Is github.com legit?

93
/ 100
Trusted
Industry: Software & Downloads

GitHub.com is a highly trusted platform with excellent security and a strong online presence. The only minor concern is the high number of external scripts, which warrants a security best practice review for potential third-party risks.

Software & Downloads average: 78/100 · based on 75 sites

Checked: April 21, 2026 at 4:07 AM UTC

Is github.com a scam? Here's what we found.

Security 85/100

The site uses modern TLS 1.3, has HSTS and CSP configured, and is deemed clean by Google Web Risk. The only notable concern is the large number of external scripts, which introduces potential supply chain vulnerabilities.

Identity 95/100

With a domain age of almost 19 years and registration through a reputable registrar like MarkMonitor, GitHub demonstrates a very strong and established identity.

Reputation 98/100

Ranked as one of the most visited websites globally, GitHub has an outstanding reputation. It's clean on DNS blacklists, reinforcing its trustworthiness and widespread acceptance.

Transparency 90/100

The site provides clear contact information, complete branding, and an active social media presence, indicating a high level of transparency in its operations.

Compliance 95/100

GitHub effectively meets compliance expectations by providing both privacy and terms of service pages, which are essential for user trust and legal obligations.

Infrastructure 95/100

The site benefits from robust infrastructure, including DMARC for email authentication, multiple name servers for redundancy, and fast page load times, signaling reliability and efficiency.

Signals Detected

[+]
Tranco Rank: Rank #29

This is one of the most visited websites globally

[?]
Structured Data: None found

No structured data markup found

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[+]
SSL Certificate: Valid

Valid certificate, expires in 43 days

[?]
Certificate Issuer: Sectigo Limited

Certificate issued by Sectigo Limited

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[+]
Domain Age: 18 years, 9 months

Domain created 2007-10-09T18:20:50Z (18 years, 9 months ago)

[?]
Registrar: MarkMonitor Inc.

Registered through MarkMonitor Inc.

[+]
Domain Expiry: 2026-10-09T18:20:50Z

Expires in 171 days

[+]
DNSSEC: unsigned

DNSSEC status from WHOIS

[?]
Certificate Transparency: Unable to check

crt.sh returned status 429

[+]
robots.txt: Present

robots.txt has 89 directives

[+]
Branding: Complete

Site has custom branding and social media metadata

[~]
External Scripts: 66 scripts

Excessive number of external scripts — may indicate malicious injection

[+]
HSTS Header: Present

Site enforces HTTPS via HSTS

[+]
Content Security Policy: Present

Site has Content Security Policy configured

[+]
Clickjacking Protection: Present

X-Frame-Options: deny

[?]
Server: github.com

Web server: github.com

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[+]
DNS Resolution: 1 IP(s)

Resolves to: 140.82.112.4

[+]
Email (MX Records): 1 record(s)

Mail servers: github-com.mail.protection.outlook.com.

[+]
DMARC Record: Present

Domain has DMARC email authentication configured

[+]
Name Servers: 8 server(s)

DNS providers: dns1.p08.nsone.net., dns2.p08.nsone.net., dns3.p08.nsone.net., dns4.p08.nsone.net., ns-1283.awsdns-32.org., ns-1707.awsdns-21.co.uk., ns-421.awsdns-52.com., ns-520.awsdns-01.net.

[?]
Sitemap: Not found

No sitemap found — common for smaller sites

[+]
Website Status: Online

Website is live and responding

[+]
Contact Info: Found

Website appears to have contact information

[+]
Legal Pages: Privacy & Terms found

Website has both privacy policy and terms of service pages

[+]
Social Media Presence: 4 platforms

Website links to multiple social media platforms

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[+]
Page Load Time: 29ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for github.com
<a href="https://verified.fyi/review/github.com"><img src="https://verified.fyi/badge/github.com?size=medium&style=full&theme=dark" alt="github.com trust score — verified.fyi" /></a>
[![github.com trust score](https://verified.fyi/badge/github.com?size=medium&style=full&theme=dark)](https://verified.fyi/review/github.com)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

When evaluating a platform as central to the tech industry as GitHub, the primary concern for users often revolves around the security and reliability of their code and projects. Is GitHub.com legit? For a site handling countless open-source and private repositories, understanding its trustworthiness is paramount. Legitimate software development platforms like GitHub typically exhibit a strong, long-standing online presence, robust security measures, and clear operational transparency. GitHub fits this profile exceptionally well. Its domain age, nearly two decades old, is a testament to its enduring role in the software ecosystem, far exceeding the typical lifespan of scam sites that often pop up and disappear quickly. The site's comprehensive security features, including advanced TLS encryption and content security policies, are industry best practices, ensuring data integrity and user protection. This is crucial for developers who rely on the platform for version control, collaboration, and code hosting. While the number of external scripts is a detail to note, common with feature-rich applications, it doesn't detract from the core security framework. For anyone considering storing sensitive code or collaborating on crucial projects, the signals indicate a very high level of trustworthiness. Unlike fly-by-night operations, GitHub uses a specialized registrar (MarkMonitor), which is a common choice for major corporations protecting their brand. The lower Trustpilot score, while a signal for user experience issues, is not uncommon for massive platforms that serve millions, where a small percentage of vocal unhappy users can skew public ratings without necessarily indicating a structural security flaw or scam. Ultimately, for software development and collaboration, GitHub remains a cornerstone, with strong safeguards in place for its users.