Safe Browsing Monitor
Google Safe Browsing is the threat list that powers the red interstitial warnings in Chrome, Safari, Firefox, and most other browsers. If a domain appears on the list, traffic from those browsers stops cold. This check polls the API directly to surface flags before users start hitting the warning page.
What we check
We submit two URLs for the zone — http://<domain>/ and https://<domain>/ — to the Google Safe Browsing v4 threatMatches:find endpoint, looking for matches across four threat categories:
- Malware — sites distributing software that harms a device or its data.
- Social engineering — phishing pages and other deceptive content.
- Unwanted software — adware, browser hijackers, and similar nuisances.
- Potentially harmful application — mobile-specific threats.
A non-empty match list means at least one of those URLs has been flagged.
Why it matters
A Safe Browsing flag effectively pulls the site offline for the majority of internet users. The flag can be triggered by a real compromise (malware injected into a CMS, a hijacked subdomain hosting a phishing kit) or a false positive — but in either case, every minute it persists is lost traffic. Detecting the flag the moment it lands gives you the narrowest possible window to investigate, clean, and request a review.
Status outcomes
Neither the HTTP nor HTTPS URL appears on any threat list.
At least one URL is flagged. The metadata includes the threat type and the matched URL.
The Google Safe Browsing API key isn't configured for this installation.
How to fix
A flagged domain typically requires three steps: identify and remove the malicious content, harden whatever let it in (compromised credentials, vulnerable plugin, abandoned subdomain), and submit a review request through Google Search Console. Reviews usually clear within 72 hours once the underlying issue is fixed.
If the flag is on a specific subdomain or path, scope your investigation accordingly — the Safe Browsing API returns the exact URL that matched.