Trust report
paypal.com
92/100 — trusted. Long-established, no impersonation patterns, no scam-correlated signals.
Verdict driven by: large response served uncompressed — worth extra caution before trusting.
Top scam signals
- Large response served uncompressedEnable gzip or brotli at the edge to cut transfer size dramatically.
SL Trust Core
92
safe
Category breakdown
Identity & Age70/100
1 signal · weight 22
Impersonation Risk100/100
2 signals · weight 22
Red Flags100/100
1 signal · weight 18
Transparency98/100
7 signals · weight 14
Security100/100
8 signals · weight 8
Email100/100
3 signals · weight 4
Infrastructure100/100
4 signals · weight 4
Content81/100
2 signals · weight 3
Performance84/100
2 signals · weight 3
Technical Health100/100
2 signals · weight 2
Positive signals
- Site responded with 200
- HTTPS is enforced
- Fast response (324ms)
- Served through Cloudflare
- 3 address record(s) resolved
- 4 authoritative nameservers
Warnings
- Large response served uncompressed
Critical
None detected.
- Root label
- paypal
- TLD
- .com
- Uses punycode (xn--)
- no
- Mixed-script (homoglyph)
- no
- Brand match
- paypal (this IS the real brand's domain)
- Typosquat check
- no typosquat pattern
- Phishing suffix tokens
- none
paypal is the real brand's registered domain
The root label matches the brand exactly — this IS the brand's own domain.
+10
No impersonation patterns detected
Domain doesn't look like a typosquat, doesn't embed a well-known brand, and uses ASCII characters.
+8
- Payment red flags
- none detected
- Urgency / pressure language
- none detected
- Disposable-domain combo
- no
- Page text length scanned
- 10,039 chars
No scam-correlated language found on the home page
No crypto-only / gift-card / wire-only payment demands, and no obvious urgency tactics.
+6
RDAP returned 403
- Final URL
- https://www.paypal.com/us/home
- Status
- 200
- Response time
- 324ms
- Server
- cloudflare
- CDN
- Cloudflare
- Content-Type
- text/html; charset=utf-8
- Body size
- 313.2 KB
- Redirects
- 2
Redirect chain
- 301 → https://www.paypal.com/
- 302 → https://www.paypal.com/us/home
Site responded with 200
Final URL: https://www.paypal.com/us/home. Response time 324ms.
+8
HTTPS is enforced
All redirects stayed on HTTPS. Traffic is encrypted end-to-end.
+10
Fast response (324ms)
+6
Served through Cloudflare
Sites behind a major CDN benefit from DDoS protection and edge caching.
+4
- A
- 151.101.3.1, 151.101.195.1, 162.159.141.96
- AAAA
- —
- MX
- 10 mx1.paypalcorp.com, 10 mx2.paypalcorp.com
- NS
- pdns100.ultradns.com, pdns100.ultradns.net, ns1-pchnet.paypal.com, ns2-pchnet.paypal.com
- TXT count
- 12
3 address record(s) resolved
+4
4 authoritative nameservers
+2
crt.sh returned 502
HSTSContent Security PolicyX-Content-Type-OptionsPermissions Policymissing: X-Frame-Optionsmissing: Referrer Policy
HSTS is set
Tells browsers to only use HTTPS for this domain.
+6
Content Security Policy is set
Restricts which scripts and resources the page can load.
+5
Missing X-Frame-Options
Prevents clickjacking by disallowing framing.
-3
X-Content-Type-Options is set
Blocks MIME-sniffing browser attacks.
+2
Missing Referrer Policy
Controls what referrer information is sent with requests.
-2
Permissions Policy is set
Restricts access to powerful browser features (camera, mic, etc.).
+2
- SPF
- v=spf1 include:pp._spf.paypal.com include:3ph1._spf.paypal.com include:3ph2._spf.paypal.com include:3ph3._spf.paypal.com include:3ph4._spf.paypal.com include:sendgrid.net include:aspmx.pardot.com ~all
- DMARC
- v=DMARC1; p=reject; rua=mailto:d@rua.agari.com; ruf=mailto:d@ruf.agari.com
- DMARC policy
- reject
- DKIM selectors found
- s1, s2
SPF record published
+5
DMARC published (reject)
+6
DKIM configured (s1, s2)
+3
Svelte· jsTailwind CSS· cssBootstrap· cssGoogle Analytics· analyticsGoogle Tag Manager· analyticsCloudflare· cdn
- Title
- Pay, Send and Save Money with PayPal | PayPal US
- Description
- From paying friends to saving money or getting cash back when you shop, explore what the new PayPal app has to offer.
- Language
- en-US
- Charset
- utf-8
6 technologies detected
Svelte, Tailwind CSS, Bootstrap, Google Analytics, Google Tag Manager, Cloudflare
Mobile viewport configured
+2
refundnot found
cookiesnot found
- Phone numbers
- 1784327064496, 260393023821, 0 0 0 0.0625, 166.885 0.00683594, 0.00683594, 153.861 14.1101
Privacy policy linked from home page
+6
Terms of service linked from home page
+5
Contact page linked from home page
+5
About page linked from home page
+3
No refund/return policy found
Reputable sites usually publish a refund/return policy.
-3
No cookie policy found
Reputable sites usually publish a cookie policy.
-2
Phone number published
+2
Diagnostics
Scan performance
engine 5.1.0 · report v5
Total scan time
3563 ms
Cache
Miss
Final response
324 ms
Redirects
2
Plugins executed
18
Plugins failed
5
Signal confidence
72%
Per-plugin timings
phishstatsfailed · 3537 ms
sslfailed · 702 ms
robots475 ms
sitemap475 ms
http324 ms
urlhausfailed · 134 ms
email-security26 ms
dns4 ms
rdapfailed · 3 ms
reputation0 ms
impersonation0 ms
safe-browsingfailed · 0 ms
security-headers0 ms
tech0 ms
content0 ms
redirects0 ms
performance0 ms
red-flags0 ms