out of 100

SUSPICIOUS

Is yuka.io safe?

Yuka.io is not confirmed malicious, but it is not fully trustworthy either. The clean blocklist results help, but the 68/100 score, unknown reputation, and missing security headers justify caution.

Google Safe Browsing

URLhaus

Spamhaus DNS BL

SURBL

SSL

Valid · TLSv1.3

Threats

None detected

Registrar

GANDI SAS

Scanned

March 18, 2026

Website Screenshots

Desktop · 1920×1080

Mobile

Yuka.io scores 68/100 and is marked suspicious, not clean. The site uses a valid TLSv1.3 certificate issued by R13 (Let's Encrypt) with 72 days remaining, but it also misses several important security headers.

SSL Certificate & HTTPS Security

Yuka.io serves HTTPS correctly with a valid TLSv1.3 certificate issued by R13 (Let's Encrypt), and HSTS is enabled. That means the connection is encrypted and browsers are instructed to prefer secure connections, which is a solid baseline for safety.

The certificate expires in 72 days, so it is currently active and not near immediate expiry. However, the scan also found missing security headers: Content Security Policy, Referrer-Policy, Permissions-Policy, COOP, COEP, CORP, and X-XSS-Protection. Those gaps do not prove malicious behavior, but they do reduce the site�s defensive hardening.

Threat Intelligence Results

The threat checks are clean across the board: Google Safe Browsing is clean, URLhaus is clean, and DNS blocklists from Spamhaus and SURBL are clean. There are no direct indicators in the scan data that yuka.io is distributing malware, phishing content, or spam.

Even with clean threat feeds, the overall verdict is still suspicious because the domain has an unknown reputation and is not recognized as a major brand or public service in the scanner�s knowledge base. Clean blocklists lower the risk, but they do not override the lack of established trust.

Domain History & Reputation

The domain is registered through GANDI SAS, but the creation date is unknown and the domain is not known to the scanner. That means there is no verified age signal to support a long operating history, and no strong reputation data to anchor trust.

The scanner AI classifies the domain category as unknown with a suspicious pattern. It also notes that yuka.io does not match any major brand or well-known infrastructure in its training data. For a user asking whether the site is legit, that lack of recognition matters: legitimate services usually leave a clearer reputation trail.

Is Yuka.io Legitimate?

Yuka.io is not flagged as malicious, but it is not rated as fully trustworthy either. The site has a valid SSL setup and clean threat intelligence results, yet the 68/100 safety score, unknown reputation, and missing security headers keep it in the caution zone.

For a site you plan to log into, share data with, or make purchases through, this is not a green-light result. The safest conclusion from the scan is that yuka.io is low to moderate risk: usable, but not proven trustworthy enough to treat as clearly legitimate without further verification.

Scan Details

Safety Score68/100

VerdictSuspicious

SSL ValidYes

SSL IssuerR13 (Let's Encrypt)

SSL ProtocolTLSv1.3

SSL Expires in72 days

HSTSEnabled

HTTP Status200

Response Time325ms

RegistrarGANDI SAS

Domain Created—

CategoryUnknown � suspicious pattern

TechnologiesNginx, WordPress, jQuery, Bootstrap, Facebook Pixel

Security Headers

HSTS X-Content-Type-Options X-Frame-OptionsCSPReferrer-PolicyPermissions-PolicyCOOPCOEPCORPX-XSS-Protection

Frequently Asked Questions

is yuka app legit?

The scan does not prove yuka.io is a scam, but it also does not establish strong legitimacy. It scores 68/100, is marked suspicious, and has an unknown reputation, so you should verify the service before trusting it with sensitive data.

Is yuka.io safe to visit?

Yes, the scan shows no direct malware or phishing indicators, and the site uses valid TLSv1.3 with HSTS enabled. Still, missing security headers and an unknown reputation mean you should avoid entering sensitive information unless you have confirmed the site�s legitimacy.

What did the threat checks find on yuka.io?

Google Safe Browsing, URLhaus, Spamhaus, and SURBL all came back clean. That is a positive sign, but clean threat feeds do not guarantee trustworthiness when the domain itself has little or no reputation.

Why is yuka.io marked suspicious if the SSL is valid?

A valid certificate only confirms encrypted HTTPS, not that the site is trustworthy. Yuka.io is marked suspicious because its reputation is unknown, the domain is not recognized as a major brand, and several important security headers are missing.

What security issues were found on yuka.io?

The scan found missing Content Security Policy, Referrer-Policy, Permissions-Policy, COOP, COEP, CORP, and X-XSS-Protection headers. Those omissions weaken browser-side protections and are a reason to be cautious, especially on a site handling user data.

Run your own scan

Check any URL instantly

Private, free, no account required. Your scan results are never made public — unlike VirusTotal.

Re-scan yuka.io Download PDF report Scan a different URL