Is carvana.com legit?

45
/ 100
Use Caution
Industry: Automotive

You should use extreme caution when considering carvana.com. The complete lack of legal pages, contact information, and the website's inaccessible status are significant red flags for any reputable online business. While some technical aspects are strong, these fundamental issues make trusting the site very difficult.

Automotive average: 73/100 · based on 29 sites

Checked: April 18, 2026 at 7:58 AM UTC · Refresh

Is carvana.com a scam? Here's what we found.

Security 85/100

The site uses a modern TLS 1.3 protocol and has a valid SSL certificate, issued by Let's Encrypt, ensuring encrypted communication. No threats were detected by Google Web Risk, which is a strong positive indicator.

Identity 90/100

With a domain age of over 22 years, this website has a long-established online presence. It's registered through a reputable corporate registrar, CSC Corporate Domains, Inc., suggesting professional domain management.

Reputation 75/100

The website holds a good Tranco rank, indicating high traffic and visibility. It's also clean on all DNS blacklists, which is a positive sign for its reputation regarding spam or malicious activity.

Transparency 30/100

This is a major weak point. The absence of clear contact information and social media links on the homepage makes it very difficult to engage with the company or address any concerns, which is critical for an e-commerce site.

Compliance 10/100

The complete lack of legal pages, specifically a privacy policy and terms of service, is a critical compliance failure for any business operating online, especially one involved in high-value transactions like vehicle sales. This raises serious concerns about data handling and customer rights.

Infrastructure 40/100

While DNS and email authentication records (SPF, DMARC) are well-configured, the critical issue of the website returning an HTTP 403 error means the site is currently inaccessible in some capacity, which severely impacts its functional trust.

Signals Detected

[+]
Tranco Rank: Rank #6712

This is a well-known, high-traffic website

[?]
Structured Data: None found

No structured data markup found

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[~]
Branding: Missing

No favicon found — unusual for an established business

[+]
SSL Certificate: Valid

Valid certificate, expires in 53 days

[?]
Certificate Issuer: Let's Encrypt

Certificate issued by Let's Encrypt

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[+]
Domain Age: 22 years, 9 months

Domain created 2003-10-18T08:05:21Z (22 years, 9 months ago)

[?]
Registrar: CSC Corporate Domains, Inc.

Registered through CSC Corporate Domains, Inc.

[+]
Domain Expiry: 2026-10-18T08:05:21Z

Expires in 183 days

[+]
DNSSEC: unsigned

DNSSEC status from WHOIS

[?]
Certificate Transparency: Unable to check

crt.sh returned status 429

[+]
Clickjacking Protection: Present

X-Frame-Options: SAMEORIGIN

[?]
Server: cloudflare

Web server: cloudflare

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[?]
Sitemap: Not found

No sitemap found — common for smaller sites

[?]
robots.txt: Not found

No robots.txt file — common for small sites

[+]
DNS Resolution: 4 IP(s)

Resolves to: 2a06:98c1:310a::ac40:9157, 2606:4700:4403::6812:2aa9, 104.18.42.169, 172.64.145.87

[+]
Email (MX Records): 5 record(s)

Mail servers: aspmx.l.google.com., alt2.aspmx.l.google.com., alt1.aspmx.l.google.com., alt3.aspmx.l.google.com., alt4.aspmx.l.google.com.

[+]
SPF Record: Present

Domain has SPF email authentication configured

[+]
DMARC Record: Present

Domain has DMARC email authentication configured

[+]
Name Servers: 2 server(s)

DNS providers: meg.ns.cloudflare.com., jake.ns.cloudflare.com.

[~]
Website Status: HTTP 403

Website returned status 403

[~]
Contact Info: Not found

No obvious contact information found on homepage

[-]
Legal Pages: Missing

No privacy policy or terms of service found

[~]
Social Media Presence: None found

No social media links found on homepage

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[+]
Page Load Time: 59ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for carvana.com
<a href="https://verified.fyi/review/carvana.com"><img src="https://verified.fyi/badge/carvana.com?size=medium&style=full&theme=dark" alt="carvana.com trust score — verified.fyi" /></a>
[![carvana.com trust score](https://verified.fyi/badge/carvana.com?size=medium&style=full&theme=dark)](https://verified.fyi/review/carvana.com)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

When considering a large purchase like a car online, trust is paramount. For an automotive marketplace like Carvana, typically, you'd expect a seamless experience, transparent policies, and clear communication channels. Legitimate businesses in this sector invest heavily in their online presence and customer safeguards. However, our analysis of carvana.com reveals significant areas of concern. For an established and high-traffic site, the complete absence of a privacy policy and terms of service is alarming. These documents are not just legal niceties; they are fundamental to informing consumers about their rights, data handling practices, and the terms of their vehicle purchase. Without them, buyers are essentially operating in the dark. Furthermore, the lack of readily available contact information and social media links on the homepage makes it challenging for customers to seek support or clarify issues. This is a crucial oversight for an automotive retailer where customer service and post-sale support are key. Adding to these concerns is the observed HTTP 403 status, which indicates the site is inaccessible or blocked, a major operational problem for an online business. While the domain has a long history and strong security protocols like TLS 1.3, these foundational issues severely undermine its trustworthiness for potential car buyers.