Website Health Check

Scanned 28/02/2026

D48/100

google.com

https://www.google.com/

0.3s21 checks

Twitter LinkedIn

HTTPS & TLS

A+ (100%)

SSL Certificate5/5

Valid SSL certificate from Google Trust Services - WR2, expires in 43 days. Learn more ↗

TLS 1.2 Support10/10

TLS 1.2 is supported. Learn more ↗

TLS 1.3 Support5/5

TLS 1.3 is supported (latest version, best performance). Learn more ↗

TLS 1.0 Disabled5/5

TLS 1.0 is disabled (deprecated protocol correctly rejected). Learn more ↗

TLS 1.1 Disabled5/5

TLS 1.1 is disabled (deprecated protocol correctly rejected). Learn more ↗

Security Headers

F (17%)

Strict-Transport-Security0/15

HSTS header is missing. Browsers may allow HTTP connections. Learn more ↗

X-Content-Type-Options0/5

X-Content-Type-Options header is missing. Browser may MIME-sniff responses. Learn more ↗

X-Frame-Options5/5

X-Frame-Options is set to SAMEORIGIN. Learn more ↗

Referrer-Policy0/5

Referrer-Policy header is missing. Full URLs may be sent in referrer headers. Learn more ↗

Content Security Policy

F (0%)

Content Security Policy0/10

No Content-Security-Policy header found. The site has no XSS mitigation via CSP. Learn more ↗

CSP unsafe-inline0/5

No CSP header to check for unsafe-inline. Learn more ↗

CSP unsafe-eval0/5

No CSP header to check for unsafe-eval. Learn more ↗

Permissions Policy

F (0%)

Permissions Policy0/10

No Permissions-Policy or Feature-Policy header found. Browser features like camera, microphone, and geolocation are unrestricted. Learn more ↗

Server Security

B (67%)

Server Header Disclosure5/5

Server header shows "gws" (CDN/platform, not a disclosure concern). Learn more ↗

Domain Blacklist0/5

Domain is listed on 1 blacklist: Spamhaus DBL. Learn more ↗

Exposed Sensitive Paths5/5

No common admin or sensitive paths are publicly exposed. Learn more ↗

Content Security

A (80%)

Mixed Content5/5

No mixed content detected. All resources use HTTPS. Learn more ↗

Redirect Chain3/5

1 redirect across 2 domains. Moderate redirect chain. Learn more ↗

Email Security

A (80%)

SPF Record3/3

SPF record found: v=spf1 include:_spf.google.com ~all Learn more ↗

DMARC Policy4/4

DMARC policy set to "reject" — spoofed emails will be rejected. Learn more ↗

DKIM Signing1/3

No DKIM records found for common selectors. DKIM may use a custom selector not checked here. Learn more ↗

Recommendations

1
mediumAdd a Strict-Transport-Security header with max-age=31536000 and includeSubDomains.
2
mediumImplement a Content-Security-Policy header with at least default-src and script-src directives.
3
mediumAdd a Permissions-Policy header restricting camera, microphone, geolocation, and payment.
4
mediumAdd X-Content-Type-Options: nosniff to prevent MIME-sniffing attacks.
5
mediumSet Referrer-Policy to strict-origin-when-cross-origin or stricter.
6
mediumYour domain is listed on one or more DNS blacklists. Investigate and request removal.
7
mediumReduce the number of redirects in your URL chain. Excessive redirects slow page loads and may indicate URL obfuscation.
8
mediumConfigure DKIM signing for your email to authenticate outgoing messages.

This scan checks publicly observable security configuration. It does not test for application-level vulnerabilities, perform penetration testing, or access any private data. Results are informational only.