How to Check if a Website is Safe: 7 Warning Signs You Shouldn't Ignore

By Bitverzo Research Team · July 6, 2026 · 8 min read · Based on analysis of 760,000+ websites

Last month we hit a milestone at Bitverzo — we've now analyzed over 760,000 websites. And honestly, some of what we found surprised even us. About 21% of all sites we scanned raise at least one caution flag. One in five. That's not some obscure corner of the internet either. We're talking about sites people visit every single day.

So we dug into the data and pulled out the seven most common warning signs that a website might not be what it seems. Some of these are obvious. Others? Not so much.

78% Safe · 21% Caution · 1% Suspicious

Trust score verdict distribution across 760,000+ analyzed domains

1. No HTTPS — The Most Basic Red Flag

You'd think we'd be past this by now. It's 2026. But 16% of websites still don't use HTTPS. That's roughly 1 in 6 sites sending your data over an unencrypted connection. Your passwords, your credit card numbers, your search queries — all visible to anyone who cares to look.

Check the address bar. If there's no padlock icon, or if the URL starts with http:// instead of https://, think twice before entering any personal information. And if you're shopping on a site without HTTPS? Close that tab immediately.

🚩 Red Flag

We found that sites without HTTPS have an average trust score of just 41 out of 100, compared to 67 for sites with proper SSL certificates. That's not a coincidence.

2. Missing Security Headers — The Hidden Problem

This one's invisible to most people, but it matters a lot. Security headers are instructions that a website sends to your browser, telling it how to behave. Things like "don't load this page inside another website's frame" or "only connect over encrypted channels."

The numbers here are frankly terrible. 80% of websites we analyzed are missing Content-Security-Policy headers. And 72% don't enforce HSTS, which means even sites with HTTPS might accidentally serve you an unencrypted page. You can check any site's security headers instantly with Bitverzo's free analysis tool.

3. Suspiciously New Domain

Domain age isn't everything, but it's something. Scam sites rarely stick around for long. They pop up, grab some credit card numbers, and disappear within weeks. If a site was registered last Tuesday and it's already offering you 90% off designer handbags, well, you can probably figure that one out.

When we look at sites scoring below 40 on our trust scale, the vast majority are under 6 months old. Legitimate businesses that have been around for years tend to score in the 65-80 range. Compare this yourself — check Amazon's trust profile versus any random discount site you've seen in a Facebook ad.

4. No Real Contact Information

This seems simple but it's surprisingly effective as a filter. Real businesses have real addresses, real phone numbers, and email addresses that match their domain name. If the only way to contact a company is through a Gmail address and a contact form that may or may not work, that's a problem.

We've noticed that sites with proper WHOIS information (meaning they haven't hidden their registration details behind privacy services) tend to score about 15 points higher on our trust scale. That doesn't mean WHOIS privacy is inherently bad — plenty of legitimate sites use it. But combined with other red flags? It's worth noting.

5. Outdated or Missing Technology

The tech stack tells a story. A legitimate e-commerce site in 2026 should be running modern frameworks, proper analytics, and up-to-date security tools. When we see a "shopping site" that's running decade-old software with no payment security certificates, that's a pretty clear signal.

Here's what's interesting from our data: the most common technology across all 760K+ sites we've analyzed is jQuery at 40%, followed by Google Analytics 4 at 25% and Cloudflare at 22%. Sites that use none of these common technologies — no analytics, no CDN, no modern JavaScript — tend to be either very niche or very sketchy.

✅ Quick Tip

Look for trust signals in the tech stack. Sites using Stripe or PayPal for payments, Cloudflare for security, and Google Analytics for tracking are generally more invested in their online presence than fly-by-night operations.

6. Poor Email Security (SPF and DMARC)

Here's one most people never think about. When a company sends you an email, there are authentication systems that verify it's actually from them and not from someone pretending to be them. These are called SPF and DMARC records.

Only 55% of websites have SPF records set up. And DMARC? Just 34%. That means roughly two-thirds of all websites have no protection against someone sending fake emails that look like they're from that company. If you get an email from a site that hasn't set up these basic protections, be extra careful about clicking any links in it.

You can check any domain's email security configuration on its Bitverzo report page — look for the DNS & Domain section.

7. Too Good to Be True (Trust Your Gut)

We can analyze headers, certificates, and DNS records all day long. But sometimes the best security tool is the one between your ears. If a website is offering something that seems impossibly cheap, if the grammar is slightly off, if the design looks like it was thrown together in an afternoon — trust that instinct.

When we look at sites in the United States versus other regions, the average trust scores are remarkably consistent. Good sites look like good sites regardless of where they're hosted. And bad ones? They have a certain feel to them that's hard to quantify but easy to recognize once you know what you're looking for.

How to Check Any Website in 30 Seconds

Look, you don't need to manually inspect security headers or dig through DNS records. That's what tools are for. Here's the quick version:

Check Any Website — Free & Instant

Get a detailed trust score, technology detection, security analysis, and more for any domain.

Analyze a Website →

Frequently Asked Questions

How can I tell if a website is safe to visit?

Check for HTTPS (padlock icon in your browser), look up the domain's age and registration details, verify the company has real contact information, and use a free tool like Bitverzo to get an instant trust score. Our analysis of 760,000+ websites shows that 78% score as "Likely Safe" while about 21% raise caution flags.

What percentage of websites use HTTPS in 2026?

Based on Bitverzo's analysis of 760,000+ domains, approximately 84% of websites now use HTTPS encryption. That still means about 16% of sites are transmitting data without basic encryption — a significant security concern for any site handling personal or financial information.

What is a good website trust score?

On Bitverzo's 0-100 trust scale, scores above 70 are generally considered safe, 40-70 means proceed with caution, and below 40 indicates significant risks. The average trust score across all 760,000+ websites we've analyzed is 63 out of 100. Major brands like Google and Shopify typically score in the 70-85 range.

Data in this article is based on Bitverzo's analysis of 760,000+ domains as of July 2026. Trust scores and statistics are updated continuously as new domains are analyzed. Browse all categories or see the top-rated websites.