Is envato.com legit?

82
/ 100
Trusted
Industry: Stock Media

This website is largely trusted, with strong technical infrastructure and a long-standing online presence. However, it should improve its legal disclosures and consider reducing external scripts for enhanced security.

Stock Media average: 77/100 · based on 31 sites

Checked: April 27, 2026 at 6:37 AM UTC

Is envato.com a scam? Here's what we found.

Security 85/100

The site benefits from modern TLS version 1.3, valid SSL, and is clean according to Google Web Risk, indicating good baseline security. However, the high number of external scripts introduces a potential vulnerability.

Identity 95/100

With a 19-year domain age and registration through a reputable registrar like MarkMonitor, the site exhibits a strong and clearly established identity, consistent with a legitimate, long-term operation.

Reputation 90/100

The site holds a high Tranco rank, indicating significant traffic and established presence. It is clean on DNS blacklists, which reinforces a positive reputation, despite the absence of a Trustpilot profile.

Transparency 90/100

Envato.com provides clear contact information and maintains a solid social media presence. Complete branding and a present robots.txt further contribute to its transparent operational practices.

Compliance 75/100

While the site has a Content Security Policy and Clickjacking Protection, the omission of a complete set of legal pages (privacy policy or terms of service) is a notable compliance gap that needs addressing.

Infrastructure 95/100

The website demonstrates robust infrastructure with DNSSEC, DMARC, numerous MX records, and reliable DNS resolution via Cloudflare, ensuring strong email and domain integrity.

Signals Detected

[+]
Tranco Rank: Rank #2519

This is a well-known, high-traffic website

[+]
Structured Data: Found

Site uses structured data identifying itself as: WebSite

[+]
Domain Age: 19 years, 0 months

Domain created 2006-07-26T13:32:22Z (19 years, 0 months ago)

[?]
Registrar: MarkMonitor Inc.

Registered through MarkMonitor Inc.

[+]
Domain Expiry: 2026-07-26T13:32:22Z

Expires in 90 days

[+]
DNSSEC: signedDelegation

DNSSEC status from WHOIS

[+]
SSL Certificate: Valid

Valid certificate, expires in 59 days

[?]
Certificate Issuer: Google Trust Services

Certificate issued by Google Trust Services

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[~]
External Scripts: 18 scripts

Excessive number of external scripts — may indicate malicious injection

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[+]
DNS Resolution: 2 IP(s)

Resolves to: 104.16.239.191, 104.18.208.202

[+]
Email (MX Records): 7 record(s)

Mail servers: aspmx.l.google.com., alt1.aspmx.l.google.com., alt2.aspmx.l.google.com., aspmx2.googlemail.com., aspmx4.googlemail.com., aspmx3.googlemail.com., aspmx5.googlemail.com.

[+]
DMARC Record: Present

Domain has DMARC email authentication configured

[+]
Name Servers: 2 server(s)

DNS providers: dell.ns.cloudflare.com., nile.ns.cloudflare.com.

[+]
Content Security Policy: Present

Site has Content Security Policy configured

[+]
Clickjacking Protection: Present

X-Frame-Options: SAMEORIGIN

[?]
Server: cloudflare

Web server: cloudflare

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[?]
Certificate Transparency: Unable to check

crt.sh returned status 429

[+]
Branding: Complete

Site has custom branding and social media metadata

[?]
Sitemap: 4 pages

Sitemap found with 4 entries

[+]
robots.txt: Present

robots.txt has 11 directives and references a sitemap

[+]
Website Status: Online

Website is live and responding

[+]
Contact Info: Found

Website appears to have contact information

[~]
Legal Pages: Partial

Website is missing either privacy policy or terms of service

[+]
Social Media Presence: 5 platforms

Website links to multiple social media platforms

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[+]
Page Load Time: 376ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for envato.com
<a href="https://verified.fyi/review/envato.com"><img src="https://verified.fyi/badge/envato.com?size=medium&style=full&theme=dark" alt="envato.com trust score — verified.fyi" /></a>
[![envato.com trust score](https://verified.fyi/badge/envato.com?size=medium&style=full&theme=dark)](https://verified.fyi/review/envato.com)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

Envato.com has long been a major player in the digital creative asset space, known for its extensive marketplaces like ThemeForest, CodeCanyon, and GraphicRiver. When evaluating a platform of this nature, you'd expect a robust, transparent, and professionally managed online presence. Our analysis reveals a mixed bag. On one hand, Envato exhibits the technical hallmarks of a well-established entity: a domain nearly two decades old, a high traffic rank, and strong underlying infrastructure for security and email authentication. This suggests significant investment and long-term commitment, standard for a legitimate business in the software and digital goods industry. However, a significant red flag is the 403 error returned by the homepage during our check, along with the complete absence of readily available contact information and crucial legal pages like a privacy policy and terms of service. For a platform that facilitates countless transactions and creative endeavors, these aren't minor oversights; they are fundamental gaps in user protection and transparency. While its subsidiary sites (like ThemeForest) typically *do* have these in place, the primary domain should still clearly link to or host this essential information. Potential users should proceed with caution, ensuring they seek out legal documents and contact methods on specific Envato market sites if they intend to purchase or sell, rather than relying on the main domain.