Is chatgpt.com legit?
You should use caution when interacting with chatgpt.com. While it's a globally recognized domain with strong technical security, critical missing elements like legal pages, contact information, and a very poor Trustpilot score raise significant concerns about user rights and support.
SaaS average: 81/100 · based on 62 sites
Checked: April 12, 2026 at 8:57 PM UTC · Refresh
Is chatgpt.com a scam? Here's what we found.
This site boasts excellent technical security with modern encryption (TLS 1.3), a valid SSL certificate from a reputable issuer, and protection against common web vulnerabilities like clickjacking. Google Web Risk also finds no threats.
The domain is well-established for its type (over 3 years old), registered through a common corporate registrar, and has clear WHOIS information, indicating a transparent ownership structure. The long expiry date further solidifies its legitimate intent.
While the site is globally recognized and clean on DNS blacklists, its extremely low Trustpilot score suggests widespread user dissatisfaction or negative experiences that cannot be ignored. The lack of a favicon is also unusual for such a prominent site.
Transparency is a significant concern here. The complete absence of basic contact information, social media links, and even a favicon is highly unusual for a site of this stature, making it difficult for users to engage or seek assistance.
The explicit lack of essential legal documents like a privacy policy and terms of service is a major failing, especially for a platform that handles user data and interactions, leaving users unaware of their rights or how their data is handled.
The underlying infrastructure is robust with a fast page load, proper DNS setup, and email authentication. However, the site returning a 403 error for basic access and missing MX records for email handling are notable functional weaknesses.
Signals Detected
This is one of the most visited websites globally
No structured data markup found
No favicon found — unusual for an established business
Blocks crawlers by default but allows 130 specific paths (163 directives, references a sitemap)
Valid certificate, expires in 69 days
Certificate issued by Google Trust Services
Connection uses TLS 1.3
Domain created 2022-11-30T23:59:19Z (3 years, 4 months ago)
Registered through MarkMonitor Inc.
Expires in 232 days
DNSSEC status from WHOIS
crt.sh returned status 429
Site enforces HTTPS via HSTS
X-Frame-Options: SAMEORIGIN
Web server: cloudflare
No threats detected by Google Web Risk
Site maintains a proper sitemap with 134 indexed pages
Resolves to: 2a06:98c1:3100::6812:202f, 2a06:98c1:310b::ac40:9bd1, 104.18.32.47, 172.64.155.209
No MX records found — domain may not handle email
Domain has SPF email authentication configured
Domain has DMARC email authentication configured
DNS providers: hassan.ns.cloudflare.com., savanna.ns.cloudflare.com.
Website returned status 403
No obvious contact information found on homepage
No privacy policy or terms of service found
No social media links found on homepage
Not found on any DNS blacklists
Trustpilot rating: 1.6/5 based on 2782 reviews
Could not query Wayback Machine
Fast page load
Embed This Badge
Stay Safe Online
Good habits to protect yourself, no matter the scan result.
Never reuse passwords across sites.
Add a second layer of security to your accounts.
Always verify unfamiliar stores before entering payment info.