Skip to main content
Trust report

supabase.com

TrustedVisit siteFresh scan · 7/17/2026, 10:24:14 PM

86/100 — trusted. Long-established, no impersonation patterns, no scam-correlated signals.

Verdict driven by: no privacy policy found; no terms of service found; missing Content Security Policy — worth extra caution before trusting.

Top scam signals
  • No privacy policy found
    Legally required in most jurisdictions. Its absence is a real red flag.
  • No terms of service found
    Reputable sites usually publish a terms of service.
  • Missing Content Security Policy
    Restricts which scripts and resources the page can load.
SL Trust Core
86
safe
Category breakdown
Identity & Age70/100
1 signal · weight 22
Impersonation Risk100/100
1 signal · weight 22
Red Flags100/100
1 signal · weight 18
Transparency61/100
8 signals · weight 14
Security79/100
8 signals · weight 8
Email100/100
3 signals · weight 4
Infrastructure100/100
4 signals · weight 4
Content100/100
3 signals · weight 3
Performance93/100
4 signals · weight 3
Technical Health100/100
3 signals · weight 2
Positive signals
  • Site responded with 200
  • HTTPS is enforced
  • Fast response (229ms)
  • Served through Cloudflare
  • 1 address record(s) resolved
  • 2 authoritative nameservers
Warnings
  • Missing Content Security Policy
  • No privacy policy found
  • No terms of service found
  • Large response served uncompressed
Critical
None detected.
Helpful?
Recommendations

Top 3 things to fix

  • high · transparency
    Publish a Privacy Policy

    A linked privacy policy is legally required in most jurisdictions and is one of the strongest transparency signals.

  • medium · security
    Publish a Content Security Policy

    A minimal CSP dramatically reduces the impact of XSS. Start with default-src 'self' and iterate.

  • medium · transparency
    Publish Terms of Service

    Reputable commercial sites publish clear terms so users know their rights.

Root label
supabase
TLD
.com
Uses punycode (xn--)
no
Mixed-script (homoglyph)
no
Brand match
no known brand embedded
Typosquat check
no typosquat pattern
Phishing suffix tokens
none
No impersonation patterns detected
Domain doesn't look like a typosquat, doesn't embed a well-known brand, and uses ASCII characters.
+8
Payment red flags
none detected
Urgency / pressure language
none detected
Disposable-domain combo
no
Page text length scanned
7,861 chars
No scam-correlated language found on the home page
No crypto-only / gift-card / wire-only payment demands, and no obvious urgency tactics.
+6
RDAP returned 403
Final URL
https://supabase.com/
Status
200
Response time
229ms
Server
cloudflare
CDN
Cloudflare
Content-Type
text/html; charset=utf-8
Body size
1295.9 KB
Redirects
0
Site responded with 200
Final URL: https://supabase.com/. Response time 229ms.
+8
HTTPS is enforced
All redirects stayed on HTTPS. Traffic is encrypted end-to-end.
+10
Fast response (229ms)
+6
Served through Cloudflare
Sites behind a major CDN benefit from DDoS protection and edge caching.
+4
A
216.150.1.193
AAAA
MX
1 aspmx.l.google.com, 5 alt1.aspmx.l.google.com, 5 alt2.aspmx.l.google.com, 10 alt3.aspmx.l.google.com, 10 alt4.aspmx.l.google.com
NS
christina.ns.cloudflare.com, neil.ns.cloudflare.com
TXT count
5
1 address record(s) resolved
+4
2 authoritative nameservers
+2
ssl timed out after 8000ms
HSTSmissing: Content Security Policymissing: X-Frame-Optionsmissing: X-Content-Type-Optionsmissing: Referrer Policymissing: Permissions Policy
HSTS is set
Tells browsers to only use HTTPS for this domain.
+6
Missing Content Security Policy
Restricts which scripts and resources the page can load.
-4
Missing X-Frame-Options
Prevents clickjacking by disallowing framing.
-3
Missing X-Content-Type-Options
Blocks MIME-sniffing browser attacks.
-2
Missing Referrer Policy
Controls what referrer information is sent with requests.
-2
Missing Permissions Policy
Restricts access to powerful browser features (camera, mic, etc.).
-2
SPF
v=spf1 include:_spf.google.com include:19953346.spf06.hubspotemail.net ~all
DMARC
v=DMARC1; p=reject; pct=100; rua=mailto:re+dgebavkwb5w@inbound.dmarcdigests.com; ruf=mailto:team-growth-eng@supabase.com; fo=1; sp=quarantine; aspf=r;
DMARC policy
reject
DKIM selectors found
google, mail
SPF record published
+5
DMARC published (reject)
+6
DKIM configured (google, mail)
+3
Next.js· frameworkSvelte· jsTailwind CSS· cssGoogle Analytics· analyticsCloudflare· cdnVercel· hosting
Title
Supabase | The Postgres Development Platform
Description
Build production-grade applications with a Postgres database, Authentication, instant APIs, Realtime, Functions, Storage and Vector embeddings. Start for free.
Language
en
Charset
utf-8
6 technologies detected
Next.js, Svelte, Tailwind CSS, Google Analytics, Cloudflare, Vercel
Built on a modern framework
+3
Mobile viewport configured
+2
privacynot found
termsnot found
aboutnot found
refundnot found
shippingnot found
cookiesnot found
Phone numbers
2722-9744, 5-7826557590, 550452365, 9318-5207444007, 6530-220193, 167.30345696
No privacy policy found
Legally required in most jurisdictions. Its absence is a real red flag.
-4
No terms of service found
Reputable sites usually publish a terms of service.
-4
Contact page linked from home page
+5
No about page found
Reputable sites usually publish a about page.
-3
No refund/return policy found
Reputable sites usually publish a refund/return policy.
-3
No cookie policy found
Reputable sites usually publish a cookie policy.
-2
2 social profile(s) linked
twitter, github
+3
Phone number published
+2
Diagnostics

Scan performance

engine 5.1.0 · report v5
Total scan time
8015 ms
Cache
Miss
Final response
229 ms
Redirects
0
Plugins executed
18
Plugins failed
5
Signal confidence
72%
Per-plugin timings
sslfailed · 8000 ms
phishstatsfailed · 3500 ms
http229 ms
sitemap156 ms
urlhausfailed · 129 ms
robots91 ms
email-security15 ms
rdapfailed · 4 ms
dns3 ms
reputation0 ms
impersonation0 ms
safe-browsingfailed · 0 ms
security-headers0 ms
tech0 ms
content0 ms
redirects0 ms
performance0 ms
red-flags0 ms