Is github.io legit?

82
/ 100
Trusted
Industry: Hosting & Domains

This site appears to be trusted, backed by a strong domain age and excellent traffic ranking. While there are minor gaps in legal pages and social media presence, the core infrastructure and security are solid.

Hosting & Domains average: 77/100 · based on 38 sites

Checked: April 21, 2026 at 6:47 PM UTC

Is github.io a scam? Here's what we found.

Security 90/100

Security is strong with a current TLS 1.3 implementation, a valid SSL certificate (though from Let's Encrypt), and a clean bill of health from Google Web Risk, indicating no detected threats.

Identity 95/100

The domain has a significant age (over 13 years) and publicly visible WHOIS data showing registration through a reputable registrar, clearly identifying GitHub, Inc. as the registrant.

Reputation 95/100

Its Tranco rank is exceptionally high, indicating a very well-known and trafficked domain. It's also clean on all DNS blacklists, reinforcing its positive reputation.

Transparency 75/100

Basic contact information is present, and the site has custom branding, but the lack of social media presence on the homepage slightly reduces its overall transparency in user engagement.

Compliance 80/100

The site has an incomplete set of legal pages, missing either a privacy policy or terms of service, which is a notable gap for user understanding and regulatory compliance.

Infrastructure 85/100

The infrastructure is robust with multiple IP addresses, good name server distribution, and a present SPF record. However, the redirect away from the primary domain and a misconfigured sitemap are minor drawbacks.

Signals Detected

[+]
Tranco Rank: Rank #122

This is one of the most visited websites globally

[+]
Structured Data: Found

Site uses structured data identifying itself as: WebSite

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[?]
Certificate Transparency: Unable to check

crt.sh returned status 502

[+]
DNS Resolution: 4 IP(s)

Resolves to: 185.199.110.153, 185.199.111.153, 185.199.109.153, 185.199.108.153

[?]
Email (MX Records): None

No MX records found — domain may not handle email

[+]
SPF Record: Present

Domain has SPF email authentication configured

[+]
Name Servers: 8 server(s)

DNS providers: dns1.p05.nsone.net., dns2.p05.nsone.net., dns3.p05.nsone.net., dns4.p05.nsone.net., ns-1339.awsdns-39.org., ns-1622.awsdns-10.co.uk., ns-393.awsdns-49.com., ns-692.awsdns-22.net.

[+]
SSL Certificate: Valid

Valid certificate, expires in 75 days

[?]
Certificate Issuer: Let's Encrypt

Certificate issued by Let's Encrypt

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[+]
Branding: Complete

Site has custom branding and social media metadata

[?]
Sitemap: Misconfigured

Sitemap URL returns non-XML content

[+]
robots.txt: Present

robots.txt has 257 directives

[~]
Redirect Check: Redirects away

Site redirects to https://pages.github.com/

[?]
Server: GitHub.com

Web server: GitHub.com

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[+]
Domain Age: 13 years, 3 months

Domain created 2013-03-08T19:12:48Z (13 years, 3 months ago)

[?]
Registrar: MarkMonitor Inc.

Registered through MarkMonitor Inc.

[+]
Domain Expiry: 2027-03-08T19:12:48Z

Expires in 321 days

[+]
DNSSEC: unsigned

DNSSEC status from WHOIS

[+]
Website Status: Online

Website is live and responding

[+]
Contact Info: Found

Website appears to have contact information

[~]
Legal Pages: Partial

Website is missing either privacy policy or terms of service

[~]
Social Media Presence: None found

No social media links found on homepage

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[+]
Page Load Time: 109ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for github.io
<a href="https://verified.fyi/review/github.io"><img src="https://verified.fyi/badge/github.io?size=medium&style=full&theme=dark" alt="github.io trust score — verified.fyi" /></a>
[![github.io trust score](https://verified.fyi/badge/github.io?size=medium&style=full&theme=dark)](https://verified.fyi/review/github.io)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

When evaluating the perceived trustworthiness of 'github.io,' it's crucial to understand its primary role in the web ecosystem. This isn't a traditional e-commerce site or a personal blog; it's a domain used by GitHub, a major software development platform, to host static websites for its users. Essentially, when you visit a 'github.io' address, you're usually looking at a project page, a personal portfolio, or a documentation site created and published by a developer through GitHub. The good news is that the underlying infrastructure and branding are solid, aligning with what you'd expect from a global tech leader like GitHub. It ranks among the most visited sites globally, has a long history, and uses modern security protocols. However, the rapidly expiring SSL certificate is a point of concern. For any website, especially one with significant traffic, letting an SSL certificate get this close to expiration is unusual and raises questions about diligent maintenance. While it's issued by Let's Encrypt, a legitimate provider, the short expiry window suggests an oversight that could temporarily impact security if not renewed promptly. Another aspect to consider is the redirect to 'pages.github.com' and the missing legal pages. While 'github.io' itself is a sub-domain for user-generated content, the ultimate responsibility for user data and terms of service often rests with the content's creator, not always GitHub directly. However, for GitHub to host such a significant platform without explicit legal pages on the primary 'github.io' domain itself is an interesting omission. Users visiting these pages should be mindful that they are interacting with content hosted by individuals or teams, and their specific privacy policies or terms of use might be found on the content creator's site rather than a general github.io policy.