Is goo.gl legit?

60
/ 100
Mostly Safe
Industry: Software & Downloads

While goo.gl benefits from strong infrastructure and reputation due to its association with Google, several red flags, particularly legal page deficiencies and an HTTP 400 error, prevent it from being fully trusted. Users should exercise some caution, especially regarding its core functionality as a link shortener.

Software & Downloads average: 80/100 · based on 75 sites

Checked: April 28, 2026 at 5:28 AM UTC

Is goo.gl a scam? Here's what we found.

Security 80/100

The site boasts a robust security posture with modern TLS 1.3, HSTS, Content Security Policy, and clickjacking protection, though a relatively short SSL certificate expiry window is a minor concern.

Identity 90/100

Its age of over 20 years and association with Google, a reputable registrar, provide a strong sense of established identity, despite generic WHOIS information.

Reputation 95/100

Being one of the most visited global websites and having a clean record with Google Web Risk and DNS blacklists indicates an excellent reputation.

Transparency 55/100

Lack of contact information, social media presence, and crucially, an HTTP 400 error status seriously hinder transparency and user access.

Compliance 50/100

The complete absence of legal pages like a privacy policy or terms of service presents a significant compliance and trust issue, which is highly unusual for a site of this scale.

Infrastructure 85/100

The site has solid DNS configuration with multiple IP addresses and Google name servers, along with strong email authentication (SPF/DMARC), ensuring reliable foundational infrastructure.

Signals Detected

[+]
Tranco Rank: Rank #54

This is one of the most visited websites globally

[?]
Structured Data: None found

No structured data markup found

[+]
DNS Resolution: 10 IP(s)

Resolves to: 2a00:1450:4001:c0f::8a, 2a00:1450:4001:c0f::71, 2a00:1450:4001:c0f::64, 2a00:1450:4001:c0f::65, 142.251.110.100, 142.251.110.139, 142.251.110.113, 142.251.110.138, 142.251.110.102, 142.251.110.101

[?]
Email (MX Records): None

No MX records found — domain may not handle email

[+]
SPF Record: Present

Domain has SPF email authentication configured

[+]
DMARC Record: Present

Domain has DMARC email authentication configured

[+]
Name Servers: 4 server(s)

DNS providers: ns4.google.com., ns3.google.com., ns2.google.com., ns1.google.com.

[+]
SSL Certificate: Valid

Valid certificate, expires in 55 days

[?]
Certificate Issuer: Google Trust Services

Certificate issued by Google Trust Services

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[?]
Branding: Basic

Site has a favicon but no social sharing metadata

[?]
Sitemap: Not found

No sitemap found — common for smaller sites

[+]
HSTS Header: Present

Site enforces HTTPS via HSTS

[+]
Content Security Policy: Present

Site has Content Security Policy configured

[+]
Clickjacking Protection: Present

X-Frame-Options: SAMEORIGIN

[?]
Server: ESF

Web server: ESF

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[?]
robots.txt: Not found

No robots.txt file — common for small sites

[+]
Domain Age: 20 years, 1 months

Domain created 2005-06-22T02:00:00.0Z (20 years, 1 months ago)

[?]
Registrar: MarkMonitor, Inc.

Registered through MarkMonitor, Inc.

[+]
Domain Expiry: 2027-01-01T23:59:59.0Z

Expires in 248 days

[+]
DNSSEC: unsigned

DNSSEC status from WHOIS

[~]
Website Status: HTTP 400

Website returned status 400

[~]
Contact Info: Not found

No obvious contact information found on homepage

[-]
Legal Pages: Missing

No privacy policy or terms of service found

[~]
Social Media Presence: None found

No social media links found on homepage

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[?]
Certificate Transparency: Unable to check

Could not query certificate transparency logs

[+]
Page Load Time: 63ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for goo.gl
<a href="https://verified.fyi/review/goo.gl"><img src="https://verified.fyi/badge/goo.gl?size=medium&style=full&theme=dark" alt="goo.gl trust score — verified.fyi" /></a>
[![goo.gl trust score](https://verified.fyi/badge/goo.gl?size=medium&style=full&theme=dark)](https://verified.fyi/review/goo.gl)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

When evaluating the trustworthiness of goo.gl, it’s important to understand its historical context as Google’s official URL shortener. While the service itself was deprecated, the domain still exists and its underlying technical signals are illuminating. Firstly, the domain's long history — over two decades in operation and its incredibly high global traffic rank — immediately signals credibility that few other domains can match. This isn’t a fly-by-night operation; it’s a long-standing fixture of the internet, backed by Google's formidable infrastructure. You rarely see this level of domain age and traffic without a significant, legitimate entity behind it. However, the crucial missing legal pages are a significant omission. For any site, particularly one that handled user data (even as a link shortener), the absence of a privacy policy or terms of service is unacceptable. Even if the service is no longer active, the domain’s continued existence means users might still encounter it, and the lack of these pages creates ambiguity about data handling. Similarly, the website returning an HTTP 400 error upon direct access, combined with no public contact information, suggests a lack of current maintenance or an intentional decision to keep the domain non-interactive. While technically sound, this lack of transparency is uncharacteristic of well-maintained Google properties. Our advice? While the technical backbone is solid and you're unlikely to encounter direct threats, the lack of legal documentation and direct access makes it a domain to approach with caution in its current state.