Designing for Trust: What a 25-Year-Old Study Still Gets Right About Your Website

In 1997, the web was five years old as a public medium. Most businesses didn't have websites. The ones that did were largely figuring it out as they went with no established conventions, no accumulated best practices, no meaningful body of research on how people actually used them.

That year, a researcher named B.J. Fogg at Stanford University's Persuasive Technology Lab began asking a question that almost nobody else had thought to ask: why do people trust some websites and not others?

It seems obvious now that this question needed asking. At the time, the implicit assumption in most web design was that if you built a site and put accurate information on it, people would believe it. Fogg suspected (correctly, as it would turn out) that the relationship between truth and credibility online was far more complicated than that.

What the Research Found

Over several years, Fogg and his colleagues conducted studies involving more than 4,500 participants, systematically examining which elements of a website made people more or less likely to trust it. The findings, published as the Stanford Guidelines for Web Credibility and documented through the Stanford Web Credibility Research project, were surprising in their specifics.

The most influential factor in whether users trusted a website was not the accuracy of its content. It was not the reputation of the organization behind it. It was not privacy policies or security certifications (those are really important, though!). It was design quality. The visual impression a site makes. Its layout, its typography, its apparent professionalism all culminated as the single strongest predictor of whether visitors considered it credible.

This finding made intuitive sense once stated, but it upended the working assumption of many people building websites at the time. A site could be entirely factual and well-intentioned and still fail to earn trust because it looked like it had been assembled without care. Conversely, a site with a polished, professional design was extended considerable benefit of the doubt, regardless of what it actually said.

The second major finding was that credibility is not built by any single element. It is built (and eroded) by an accumulation of small signals, most of which visitors process without deliberate attention.

The Ten Guidelines, and Why They Endure

From the research, Fogg's team distilled ten guidelines for building credible websites. They are worth examining not just as a checklist but as a portrait of how human trust actually works.

1. Make it easy to verify the accuracy of your information. Credibility is partly a function of willingness to be checked. Linking to sources, citing data, and referencing credentials all signal that you stand behind what you publish. A site that makes bold claims without supporting evidence is asking visitors to take it on faith, and most visitors are not inclined to do that.
2. Show that there is a real organization behind your site. A physical address or direct form of contact that is easy to find is the simplest example of this. It is a verifiable claim. A business that lists where it operates and how to reach it is accountable in a way that one providing no location information is not.
3. Highlight the expertise in your organization and in the content you provide. What qualifies you to do what you do? That question deserves a substantive answer. Certifications, years of experience, specific industries served, notable projects - these all demonstrate expertise rather than asserting it.
4. Show that honest and trustworthy people stand behind your site. Real photographs of real team members consistently outperform stock imagery in trust research. A bio that describes a person's actual background and interests is more credible than a paragraph of professional-sounding generalities. Visitors are looking for people, not personas.
5. Make it easy to contact you. A phone number, an email address, and a physical address visible without effort signal reachability and accountability. Businesses that are hard to contact online often appear, to visitors, like businesses that prefer not to be contacted.
6. Design your site so it looks professional. This is Fogg's most consistent finding, returned to across multiple studies over multiple years: visual design functions as a credibility proxy. Layout, typography, color consistency, and image quality all operate as their own form of subconscious trust signals. They are the signals from which visitors infer whether a business takes itself seriously. Research from the Baymard Institute in the e-commerce context shows that visual polish directly influences willingness to transact, decades after Fogg first described the mechanism.
7. Make your site easy to use and useful. A site that is difficult to navigate or slow to load creates friction that erodes confidence. The user experience is itself a statement about how a business operates. A frustrating website suggests, however unfairly, a frustrating company behind it.
8. Update your content often, or at least show it has been reviewed recently. Outdated content is one of the most quietly damaging trust signals on the web. A blog with its last post from two years ago, a team page that still features someone who left the company, a copyright year that is three years behind - each of these tells visitors the site is not being maintained, and invites the question of what else might be stale or inaccurate.
9. Use restraint with promotional content. Heavy-handed promotional language actively undermines credibility. Visitors have a well-developed sense for the difference between content written to inform and content written to sell, and they trust the former considerably more. This applies to advertising as well: sites dense with banner ads and pop-up interruptions read as less credible than those that let their content stand on its own.
10. Avoid errors of all types, no matter how small. Typos, broken links, missing images, forms that don't submit. Each is a small failure, and small failures accumulate into a general impression of carelessness. Fogg's research showed that errors damage credibility disproportionately to their apparent size. A single broken link raises the question of what else might be broken.

Why a Quarter Century Hasn't Changed the Fundamentals

The web of 1997 and the web of today have almost nothing in common as technical artifacts. The average webpage then weighed a few kilobytes. Smartphones didn't exist. Social proof meant a testimonials section, not a star rating aggregated across thousands of reviews. AI hadn't been applied to search, let alone to generating web content.

And yet the ten guidelines read like they were written last year. The reason is that they are not really about websites. They are about how human beings evaluate trustworthiness, and that process has not changed.

The signals Fogg identified are the same signals people use to decide whether to trust anyone: Does this person present themselves professionally? Are they transparent about who they are? Can I verify what they're telling me? Do they seem to care about the quality of what they produce? Are there other people who can vouch for them? Is there a way to reach them if something goes wrong?

These are ancient questions. The web made them faster to answer, but it didn't change them.

What has changed is the volume and speed of the evaluation. The Nielsen Norman Group's research on first impressions puts the window for credibility judgments at roughly ten to twenty seconds. For sites that fail to communicate clearly right away, the exit often comes much sooner. Visitors in the era Fogg was studying had more patience, if only because the medium was new. Today's visitors have seen enough websites to know within seconds whether one seems worth their time.

The stakes are also higher now. Commerce, healthcare decisions, legal research, financial choices, hiring decisions - all of it moves through websites in ways it did not in 1997. The consequences of a credibility failure have grown with the responsibilities the web has assumed.

A Practical Audit

The ten guidelines are most useful as a systematic lens on your own site. Open your website as a stranger would. Likely on a phone, without the context you carry as its owner.

Work through each principle. Can a visitor verify the claims you make? Is there clear evidence of a real organization with a real address? Does the content demonstrate expertise rather than just claim it? Are the people behind the business visible and human? Is your contact information easy to find? Does the design look like the product of someone who takes their work seriously? Is the site genuinely easy to use? Is the content current? Is the tone informative rather than promotional? Are there any errors anywhere?

The gaps that turn up are the places where visitors are quietly losing confidence, usually without you ever knowing they were there.

Fogg's insight from nearly three decades ago was that trust online is not about telling people you can be trusted. It is about building an environment where trust becomes the reasonable conclusion. The guidelines describe what that environment looks like. The work is in building it.