Receipts methodology
Here is exactly how the scanner checks. Audit the auditor.
The principle
The score measures claim-to-evidence consistency, never size. A brand new site that claims nothing scores well. New and honest is a fine state. A site loses standing only when a claim is found and the footprint that claim should have left is not. Severity comes from the gap between what is said and what is recorded, nowhere else.
Every check ends in one of four states: found, not found, could not verify, or not applicable. Only the first two are scored. A check that couldn't run, or had nothing to examine, is excluded from the math entirely. A site is never punished for our blind spots or for making no claims.
The five trails
Domain and history
When did this site come into existence, according to records nobody can edit after the fact. Registration date, first archive capture, earliest TLS certificate. Age alone never flags anything. It exists to be cross-checked against claims, because “12,000 users” means something different on a domain that is six weeks old.
sources RDAP registry records · Wayback Machine · certificate transparency logs (crt.sh)
Social proof integrity
If the site shows no testimonials and no badges, this trail is not applicable and says so. If it shows them, the scanner checks whether the named people return any public footprint when searched by name, role, and company together, whether portrait images read as candid photos or as stock and generated faces, whether the quotes contain product-specific detail, and whether rating badges link to any review platform at all.
Portrait and quote assessments are made by a model and are always written in hedged language. They describe consistency with known patterns. They never claim certainty about a person.
sources web search · model assessment of portraits and quote patterns
Footprint corroboration
Quantified claims get weighed against the trail real traction leaves. User counts and revenue claims are cross-checked against domain age, the product name is searched for independent mentions outside its own domain, displayed customer logos are spot-checked for any public reference connecting those companies to the product, and linked social profiles are checked for liveness.
Zero mentions is only a finding when paired with a large claim. An early product making modest claims with no footprint yet is recorded as exactly that.
sources web search · the site's own claims, quoted verbatim
Generation fingerprints
Builder tool markers, default assets, templated copy patterns, and canonical section ordering are detected and recorded. They are observations, never penalties on their own. Plenty of honest products start from a template, including ours. This trail only lowers a score when fingerprints appear alongside uncorroborated claims, because that combination is the pattern that matters. Template plus honesty is just a cheap start.
Our detection heuristics are our own, versioned and updated often, informed by public research including StackScope's published work on AI-built detection.
sources page source analysis · model assessment of copy register
Operational reality
Does the machinery of a real business exist behind the page. Legal pages that load, contain substance, and name a consistent company. A contact address whose domain can actually receive mail. A pricing path that resolves to a live payment provider, observed without paying. A named human findable from the site. A changelog or blog with more than one dated entry.
sources the site itself · DNS records · web search
Scoring and the stamp
Each trail scores as a weighted ratio of found to not found, with heavier checks counting more. The overall score averages the trails that were applicable. Bands map plainly: 85 and up is strong evidence trail, 65 to 84 reasonable evidence trail, 40 to 64 thin evidence trail, and below 40 claims outpace evidence, which is the strongest language any report will ever use.
Every receipt's stamp impression is generated from that report's own identifier. The ink erosion, edge wobble, and pressure are unique to it. No two receipts in existence carry the same impression.
Language rules
Reports never use the words fake, scam, fraud, lying, fabricated, dishonest, or deceptive about a scanned site. This is enforced in code, with a test, not by intention.
Directly observed facts use flat verbs: registered, found, returned, resolves. Model-assessed findings use hedged verbs: reads as, is consistent with. You can always tell which kind of finding you are reading.
Every report carries its scan date and the same disclaimer: evidence found and not found at scan time, not an accusation, not a verdict.
Known limits
Sites that render entirely client side get a reduced scan covering domain history and reachable operational checks, and the report says so plainly. Footprint searches lean on one search API and can miss corroboration that exists somewhere unindexed. Model assessments can be wrong in both directions. When a check fails to run, it reports could not verify rather than guessing.
False positives matter most to the honest builder who gets one. If a receipt about your site contains an error, fix nothing, write to hello@getreceipts.dev with the line in question, and a human will look. If the site changed, rescan after seven days and the new receipt replaces nothing; both exist, both dated.