Is congress.gov legit?
While congress.gov benefits from a long-standing domain and robust infrastructure, several basic elements of transparency and legal compliance are surprisingly absent. Key information like contact details and essential legal pages are missing, which is highly unusual for a site of this importance, indicating that while it's likely legitimate, there are areas for improvement in its user-facing presentation.
Government average: 80/100 · based on 33 sites
Checked: April 18, 2026 at 8:00 AM UTC · Refresh
Is congress.gov a scam? Here's what we found.
The security setup is strong, featuring a valid SSL certificate with modern TLS 1.3 encryption and a clean Google Web Risk scan. This indicates diligent efforts to protect user connections and data from common threats.
This domain boasts nearly three decades of existence, clearly establishing its long-term presence. Although it lacks a favicon and the domain renewal date is a bit close, its registration through 'get.gov' reinforces its official status.
Its very high Tranco rank confirms widespread recognition and trust. However, the site's current HTTP 403 status is a significant operational issue that detracts from an otherwise excellent reputation.
A major legislative resource should make it effortless for citizens to get in touch. The absence of easily discoverable contact information and social media links on the homepage is a notable oversight.
The complete absence of a privacy policy and terms of service is a significant compliance gap. For a government website handling public information, this is a serious concern that must be addressed.
The underlying infrastructure is robust, with multiple IP addresses, properly configured email authentication (SPF, DMARC), and DNSSEC. This indicates a well-managed and resilient technical foundation.
Signals Detected
This is a well-known, high-traffic website
No structured data markup found
This business has no Trustpilot presence — not unusual for smaller or newer companies
No favicon found — unusual for an established business
Valid certificate, expires in 63 days
Certificate issued by Google Trust Services
Connection uses TLS 1.3
crt.sh returned status 429
X-Frame-Options: SAMEORIGIN
Web server: cloudflare
No threats detected by Google Web Risk
No sitemap found — common for smaller sites
Resolves to: 2a06:98c1:310a::6812:2b32, 2a06:98c1:310d::ac40:90ce, 172.64.144.206, 104.18.43.50
Mail servers: mx22.loc.gov., mx41.loc.gov., mx23.loc.gov., mx42.loc.gov.
Domain has SPF email authentication configured
Domain has DMARC email authentication configured
DNS providers: alice.ns.cloudflare.com., kevin.ns.cloudflare.com.
Website returned status 403
No obvious contact information found on homepage
No privacy policy or terms of service found
No social media links found on homepage
robots.txt has 143 directives and references a sitemap
Not found on any DNS blacklists
Domain created 1997-10-02T01:29:22Z (28 years, 11 months ago)
Registered through get.gov
Expires in 80 days
DNSSEC status from WHOIS
Could not query Wayback Machine
Fast page load
Embed This Badge
Stay Safe Online
Good habits to protect yourself, no matter the scan result.
Never reuse passwords across sites.
Add a second layer of security to your accounts.
Always verify unfamiliar stores before entering payment info.