Is goo.gl legit?

75
/ 100
Mostly Safe
Industry: Software & Downloads

This site is Mostly Safe, but you should still use caution due to crucial missing legal pages and an inaccessible website status. While it benefits from the strong infrastructure you'd expect from a Google-affiliated domain and robust security, the lack of transparency is a concern.

Software & Downloads average: 78/100 · based on 75 sites

Checked: April 12, 2026 at 9:00 PM UTC · Refresh

Is goo.gl a scam? Here's what we found.

Security 90/100

The site boasts excellent security with a modern TLS 1.3 connection, an SSL certificate issued by Google, HSTS, and a Content Security Policy, all showing a strong commitment to protecting user data. Google Web Risk also found no threats.

Identity 95/100

With a domain age of over 20 years, registered through a reputable registrar like MarkMonitor, and managed by Google, the identity behind goo.gl is extremely well-established and trustworthy.

Reputation 90/100

The domain holds an incredibly high Tranco Rank (Top 54 globally), is not on any DNS blacklists, and has a long history, all pointing to a very strong and reputable web presence despite limited Trustpilot reviews.

Transparency 55/100

Transparency is a weak point here, as the website itself returns an error (HTTP 400) when accessed directly. The absence of contact information and social media links also makes it hard for users to engage or seek support.

Compliance 60/100

A major concern is the complete absence of legal pages like a privacy policy or terms of service, which is a serious oversight for any operational website, particularly one that was formerly a link shortener handling user data.

Infrastructure 90/100

The infrastructure is robust, supported by Google's authoritative name servers, multiple IP addresses, strong email authentication (SPF and DMARC), and fast page load times, ensuring reliability and performance.

Signals Detected

[+]
Tranco Rank: Rank #54

This is one of the most visited websites globally

[?]
Structured Data: None found

No structured data markup found

[+]
SSL Certificate: Valid

Valid certificate, expires in 63 days

[?]
Certificate Issuer: Google Trust Services

Certificate issued by Google Trust Services

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[?]
Certificate Transparency: Unable to check

crt.sh returned status 429

[+]
DNS Resolution: 10 IP(s)

Resolves to: 2a00:1450:4001:c1f::8a, 2a00:1450:4001:c1f::64, 2a00:1450:4001:c1f::8b, 2a00:1450:4001:c1f::65, 142.251.110.102, 142.251.110.101, 142.251.110.113, 142.251.110.139, 142.251.110.138, 142.251.110.100

[?]
Email (MX Records): None

No MX records found — domain may not handle email

[+]
SPF Record: Present

Domain has SPF email authentication configured

[+]
DMARC Record: Present

Domain has DMARC email authentication configured

[+]
Name Servers: 4 server(s)

DNS providers: ns2.google.com., ns3.google.com., ns1.google.com., ns4.google.com.

[+]
HSTS Header: Present

Site enforces HTTPS via HSTS

[+]
Content Security Policy: Present

Site has Content Security Policy configured

[+]
Clickjacking Protection: Present

X-Frame-Options: SAMEORIGIN

[?]
Server: ESF

Web server: ESF

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[?]
Branding: Basic

Site has a favicon but no social sharing metadata

[?]
Sitemap: Not found

No sitemap found — common for smaller sites

[?]
Trustpilot: 4.3/5 (8 reviews)

Too few reviews to be a reliable indicator

[?]
robots.txt: Not found

No robots.txt file — common for small sites

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[+]
Domain Age: 20 years, 1 months

Domain created 2005-06-22T02:00:00.0Z (20 years, 1 months ago)

[?]
Registrar: MarkMonitor, Inc.

Registered through MarkMonitor, Inc.

[+]
Domain Expiry: 2027-01-01T23:59:59.0Z

Expires in 264 days

[+]
DNSSEC: unsigned

DNSSEC status from WHOIS

[~]
Website Status: HTTP 400

Website returned status 400

[~]
Contact Info: Not found

No obvious contact information found on homepage

[-]
Legal Pages: Missing

No privacy policy or terms of service found

[~]
Social Media Presence: None found

No social media links found on homepage

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[+]
Page Load Time: 79ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for goo.gl
<a href="https://verified.fyi/review/goo.gl"><img src="https://verified.fyi/badge/goo.gl?size=medium&style=full&theme=dark" alt="goo.gl trust score — verified.fyi" /></a>
[![goo.gl trust score](https://verified.fyi/badge/goo.gl?size=medium&style=full&theme=dark)](https://verified.fyi/review/goo.gl)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

When evaluating the trustworthiness of goo.gl, it’s important to understand its historical context as Google’s official URL shortener. While the service itself was deprecated, the domain still exists and its underlying technical signals are illuminating. Firstly, the domain's long history — over two decades in operation and its incredibly high global traffic rank — immediately signals credibility that few other domains can match. This isn’t a fly-by-night operation; it’s a long-standing fixture of the internet, backed by Google's formidable infrastructure. You rarely see this level of domain age and traffic without a significant, legitimate entity behind it. However, the crucial missing legal pages are a significant omission. For any site, particularly one that handled user data (even as a link shortener), the absence of a privacy policy or terms of service is unacceptable. Even if the service is no longer active, the domain’s continued existence means users might still encounter it, and the lack of these pages creates ambiguity about data handling. Similarly, the website returning an HTTP 400 error upon direct access, combined with no public contact information, suggests a lack of current maintenance or an intentional decision to keep the domain non-interactive. While technically sound, this lack of transparency is uncharacteristic of well-maintained Google properties. Our advice? While the technical backbone is solid and you're unlikely to encounter direct threats, the lack of legal documentation and direct access makes it a domain to approach with caution in its current state.