/ / d / google.com
google.com
56 / 100
overall · band: medium
Categories
Security44/ 100 · 9 measured
Performance94/ 100 · 10 measured
SEO34/ 100 · 7 measured
AI-readiness25/ 100 · 4 measured
Privacy50/ 100 · 6 measured
Accessibility76/ 100 · 5 measured
Brand presence34/ 100 · 17 measured
Email health56/ 100 · 16 measured
Site facts
- Snapshot date
- 2026-04-26
- Factors scored
- 74 / 86
- Composite score
- 56/100
- Method version
- v0.1 — 2026-04-25
Security· 44/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 4 | Security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, X-Content-Type-Options) | fail | 25 | security_headers_score=25, missing=Strict-Transport-Security|Content-Security-Policy|X-Content-Type-Options|Referrer-Policy|Permissions-Policy |
| 5 | SSL certificate validity & expiration window | n/a | — | Scoring not yet implemented |
| 6 | WordPress REST API user enumeration exposure | pass | 100 | not_wordpress |
| 7 | Sensitive path exposure (.git, .env, /admin, xmlrpc.php, wp-login.php) | pass | 100 | total_checked=6 |
| 22 | DNSSEC validation | fail | 0 | ds_present=false, ad_bit=false |
| 23 | CAA records | fail | 0 | records=\# 15 00 05 69 73 73 75 65 70 6b 69 2e 67 6f 6f 67, has_issue=false, has_iodef=false |
| 26 | HSTS preload list inclusion | fail | 0 | preload_status=unknown |
| 27 | TLS minimum version & cipher suite quality | warn | 70 | status=READY, grades=B|B|B|B|B|B|B|B|B, worst=B |
| 28 | Subdomain takeover surface | pass | 100 | findings={"subdomain":"api.google.com","cname":"api.l.google.com.","dangling":false}|{"subdomain":"blog.google.com","cname":"www.blogger.com.","dangling":false}, dangling_count=0 |
| 29 | Spam / phishing blocklist presence | fail | 0 | listed=true, response_code=0, answers=127.255.255.254 |
Performance· 94/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 8 | Mobile PageSpeed score + Core Web Vitals (LCP, FCP, CLS) | warn | 61 | performance_score=59, lcp_ms=7390.012960747925, cls=0.00496, components={"perf":59,"lcp":30,"cls":100} |
| 9 | HTTP/2 support | pass | 100 | perf_http2=true |
| 10 | Compression (Brotli / gzip) | pass | 80 | perf_compression=gzip |
| 30 | HTTP/3 support | pass | 100 | source=alt_svc, alt_svc=h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, supports_h3=true |
| 31 | IPv6 support | pass | 100 | aaaa_count=1, aaaa=2607:f8b0:4005:803::200e |
| 32 | Image optimization (WebP/AVIF) | pass | 100 | id=image-delivery-insight, lighthouse_score=1 |
| 33 | Desktop PageSpeed score | n/a | — | Scoring not yet implemented |
| 34 | Core Web Vitals from CrUX (Real User Monitoring) | n/a | — | Scoring not yet implemented |
| 35 | Lazy loading on below-fold images | pass | 100 | id=image-delivery-insight, lighthouse_score=1 |
| 36 | Font loading strategy (FOUT/FOIT/swap) | pass | 100 | id=font-display-insight, lighthouse_score=1 |
| 37 | Total homepage byte weight | pass | 100 | html_bytes=3127, subresource_bytes=0, total_bytes=3127, total_kb=3, sampled=1, total_refs=1 |
| 38 | Largest unused JavaScript bundle | pass | 100 | deferred_scripts=1, sample=https://www.google.com/recaptcha/enterprise.js |
SEO· 34/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 11 | Title, meta description, OG, Twitter cards, canonical | fail | 40 | title=true, description=true, og=false, twitter=false, canonical=false |
| 12 | Schema.org structured data presence | fail | 0 | structured_data_absent |
| 13 | H1 tag presence | fail | 0 | h1_count=0 |
| 14 | Sitemap.xml + robots.txt presence | pass | 100 | has_robots_txt=true, has_sitemap=true |
| 39 | Schema.org type validity (parsed JSON-LD) | n/a | — | Scoring not yet implemented |
| 40 | Breadcrumb schema | fail | 0 | present=false |
| 41 | FAQ / HowTo schema (where applicable) | n/a | — | n/a — not_applicable |
| 42 | hreflang for multi-language sites | n/a | — | n/a — single_language |
| 43 | Internal link depth (clicks from homepage to deepest content) | pass | 100 | max_depth=1, pages_fetched=1, pages_seen=2, capped_at=50 |
| 61 | Better Business Bureau accreditation | fail | 0 | no_link_on_site |
AI-readiness· 25/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 15 | llms.txt presence | fail | 0 | has_llms_txt=false |
| 16 | AI crawler robots.txt directives | pass | 100 | robots_ai_blocked_count=0 |
| 44 | AI plugin manifest (.well-known/ai-plugin.json) | fail | 0 | status=404 |
| 45 | JSON-LD richness score for LLMs | fail | 0 | org_complete=false, has_address=false, has_contact_point=false, has_same_as=false, has_content_type=false, breakdown={"coreOrg":0,"contact":0,"sameAs":0,"contentType":0} |
Privacy· 50/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 46 | Cookie banner presence + CMP detection | fail | 0 | banner_detected=false |
