Does google.com redirect HTTP to HTTPS?

Yes. google.com redirects HTTP requests to HTTPS, so users and search engines land on the secure URL.

Is HTTPS working for google.com?

Yes. google.com is reachable over HTTPS and the connection is encrypted.

What is the SSL grade for google.com?

google.com has SSL grade A (Very Good). Certificate is valid.

What security headers does google.com send?

google.com sends 3 of 6 recommended security headers (e.g. HSTS, CSP, X-Frame-Options). The report lists which are present and recommends adding missing ones.

What is the redirect chain?

For google.com, the redirect chain is: http://google.com → http://www.google.com/ → https://www.google.com/?gws_rd=ssl. Shorter chains are faster and better for SEO.

HTTPS Checker

Security Tool

HTTPS, SSL & Security Report for google.com

This report summarizes how well google.com is configured for secure web delivery. It covers HTTPS availability, HTTP→HTTPS redirects, TLS/SSL certificate validity, security headers, HTTP/2 and HTTP/3 support, and mixed content. Use it to quickly spot configuration gaps and improve your site's security and trust.

SecureScore95/100Last checked: 26 Feb 2026 at 19:10 UTCRefresh report

HTTPS

Enabled

HTTP → HTTPS

Yes

TLS

A · 1.2, 1.3

Security headers

3/6

Detailed checks

HTTPS availability

The site is reachable over HTTPS.

Why it matters: HTTPS encrypts traffic and protects user data.

HTTP to HTTPS redirect

Requests to HTTP are redirected to HTTPS.

TLS & CertificateA

Valid	Yes
Issuer	C=US, O=Google Trust Services, CN=WR2
Expires	2026-04-13
Days until expiry	45 days

Why it matters: A valid, non-expired certificate ensures encryption is trusted by browsers.

To improve your grade

•For A+: add HSTS preload.
•For A+: add Content-Security-Policy.

Get a reminder 30 days before the SSL certificate expires

We’ll send you one email about the expiry, no spam and no subscription.

Grade breakdown2 things to improve for a higher grade →

95/100 pts

HTTPS Connection

+25/25

HTTP to HTTPS Redirect

+20/20

Valid SSL Certificate

+20/20

Certificate Not Expiring Soon

+10/10

Fast Response Time

+10/10

Short Redirect Chain

+5/5

HSTS Enabled

+5/5

Security Headers

+0/5

Requires 4 of 6 headers and Content-Security-Policy (CSP).

To improve your grade

•For A+: add HSTS preload.
•For A+: add Content-Security-Policy.

Security headers3/6

HSTS
CSP
X-Frame-Options
X-Content-Type-Options
Referrer-Policy
Permissions-Policy

Score: 3 of 6 headers present. For the grade factor (5 pts), 4+ headers and Content-Security-Policy (CSP) are both required.

HSTS (HTTP Strict Transport Security)Enabled

EnabledYes
Max-Age365 days
PreloadNo
On HSTS preload listYes

Submit or verify on hstspreload.org

Why it matters: HSTS tells browsers to use only HTTPS for this site. Preload allows inclusion in browsers’ built-in HSTS lists.

We check Chromium’s built-in list. hstspreload.org checks eligibility for submission (HSTS header, redirect chain). Results may differ for domains that are preloaded but no longer meet current eligibility rules.

HTTP/3 (QUIC)

Advertised

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

DNS Security

CAA: Configured · DNSSEC: Not signedExpand

CAAConfigured

Allowed issuers: pki.goog

DNSSEC

Not signed

Mixed content

None detected

No HTTP resources were detected on the HTTPS page.

Redirect chain176ms total

When you visit the site over HTTP, the server may send you through one or more redirects until you land on the final HTTPS URL. Shorter chains are faster and better for SEO.

1.http://google.com26ms
2.http://www.google.com/39ms
3.https://www.google.com/?gws_rd=ssl111ms

Domain owner? If you want this report removed or made private, contact us.

Check another domain