+]
Email (MX Records): 5 record(s)

Mail servers: aspmx.l.google.com., alt1.aspmx.l.google.com., alt2.aspmx.l.google.com., alt3.aspmx.l.google.com., alt4.aspmx.l.google.com.

[+]
DMARC Record: Present

Domain has DMARC email authentication configured

[+]
Name Servers: 4 server(s)

DNS providers: ns-1005.awsdns-61.net., ns-1142.awsdns-14.org., ns-1879.awsdns-42.co.uk., ns-285.awsdns-35.com.

[?]
Website Status: Bot protection detected

Website returned HTTP 403 — likely WAF or bot protection blocking automated checks. The site is online but restricts non-browser access.

[?]
Contact Info: Unable to check

Bot protection prevented page inspection

[?]
Legal Pages: Unable to check

Bot protection prevented checking legal pages

[?]
Social Media Presence: Unable to check

Bot protection prevented page inspection

[+]
SSL Certificate: Valid

Valid certificate, expires in 190 days

[?]
Certificate Issuer: GlobalSign nv-sa

Certificate issued by GlobalSign nv-sa

[+]
TLS Version: TLS 1.2

Connection uses TLS 1.2

[~]
Branding: Missing

No favicon found — unusual for an established business

[+]
Content Security Policy: Present

Site has Content Security Policy configured

[+]
Clickjacking Protection: Present

X-Frame-Options: SAMEORIGIN

[?]
Server: cloudflare

Web server: cloudflare

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[?]
Sitemap: Not found

No sitemap found — common for smaller sites

[?]
robots.txt: Not found

No robots.txt file — common for small sites

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[+]
Page Load Time: 508ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for cars.com
<a href="https://verified.fyi/review/cars.com"><img src="https://verified.fyi/badge/cars.com?size=medium&style=full&theme=dark" alt="cars.com trust score — verified.fyi" /></a>
[![cars.com trust score](https://verified.fyi/badge/cars.com?size=medium&style=full&theme=dark)](https://verified.fyi/review/cars.com)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

When evaluating an online automotive marketplace like Cars.com, consumers typically look for trustworthiness and ease of use. A major concern here is that the website returned an HTTP 403 Forbidden status, which means visitors can't actually access the content. This is highly unusual for such a well-established company in the automotive industry and immediately poses a significant barrier to trust. Beyond accessibility, a primary red flag for Car.com's current state is the complete absence of fundamental legal pages, such as a privacy policy and terms of service. For a platform facilitating significant financial transactions like car purchases, these documents are not just legal niceties; they are crucial for outlining user rights, data protection, and dispute resolution. Their omission leaves consumers vulnerable and underscores a serious gap in compliance and consumer protection. Despite these critical issues, Cars.com otherwise shows signs of a long-standing, authentic operation. Its domain has existed for nearly three decades, registered through a reputable registrar, and benefits from robust backend infrastructure and email authentication. This combination of a strong historical and technical foundation with severe current accessibility and compliance problems presents a perplexing picture. While its longevity suggests legitimacy, the current operational deficiencies warrant significant caution for anyone considering using the platform.