Is instacart.com legit?

85
/ 100
Trusted
Industry: Food & Dining

Instacart.com appears to be a legitimate and well-established service, backed by a strong online presence and robust security measures. While there are some minor concerns regarding numerous external scripts and hidden content, these are not significant enough to undermine its overall trustworthiness for consumers. This platform is Generally Safe for consumer use.

Food & Dining average: 83/100 · based on 15 sites

Checked: April 18, 2026 at 1:09 PM UTC · Refresh

Is instacart.com a scam? Here's what we found.

Security 80/100

The site uses a modern TLS 1.3 connection and has a valid SSL certificate from Amazon, indicating a good baseline for secure communication. However, the high number of external scripts presents a potential, albeit moderate, vulnerability for malicious code injection, which is something to be aware of.

Identity 95/100

With a domain aged nearly 30 years and registered through a reputable registrar like Amazon, Instacart.com shows a very strong and established identity. This longevity is a significant indicator of a trustworthy and long-standing operation.

Reputation 90/100

Instacart.com is a high-traffic, well-known website that is clean on DNS blacklists and has a complete branding presence, all pointing to a solid and positive reputation within its industry. Its long domain history also contributes to its standing.

Transparency 80/100

The site provides clear contact information, readily accessible privacy and terms pages, and links to multiple social media platforms, suggesting a commitment to transparency. The presence of numerous hidden content elements, however, could be perceived as a minor detractor to full openness.

Compliance 95/100

The presence of both a privacy policy and terms of service pages demonstrates a good level of legal compliance. This is essential for any platform handling consumer data and transactions, ensuring users understand their rights and responsibilities.

Infrastructure 85/100

The site leverages robust email authentication (SPF and DMARC) and distributed DNS resolution, indicating a well-managed infrastructure. The main gap is the unsigned DNSSEC, which, while not uncommon, is a missed opportunity for an additional layer of security against DNS tampering.

Signals Detected

[+]
Tranco Rank: Rank #2671

This is a well-known, high-traffic website

[+]
Structured Data: Found

Site uses structured data identifying itself as: WebSite

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[+]
robots.txt: Selective access

Blocks unknown crawlers by default but grants access to specific bots (473 directives)

[+]
Domain Age: 29 years, 10 months

Domain created 1996-10-31T05:00:00Z (29 years, 10 months ago)

[?]
Registrar: Amazon Registrar, Inc.

Registered through Amazon Registrar, Inc.

[+]
Domain Expiry: 2029-10-30T04:00:00Z

Expires in 1290 days

[+]
DNSSEC: unsigned

DNSSEC status from WHOIS

[~]
External Scripts: 51 scripts

Excessive number of external scripts — may indicate malicious injection

[~]
Hidden Content: 40 hidden elements

Excessive hidden content found — may indicate cloaking or deceptive content

[+]
Branding: Complete

Site has custom branding and social media metadata

[+]
SSL Certificate: Valid

Valid certificate, expires in 196 days

[?]
Certificate Issuer: Amazon

Certificate issued by Amazon

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[+]
Website Status: Online

Website is live and responding

[+]
Contact Info: Found

Website appears to have contact information

[+]
Legal Pages: Privacy & Terms found

Website has both privacy policy and terms of service pages

[+]
Social Media Presence: 3 platforms

Website links to multiple social media platforms

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[+]
HSTS Header: Present

Site enforces HTTPS via HSTS

[+]
Content Security Policy: Present

Site has Content Security Policy configured

[?]
Server: nginx

Web server: nginx

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[+]
DNS Resolution: 4 IP(s)

Resolves to: 18.245.31.39, 18.245.31.34, 18.245.31.14, 18.245.31.91

[+]
Email (MX Records): 5 record(s)

Mail servers: aspmx.l.google.com., alt1.aspmx.l.google.com., alt2.aspmx.l.google.com., aspmx2.googlemail.com., aspmx3.googlemail.com.

[+]
SPF Record: Present

Domain has SPF email authentication configured

[+]
DMARC Record: Present

Domain has DMARC email authentication configured

[+]
Name Servers: 4 server(s)

DNS providers: ns-589.awsdns-09.net., ns-132.awsdns-16.com., ns-1394.awsdns-46.org., ns-1943.awsdns-50.co.uk.

[?]
Sitemap: Not found

No sitemap found — common for smaller sites

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[?]
Certificate Transparency: Unable to check

Could not query certificate transparency logs

[?]
Page Load Time: 1366ms

Average page load time

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for instacart.com
<a href="https://verified.fyi/review/instacart.com"><img src="https://verified.fyi/badge/instacart.com?size=medium&style=full&theme=dark" alt="instacart.com trust score — verified.fyi" /></a>
[![instacart.com trust score](https://verified.fyi/badge/instacart.com?size=medium&style=full&theme=dark)](https://verified.fyi/review/instacart.com)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

As a consumer safety journalist, one of the most common questions I get about online services is, 'Can I trust them with my money and my personal information?' When it comes to Instacart.com, a leading player in the online grocery delivery market, the picture is largely reassuring. Instacart has carved out a significant space for itself in a competitive industry. Unlike a fly-by-night operation, services like Instacart, which handle personal data, payment information, and physical deliveries, require a substantial and stable online presence. This site’s nearly three-decade-old domain is a prime example of this stability, far exceeding the typical age you'd see for a scam or short-lived enterprise. Most legitimate marketplaces will boast a history measurable in years, not months. While Instacart demonstrates many hallmarks of a trustworthy platform, including clear legal pages and strong branding, it's always wise for consumers to be vigilant. In the online marketplace world, concerns often revolve around data security and transparency. The presence of numerous external scripts and hidden content elements on a site, while not definitive proof of malicious intent, is something to note. For users, this means staying updated with their personal account security and being aware of what information they share. A legitimate marketplace like Instacart should always make it easy for you to control your data and understand their practices. They do provide comprehensive privacy and terms, which is a good sign, unlike less reputable sites trying to obfuscate their policies.