Is state.gov legit?
State.gov appears mostly safe with a long history and strong underlying technical security, but some significant issues with transparency and compliance prevent a full trust rating. The lack of legal pages and contact information raises questions about user interaction and data handling.
Government average: 80/100 · based on 33 sites
Checked: April 18, 2026 at 8:25 AM UTC · Refresh
Is state.gov a scam? Here's what we found.
Robust security measures are in place, including modern TLS encryption and a clean record with Google Web Risk and various DNS blacklists. While certificate transparency couldn't be checked, the overall setup aligns with the expected security for a government website.
The domain boasts an impressive age of nearly 29 years, indicating a long-standing and established presence. Its clear registration through get.gov solidifies its governmental identity, despite redacted WHOIS information, which is standard for government domains.
With a high Tranco rank, extensive web archive history, and a clean bill of health from blacklists, the site maintains an excellent reputation. This historical presence and global recognition speak volumes about its established authority.
Despite its status, state.gov falls short on basic transparency. The lack of readily available contact information and social media links on the homepage makes it harder for users to engage or get support, which is a crucial aspect for a public information portal.
A significant concern arises from the complete absence of a privacy policy and terms of service. For a government website that likely handles user data or provides official information, this omission is a major compliance gap, potentially leaving users in the dark about data practices.
The site benefits from a solid infrastructure, including multiple IP addresses, properly configured email authentication (SPF and DMARC), and DNSSEC for domain integrity. However, the unexpected HTTP 407 status indicates a potential configuration issue or a misreporting of the status.
Signals Detected
This is one of the most visited websites globally
This business has no Trustpilot presence — not unusual for smaller or newer companies
crt.sh returned status 429
Resolves to: 2600:1f18:3a6e:b641:e65a:ee0e:a6dc:89f4, 2600:1f10:4617:d340:6535:2eb1:e4db:244d, 2600:1f18:7400:4a95:de75:7fa3:6311:a663, 34.233.146.45, 107.22.78.153, 100.28.244.61
Mail servers: stimson.state.gov., christopher-ew.state.gov.
Domain has SPF email authentication configured
Domain has DMARC email authentication configured
DNS providers: a1-63.akam.net., a14-64.akam.net., a26-65.akam.net., a8-67.akam.net., a3-66.akam.net., a9-64.akam.net.
Website returned status 407
No obvious contact information found on homepage
No privacy policy or terms of service found
No social media links found on homepage
No favicon found — unusual for an established business
Web server: CloudFront
No threats detected by Google Web Risk
Not found on any DNS blacklists
No sitemap found — common for smaller sites
Domain created 1997-10-02T01:29:30Z (28 years, 11 months ago)
Registered through get.gov
Expires in 133 days
DNSSEC status from WHOIS
Valid certificate, expires in 177 days
Certificate issued by Amazon
Connection uses TLS 1.3
No robots.txt file — common for small sites
Earliest archive snapshot from 19961230
Fast page load
Embed This Badge
Stay Safe Online
Good habits to protect yourself, no matter the scan result.
Never reuse passwords across sites.
Add a second layer of security to your accounts.
Always verify unfamiliar stores before entering payment info.