out of 100

SAFE

Is cash.app safe?

cash.app is safe based on this scan. The domain is legitimate, the SSL setup is strong, and the threat intelligence results are clean aside from one likely false-positive DNS blocklist flag.

Google Safe Browsing

URLhaus

Spamhaus DNS BL

SURBL

SSL

Valid · TLSv1.3

Threats

suspicious

Registrar

Unknown

Scanned

March 18, 2026

Website Screenshots

Desktop · 1920×1080

Mobile

Cash.app scores 82/100 and is marked safe in our scan. The site uses a valid TLSv1.3 certificate issued by WE1 (Google Trust Services), with HSTS enabled and 84 days remaining before expiry. Threat checks were clean on Google Safe Browsing and URLhaus, with only a DNS blocklist flag from Spamhaus/SURBL.

SSL Certificate & HTTPS Security

cash.app uses a valid HTTPS setup with TLSv1.3, which is the current modern standard for secure web traffic. The certificate is issued by WE1 (Google Trust Services) and expires in 84 days, so the site is actively maintained rather than running on stale infrastructure.

HSTS is enabled, which forces browsers to use HTTPS and reduces downgrade risks. The final URL resolves directly to https://cash.app/ with HTTP status 200, so there is no suspicious redirect chain in the scan results.

Threat Intelligence Results

The strongest safety signal in the scan is the clean reputation data: Google Safe Browsing is clean and URLhaus is clean. That means there is no current evidence of malware hosting, phishing, or known malicious distribution tied to cash.app in these feeds.

The only negative signal is a DNS blocklist flag from Spamhaus/SURBL. In this case, the flag conflicts with the domain�s established reputation as a trusted financial services brand, and the scanner�s synthesis identifies it as likely a false positive rather than a real threat.

Domain Reputation And Technical Profile

cash.app is a known domain with a trusted reputation and a financial services category. The scanner AI summary links it to Block, Inc., which matches the public identity of Cash App as a major peer-to-peer payment service.

The detected stack includes Cloudflare, Next.js, and Angular, which is consistent with a modern production web application. The scan also notes missing security headers: Referrer-Policy, Permissions-Policy, COOP, COEP, and CORP. These are worth improving, but they are not signs of compromise and do not outweigh the strong trust signals in the rest of the scan.

Is Cash App Legitimate?

Yes. cash.app is a legitimate, well-known financial service domain with a trusted reputation, clean malware and browser safety checks, and a secure HTTPS configuration. The 82/100 safety score reflects a strong overall posture with only minor header gaps and one likely false-positive blocklist flag.

For users worried about scams, the domain itself is not the problem here. The real risk with Cash App is usually account-level fraud, impersonation, or social engineering, not the official cash.app website.

Scan Details

Safety Score82/100

VerdictSafe

SSL ValidYes

SSL IssuerWE1 (Google Trust Services)

SSL ProtocolTLSv1.3

SSL Expires in84 days

HSTSEnabled

HTTP Status200

Response Time292ms

Registrar—

Domain Created—

CategoryFinancial services

TechnologiesCloudflare, Next.js, Angular

Security Headers

HSTS X-Content-Type-Options X-Frame-Options CSP X-XSS-ProtectionReferrer-PolicyPermissions-PolicyCOOPCOEPCORP

Frequently Asked Questions

is cash app safe?

Yes. Our scan rates cash.app at 82/100 and marks it safe. It has a valid TLSv1.3 certificate from WE1 (Google Trust Services), HSTS enabled, and clean Google Safe Browsing and URLhaus results.

Why did cash.app get a DNS blocklist flag?

Spamhaus/SURBL flagged the domain, but the scanner synthesis treats this as a likely false positive. That conclusion is supported by the site�s trusted reputation, clean malware checks, and its status as a known financial services domain.

Does cash.app use secure HTTPS?

Yes. The site uses TLSv1.3 with a valid certificate issued by WE1 (Google Trust Services), and the certificate expires in 84 days. HSTS is also enabled, which strengthens browser-side HTTPS enforcement.

Are there any security issues on cash.app?

The scan found missing Referrer-Policy, Permissions-Policy, COOP, COEP, and CORP headers. Those are security hardening gaps, but they are minor compared with the clean threat intelligence and strong SSL configuration.

Is cash.app a legitimate website?

Yes. cash.app is a known domain with a trusted reputation and is associated with Block, Inc. The scanner AI summary identifies it as a widely used peer-to-peer payment service with no malicious associations.

Run your own scan

Check any URL instantly

Private, free, no account required. Your scan results are never made public — unlike VirusTotal.

Re-scan cash.app Download PDF report Scan a different URL