Trust report
google.com
87/100 — trusted. Long-established, no impersonation patterns, no scam-correlated signals.
Verdict driven by: no contact page found; missing HSTS; missing Content Security Policy — worth extra caution before trusting.
Top scam signals
- No contact page foundReputable sites usually publish a contact page.
- Missing HSTSTells browsers to only use HTTPS for this domain.
- Missing Content Security PolicyRestricts which scripts and resources the page can load.
SL Trust Core
87
safe
Category breakdown
Identity & Age70/100
1 signal · weight 22
Impersonation Risk100/100
2 signals · weight 22
Red Flags100/100
1 signal · weight 18
Transparency82/100
7 signals · weight 14
Security74/100
8 signals · weight 8
Email100/100
2 signals · weight 4
Infrastructure100/100
5 signals · weight 4
Content93/100
4 signals · weight 3
Performance84/100
2 signals · weight 3
Technical Health36/100
2 signals · weight 2
Positive signals
- Site responded with 200
- HTTPS is enforced
- Fast response (347ms)
- Served through Cloudflare
- 10 address record(s) resolved
- IPv6 (AAAA) available
Warnings
- Missing HSTS
- Missing Content Security Policy
- No mobile viewport meta tag
- No contact page found
- Large response served uncompressed
Critical
None detected.
Recommendations
Top 4 things to fix
- high · securityAdd an HSTS header
Send Strict-Transport-Security: max-age=31536000; includeSubDomains on every response to force browsers onto HTTPS.
- medium · securityPublish a Content Security Policy
A minimal CSP dramatically reduces the impact of XSS. Start with default-src 'self' and iterate.
- medium · transparencyAdd a contact page
List an email, form, or physical address. Sites without contact info are trusted less by users and search engines.
- low · contentAdd a meta description
A 120–160 character description improves click-through from search.
- Root label
- TLD
- .com
- Uses punycode (xn--)
- no
- Mixed-script (homoglyph)
- no
- Brand match
- google (this IS the real brand's domain)
- Typosquat check
- no typosquat pattern
- Phishing suffix tokens
- none
google is the real brand's registered domain
The root label matches the brand exactly — this IS the brand's own domain.
+10
No impersonation patterns detected
Domain doesn't look like a typosquat, doesn't embed a well-known brand, and uses ASCII characters.
+8
- Payment red flags
- none detected
- Urgency / pressure language
- none detected
- Disposable-domain combo
- no
- Page text length scanned
- 138 chars
No scam-correlated language found on the home page
No crypto-only / gift-card / wire-only payment demands, and no obvious urgency tactics.
+6
RDAP returned 403
- Final URL
- https://www.google.com/
- Status
- 200
- Response time
- 347ms
- Server
- cloudflare
- CDN
- Cloudflare
- Content-Type
- text/html; charset=UTF-8
- Body size
- 83.6 KB
- Redirects
- 1
Redirect chain
- 301 → https://www.google.com/
Site responded with 200
Final URL: https://www.google.com/. Response time 347ms.
+8
HTTPS is enforced
All redirects stayed on HTTPS. Traffic is encrypted end-to-end.
+10
Fast response (347ms)
+6
Served through Cloudflare
Sites behind a major CDN benefit from DDoS protection and edge caching.
+4
- A
- 192.178.154.138, 192.178.154.113, 192.178.154.101, 192.178.154.100, 192.178.154.139, 192.178.154.102
- AAAA
- 2607:f8b0:4023:1423::8b, 2607:f8b0:4023:1423::71, 2607:f8b0:4023:1423::65, 2607:f8b0:4023:1423::64
- MX
- 10 smtp.google.com
- NS
- ns1.google.com, ns3.google.com, ns2.google.com, ns4.google.com
- TXT count
- 15
10 address record(s) resolved
+4
IPv6 (AAAA) available
Modern dual-stack setup.
+2
4 authoritative nameservers
+2
ssl timed out after 8000ms
X-Frame-Optionsmissing: HSTSmissing: Content Security Policymissing: X-Content-Type-Optionsmissing: Referrer Policymissing: Permissions Policy
Missing HSTS
Tells browsers to only use HTTPS for this domain.
-4
Missing Content Security Policy
Restricts which scripts and resources the page can load.
-4
X-Frame-Options is set
Prevents clickjacking by disallowing framing.
+3
Missing X-Content-Type-Options
Blocks MIME-sniffing browser attacks.
-2
Missing Referrer Policy
Controls what referrer information is sent with requests.
-2
Missing Permissions Policy
Restricts access to powerful browser features (camera, mic, etc.).
-2
- SPF
- v=spf1 include:_spf.google.com ~all
- DMARC
- v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com
- DMARC policy
- reject
- DKIM selectors found
- —
SPF record published
+5
DMARC published (reject)
+6
Svelte· jsGoogle Analytics· analyticsCloudflare· cdn
- Title
- Description
- —
- Language
- en
- Charset
- UTF-8
3 technologies detected
Svelte, Google Analytics, Cloudflare
No mobile viewport meta tag
The page won't render correctly on phones without a viewport tag.
-3
Missing meta description
-2
contactnot found
refundnot found
shippingnot found
cookiesnot found
- Phone numbers
- 946721767, 1784327024843, 946721767.0, 116221146, 116221148, 116249040
Privacy policy linked from home page
+6
Terms of service linked from home page
+5
No contact page found
Reputable sites usually publish a contact page.
-4
About page linked from home page
+3
No refund/return policy found
Reputable sites usually publish a refund/return policy.
-3
No cookie policy found
Reputable sites usually publish a cookie policy.
-2
Phone number published
+2
Diagnostics
Scan performance
engine 5.1.0 · report v5
Total scan time
8083 ms
Cache
Miss
Final response
347 ms
Redirects
1
Plugins executed
18
Plugins failed
5
Signal confidence
72%
Per-plugin timings
sslfailed · 8000 ms
phishstatsfailed · 3500 ms
sitemap396 ms
http347 ms
robots272 ms
urlhausfailed · 129 ms
email-security83 ms
rdapfailed · 3 ms
dns1 ms
reputation0 ms
impersonation0 ms
safe-browsingfailed · 0 ms
security-headers0 ms
tech0 ms
content0 ms
redirects0 ms
performance0 ms
red-flags0 ms