Skip to main content
Trust report

google.com

TrustedVisit siteFresh scan · 7/17/2026, 10:23:44 PM

87/100 — trusted. Long-established, no impersonation patterns, no scam-correlated signals.

Verdict driven by: no contact page found; missing HSTS; missing Content Security Policy — worth extra caution before trusting.

Top scam signals
  • No contact page found
    Reputable sites usually publish a contact page.
  • Missing HSTS
    Tells browsers to only use HTTPS for this domain.
  • Missing Content Security Policy
    Restricts which scripts and resources the page can load.
SL Trust Core
87
safe
Category breakdown
Identity & Age70/100
1 signal · weight 22
Impersonation Risk100/100
2 signals · weight 22
Red Flags100/100
1 signal · weight 18
Transparency82/100
7 signals · weight 14
Security74/100
8 signals · weight 8
Email100/100
2 signals · weight 4
Infrastructure100/100
5 signals · weight 4
Content93/100
4 signals · weight 3
Performance84/100
2 signals · weight 3
Technical Health36/100
2 signals · weight 2
Positive signals
  • Site responded with 200
  • HTTPS is enforced
  • Fast response (347ms)
  • Served through Cloudflare
  • 10 address record(s) resolved
  • IPv6 (AAAA) available
Warnings
  • Missing HSTS
  • Missing Content Security Policy
  • No mobile viewport meta tag
  • No contact page found
  • Large response served uncompressed
Critical
None detected.
Helpful?
Recommendations

Top 4 things to fix

  • high · security
    Add an HSTS header

    Send Strict-Transport-Security: max-age=31536000; includeSubDomains on every response to force browsers onto HTTPS.

  • medium · security
    Publish a Content Security Policy

    A minimal CSP dramatically reduces the impact of XSS. Start with default-src 'self' and iterate.

  • medium · transparency
    Add a contact page

    List an email, form, or physical address. Sites without contact info are trusted less by users and search engines.

  • low · content
    Add a meta description

    A 120–160 character description improves click-through from search.

Root label
google
TLD
.com
Uses punycode (xn--)
no
Mixed-script (homoglyph)
no
Brand match
google (this IS the real brand's domain)
Typosquat check
no typosquat pattern
Phishing suffix tokens
none
google is the real brand's registered domain
The root label matches the brand exactly — this IS the brand's own domain.
+10
No impersonation patterns detected
Domain doesn't look like a typosquat, doesn't embed a well-known brand, and uses ASCII characters.
+8
Payment red flags
none detected
Urgency / pressure language
none detected
Disposable-domain combo
no
Page text length scanned
138 chars
No scam-correlated language found on the home page
No crypto-only / gift-card / wire-only payment demands, and no obvious urgency tactics.
+6
RDAP returned 403
Final URL
https://www.google.com/
Status
200
Response time
347ms
Server
cloudflare
CDN
Cloudflare
Content-Type
text/html; charset=UTF-8
Body size
83.6 KB
Redirects
1
Redirect chain
  1. 301https://www.google.com/
Site responded with 200
Final URL: https://www.google.com/. Response time 347ms.
+8
HTTPS is enforced
All redirects stayed on HTTPS. Traffic is encrypted end-to-end.
+10
Fast response (347ms)
+6
Served through Cloudflare
Sites behind a major CDN benefit from DDoS protection and edge caching.
+4
A
192.178.154.138, 192.178.154.113, 192.178.154.101, 192.178.154.100, 192.178.154.139, 192.178.154.102
AAAA
2607:f8b0:4023:1423::8b, 2607:f8b0:4023:1423::71, 2607:f8b0:4023:1423::65, 2607:f8b0:4023:1423::64
MX
10 smtp.google.com
NS
ns1.google.com, ns3.google.com, ns2.google.com, ns4.google.com
TXT count
15
10 address record(s) resolved
+4
IPv6 (AAAA) available
Modern dual-stack setup.
+2
4 authoritative nameservers
+2
ssl timed out after 8000ms
X-Frame-Optionsmissing: HSTSmissing: Content Security Policymissing: X-Content-Type-Optionsmissing: Referrer Policymissing: Permissions Policy
Missing HSTS
Tells browsers to only use HTTPS for this domain.
-4
Missing Content Security Policy
Restricts which scripts and resources the page can load.
-4
X-Frame-Options is set
Prevents clickjacking by disallowing framing.
+3
Missing X-Content-Type-Options
Blocks MIME-sniffing browser attacks.
-2
Missing Referrer Policy
Controls what referrer information is sent with requests.
-2
Missing Permissions Policy
Restricts access to powerful browser features (camera, mic, etc.).
-2
SPF
v=spf1 include:_spf.google.com ~all
DMARC
v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com
DMARC policy
reject
DKIM selectors found
SPF record published
+5
DMARC published (reject)
+6
Svelte· jsGoogle Analytics· analyticsCloudflare· cdn
Title
Google
Description
Language
en
Charset
UTF-8
3 technologies detected
Svelte, Google Analytics, Cloudflare
No mobile viewport meta tag
The page won't render correctly on phones without a viewport tag.
-3
Missing meta description
-2
Phone numbers
946721767, 1784327024843, 946721767.0, 116221146, 116221148, 116249040
Privacy policy linked from home page
+6
Terms of service linked from home page
+5
No contact page found
Reputable sites usually publish a contact page.
-4
About page linked from home page
+3
No refund/return policy found
Reputable sites usually publish a refund/return policy.
-3
No cookie policy found
Reputable sites usually publish a cookie policy.
-2
Phone number published
+2
Diagnostics

Scan performance

engine 5.1.0 · report v5
Total scan time
8083 ms
Cache
Miss
Final response
347 ms
Redirects
1
Plugins executed
18
Plugins failed
5
Signal confidence
72%
Per-plugin timings
sslfailed · 8000 ms
phishstatsfailed · 3500 ms
sitemap396 ms
http347 ms
robots272 ms
urlhausfailed · 129 ms
email-security83 ms
rdapfailed · 3 ms
dns1 ms
reputation0 ms
impersonation0 ms
safe-browsingfailed · 0 ms
security-headers0 ms
tech0 ms
content0 ms
redirects0 ms
performance0 ms
red-flags0 ms