| 47 | Privacy policy page presence | fail | 0 | found=false |
| 48 | Terms of service page presence | pass | 100 | found=true, href=//www.google.com/policies/terms/, text=Terms of Service |
| 49 | Third-party tracker count | pass | 100 | count=0 |
| 50 | CCPA "Do Not Sell or Share My Personal Information" link | fail | 0 | found=false |
| 51 | Cookie scan — actual cookies set on first load | pass | 100 | count=0, with_cmp=false |
Accessibility· 76/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 52 | Accessibility statement page | fail | 0 | found=false |
| 53 | axe-core / WAVE accessibility scan | pass | 87 | accessibility_category=0.87 |
| 54 | Image alt text coverage | n/a | — | Scoring not yet implemented |
| 55 | Heading hierarchy validity | pass | 100 | lighthouse_score=1 |
| 56 | Color contrast (WCAG AA) | pass | 100 | lighthouse_score=1, failing_count=0 |
| 57 | ARIA labels presence and validity | pass | 92 | total_aria_audits=22, applicable=13, passing=12, failing=aria-input-field-name |
| 58 | Skip-to-content link | n/a | — | Scoring not yet implemented |
Brand presence· 34/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 17 | Domain age (RDAP / WHOIS) | pass | 100 | domain_age_years=28.6 |
| 18 | Wayback Machine site age & last snapshot | warn | 65 | first_snapshot=1998-11-11T18:45:51Z, last_snapshot=1998-11-11T18:45:51Z, estimated_age_years=27.5, first_years_ago=27.455684889060006, last_days_ago=10028.188905729166 |
| 19 | Google Business Profile presence + rating | pass | 80 | found=true, rating=3.9, review_count=86 |
| 20 | News mentions in last 30 days | pass | 85 | news_mentions_count=20 |
| 21 | Wikipedia entity | pass | 100 | found=true, title=Google, url=https://en.wikipedia.org/wiki/Google |
| 59 | Yelp presence + rating + review count | fail | 0 | no_link_on_site |
| 60 | Trustpilot presence + rating | fail | 0 | no_link_on_site |
| 62 | LinkedIn Company Page (presence + employee count + follower count) | fail | 0 | no_link_on_site |
| 63 | Bing Places | n/a | — | n/a — no_public_url_convention |
| 64 | Apple Maps presence (Apple Business Connect) | fail | 0 | no_link_on_site |
| 65 | Facebook Page presence | fail | 0 | no_link_on_site |
| 66 | Instagram presence (link from site → IG profile) | fail | 0 | no_link_on_site |
| 67 | Web App Manifest (manifest.json) | n/a | — | Scoring not yet implemented |
| 68 | Service Worker / PWA capability | n/a | — | Scoring not yet implemented |
| 69 | Analytics tools detected | fail | 0 | count=0 |
| 70 | Payment processors detected | n/a | — | n/a — no_payment_detected |
| 71 | Marketing automation tools detected | fail | 0 | count=0 |
| 72 | Customer support tools detected | fail | 0 | count=0 |
| 73 | Tag manager presence | warn | 50 | count=0 |
| 74 | Ad networks detected | pass | 100 | count=0 |
| 83 | Visible contact form on site | fail | 0 | detected=false, count=0 |
Email health· 56/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 1 | DMARC enforcement | pass | 100 | present=true, policy=reject |
| 2 | DKIM signing | fail | 0 | present=false |
| 3 | SPF record present and valid | pass | 100 | present=true, raw="v=spf1 include:_spf.google.com ~all", qualifier=softfail |
| 24 | MTA-STS & TLS-RPT | pass | 100 | sts_txt=v=STSv1; id=20210803T010101;, tls_rpt=v=TLSRPTv1;rua=mailto:sts-reports@google.com, policy_ok=true |
| 25 | BIMI + VMC | fail | 0 | no_bimi |
| 75 | Branded domain email address (vs free Gmail/Yahoo) | pass | 100 | branded=true, provider=google |
| 76 | Email provider class (Workspace / 365 / Zoho / self-hosted / shared) | pass | 100 | provider=google |
| 77 | DMARC aggregate reporting enabled (rua=) | pass | 100 | has_dmarc_reporting=true, audit_flag=true, derived_from_raw=true, source=derived_from_raw, dmarc_raw="v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com" |
| 78 | Free-email exposure on contact page (gmail/yahoo/outlook visible) | pass | 100 | Scored |
| 79 | Newsletter signup form detected | fail | 0 | detected=false |
| 80 | Email Service Provider (ESP) detected | fail | 0 | Scored |
| 81 | Transactional email provider detected (from SPF includes) | fail | 0 | Scored |
| 82 | SPF lookup count (10-limit deliverability check) | pass | 100 | lookups=1, limit=10 |
| 84 | Mailto: direct contact link present | fail | 0 | Scored |
| 85 | Email forwarding service detected (improvmx, forwardemail, etc.) | pass | 100 | hosts=smtp.google.com, provider=Google Workspace, kind=branded |
| 86 | Lead magnet / signup incentive detected (free download, ebook, etc.) | fail | 0 | detected=false |
Scores are computed under method v0.1 — 2026-04-25. See the methodology for the full factor list and per-factor specifications.