Skip to main content
Trust report

shopify.com

TrustedVisit siteFresh scan · 7/17/2026, 10:24:34 PM

89/100 — trusted. Long-established, no impersonation patterns, no scam-correlated signals.

Verdict driven by: no contact page found; missing Content Security Policy; large response served uncompressed — worth extra caution before trusting.

Top scam signals
  • No contact page found
    Reputable sites usually publish a contact page.
  • Missing Content Security Policy
    Restricts which scripts and resources the page can load.
  • Large response served uncompressed
    Enable gzip or brotli at the edge to cut transfer size dramatically.
SL Trust Core
89
safe
Category breakdown
Identity & Age70/100
1 signal · weight 22
Impersonation Risk100/100
2 signals · weight 22
Red Flags100/100
1 signal · weight 18
Transparency82/100
10 signals · weight 14
Security85/100
8 signals · weight 8
Email100/100
3 signals · weight 4
Infrastructure100/100
4 signals · weight 4
Content100/100
3 signals · weight 3
Performance89/100
3 signals · weight 3
Technical Health100/100
2 signals · weight 2
Positive signals
  • Site responded with 200
  • HTTPS is enforced
  • Fast response (41ms)
  • Served through Cloudflare
  • 1 address record(s) resolved
  • 3 authoritative nameservers
Warnings
  • Missing Content Security Policy
  • No contact page found
  • Large response served uncompressed
Critical
None detected.
Helpful?
Recommendations

Top 2 things to fix

  • medium · security
    Publish a Content Security Policy

    A minimal CSP dramatically reduces the impact of XSS. Start with default-src 'self' and iterate.

  • medium · transparency
    Add a contact page

    List an email, form, or physical address. Sites without contact info are trusted less by users and search engines.

Root label
shopify
TLD
.com
Uses punycode (xn--)
no
Mixed-script (homoglyph)
no
Brand match
shopify (this IS the real brand's domain)
Typosquat check
no typosquat pattern
Phishing suffix tokens
none
shopify is the real brand's registered domain
The root label matches the brand exactly — this IS the brand's own domain.
+10
No impersonation patterns detected
Domain doesn't look like a typosquat, doesn't embed a well-known brand, and uses ASCII characters.
+8
Payment red flags
none detected
Urgency / pressure language
none detected
Disposable-domain combo
no
Page text length scanned
7,830 chars
No scam-correlated language found on the home page
No crypto-only / gift-card / wire-only payment demands, and no obvious urgency tactics.
+6
RDAP returned 403
Final URL
https://www.shopify.com/
Status
200
Response time
41ms
Server
cloudflare
CDN
Cloudflare
Content-Type
text/html; charset=utf-8
Body size
411.8 KB
Redirects
1
Redirect chain
  1. 301https://www.shopify.com/
Site responded with 200
Final URL: https://www.shopify.com/. Response time 41ms.
+8
HTTPS is enforced
All redirects stayed on HTTPS. Traffic is encrypted end-to-end.
+10
Fast response (41ms)
+6
Served through Cloudflare
Sites behind a major CDN benefit from DDoS protection and edge caching.
+4
A
23.227.38.33
AAAA
MX
1 aspmx.l.google.com, 5 alt1.aspmx.l.google.com, 5 alt2.aspmx.l.google.com, 10 alt3.aspmx.l.google.com, 10 alt4.aspmx.l.google.com
NS
gold.foundationdns.com, gold.foundationdns.net, gold.foundationdns.org
TXT count
52
1 address record(s) resolved
+4
3 authoritative nameservers
+2
crt.sh returned 502
HSTSX-Content-Type-Optionsmissing: Content Security Policymissing: X-Frame-Optionsmissing: Referrer Policymissing: Permissions Policy
HSTS is set
Tells browsers to only use HTTPS for this domain.
+6
Missing Content Security Policy
Restricts which scripts and resources the page can load.
-4
Missing X-Frame-Options
Prevents clickjacking by disallowing framing.
-3
X-Content-Type-Options is set
Blocks MIME-sniffing browser attacks.
+2
Missing Referrer Policy
Controls what referrer information is sent with requests.
-2
Missing Permissions Policy
Restricts access to powerful browser features (camera, mic, etc.).
-2
SPF
v=spf1 include:_spf.google.com include:mail.zendesk.com include:sendgrid.net ~all
DMARC
v=DMARC1; p=reject; pct=100; fo=1; rua=mailto:dmarc-aggregate@shopify.com;ruf=mailto:dmarc-reports@shopify.com
DMARC policy
reject
DKIM selectors found
google, mail
SPF record published
+5
DMARC published (reject)
+6
DKIM configured (google, mail)
+3
Shopify· ecommerceSvelte· jsTailwind CSS· cssGoogle Analytics· analyticsCloudflare· cdn
Title
Shopify: The All-in-One Commerce Platform for Businesses - Shopify
Description
Try Shopify free. Build or grow your business fast with AI. Get more than ecommerce software with tools to manage every part of your business.
Language
en
Charset
utf-8
5 technologies detected
Shopify, Svelte, Tailwind CSS, Google Analytics, Cloudflare
Mobile viewport configured
+2
contactnot found
aboutnot found
refundnot found
cookiesnot found
Contact emails
+searchbot@anthropic.com, monique@email.com
Phone numbers
20409006880, 847460188612391, 52160348807, 84271640431, 1000 1000, 378060668
Privacy policy linked from home page
+6
Terms of service linked from home page
+5
No contact page found
Reputable sites usually publish a contact page.
-4
No about page found
Reputable sites usually publish a about page.
-3
No refund/return policy found
Reputable sites usually publish a refund/return policy.
-3
No cookie policy found
Reputable sites usually publish a cookie policy.
-2
6 social profile(s) linked
twitter, facebook, instagram, linkedin, github, tiktok
+3
Contact email published
+2
Phone number published
+2
Physical address published
1622 Walnut Ave
+3
Diagnostics

Scan performance

engine 5.1.0 · report v5
Total scan time
3512 ms
Cache
Miss
Final response
41 ms
Redirects
1
Plugins executed
18
Plugins failed
5
Signal confidence
72%
Per-plugin timings
phishstatsfailed · 3500 ms
robots152 ms
urlhausfailed · 114 ms
sslfailed · 95 ms
http41 ms
sitemap39 ms
email-security12 ms
dns4 ms
rdapfailed · 3 ms
reputation0 ms
impersonation0 ms
safe-browsingfailed · 0 ms
security-headers0 ms
tech0 ms
content0 ms
redirects0 ms
performance0 ms
red-flags0 ms