What is Google Safe Browsing?

Google Safe Browsing is a service that identifies unsafe websites, such as phishing and malware sites, and provides an API for developers to integrate threat detection into their applications.

How does Google Safe Browsing protect users?

It protects users by checking URLs against constantly updated lists of known threats. When a user tries to access an unsafe site, the service warns them or blocks access.

What is the difference between the Lookup API and the Update API?

The Lookup API checks individual URLs in real-time. The Update API allows clients to download and maintain a local copy of threat lists for high-volume, low-latency checks.

Is there a free tier for Google Safe Browsing?

Yes, Google Safe Browsing offers a free tier for up to 10,000 requests per day. Beyond this, a paid tier applies.

What types of threats can Google Safe Browsing detect?

It can detect various threats including malware, phishing sites, and unwanted software that might make undesirable changes to a user's system.

What languages are supported for integration?

While the API is REST-based and can be used with any language, Google provides examples and client libraries for Python, Java, Go, Node.js, PHP, Ruby, and C#.

Do I need an API key to use Google Safe Browsing?

Yes, an API key is required to authenticate your requests to the Google Safe Browsing API.

Google Safe Browsing API – Malware and Phishing Protection

Google Safe Browsing is a service that identifies unsafe web resources across the internet, such as phishing and malware sites. It helps developers protect users by providing real-time threat intelligence through an API. This service allows applications to check URLs against Google's constantly updated lists of known threats, enhancing security for web applications and client-side systems.

Overview

Google Safe Browsing is a threat intelligence service designed to protect internet users from malicious websites and content. It identifies and flags unsafe web resources, including phishing sites, malware hosts, and pages distributing unwanted software. The service operates by maintaining continually updated lists of these unsafe URLs, which it shares with client applications through its API. This allows developers to integrate robust security checks directly into their applications, browsers, and network infrastructure.

The core of Google Safe Browsing's offering through its API involves two primary methods: the Lookup API and the Update API. The Lookup API enables applications to send individual URLs for real-time verification against Google's threat lists. This is suitable for scenarios requiring immediate checks, such as when a user navigates to a new URL. The Update API, conversely, allows clients to maintain a local, synchronized copy of the Safe Browsing threat lists. This approach is beneficial for applications needing to perform frequent, high-volume checks without making a network request for each verification, reducing latency and API call overhead. Clients using the Update API must manage the local database and handle periodic updates to ensure data freshness.

Google Safe Browsing is utilized by a range of entities, from web browsers like Google Chrome and Mozilla Firefox to internet service providers and security vendors. Its utility extends to any application or service that processes URLs and aims to protect its users from online threats. This includes email clients that scan links, content management systems that check user-submitted URLs, and network proxies that filter web traffic. Developers integrating the API are responsible for managing API keys and adhering to usage policies, including proper attribution to Google Safe Browsing as the source of threat information in user-facing warnings, as detailed in the Google Safe Browsing API terms of service.

The service's effectiveness relies on its extensive coverage and rapid response to new threats. Google continuously crawls the web and receives threat reports, enabling quick identification and listing of new malicious sites. This proactive approach helps to mitigate zero-day attacks and emerging phishing campaigns. For developers, integrating this service means offloading the complex and resource-intensive task of maintaining threat intelligence to a specialized platform, allowing them to focus on their core application logic while still providing a secure user experience. The API also provides specific threat types, such as MALWARE, PHISHING, and UNWANTED_SOFTWARE, enabling applications to provide context-specific warnings to users, as documented in the ThreatType documentation.

Key features

Malware Detection: Identifies URLs leading to sites hosting or distributing malware, protecting users from drive-by downloads and malicious executables.
Phishing Protection: Detects websites designed to trick users into divulging sensitive information, such as login credentials or financial data, by impersonating legitimate entities.
Unwanted Software Detection: Flags sites that promote or distribute software that makes unexpected changes to a user's computer, such as modifying browser settings or displaying intrusive ads.
Lookup API (v4): Allows real-time checking of individual URLs against Google's threat lists. This is suitable for on-demand verification and lower-volume use cases.
Update API (v4): Enables clients to download and maintain local copies of threat lists, facilitating high-volume, low-latency checks without repeated network calls to the Google service.
Threat Lists Management: Provides access to various threat lists segmented by type (e.g., malware, phishing) and platform, allowing granular control over which threats to check for.
Client-Server Protocol: Supports a robust protocol for efficient data synchronization and threat lookup, designed to minimize bandwidth and processing requirements for clients.
Multi-platform support: The client-server protocol is designed to be platform-agnostic, supporting integration into various operating systems and application environments.

Pricing

Google Safe Browsing offers a free tier for initial usage and a transparent pricing model for higher volumes. Pricing is based on the number of requests made to the API, specifically for the Lookup API, or the amount of data transferred for the Update API.

Tier	Details	Cost	As of Date
Free Tier	Up to 10,000 requests per day	Free	2026-05-28
Paid Tier	Beyond 10,000 requests per day	$5.00 per 10,000 requests	2026-05-28

Detailed pricing information, including potential changes or regional variations, can be found on the Google Safe Browsing pricing page.

Common integrations

Google Safe Browsing is often integrated into systems where URL verification and threat detection are critical. Common integration points include:

Web Browsers: Browsers like Chrome, Firefox, and Safari use Safe Browsing to warn users before they visit dangerous sites, as described in the Mozilla Safe Browsing documentation.
Email Security Solutions: Services that scan inbound and outbound emails for malicious links to protect users from phishing and malware.
Network Proxies and Firewalls: Integrating Safe Browsing into network infrastructure allows for real-time blocking of access to known unsafe URLs at the network edge.
Content Management Systems (CMS): Platforms that allow user-generated content can use the API to scan submitted URLs for threats before publishing.
URL Shortening Services: To prevent the abuse of URL shorteners for distributing malicious links.
Mobile Applications: Incorporating URL checks into mobile apps to protect users who click on external links within the application.

Alternatives

VirusTotal: A service that analyzes suspicious files and URLs to detect types of malware, and shares them with the security community.
OpenDNS (Cisco Umbrella): Provides cloud-delivered network security, including DNS-layer protection against malware, phishing, and C2 callbacks.
Webroot BrightCloud Threat Intelligence: Offers a suite of threat intelligence services, including URL classification and IP reputation, for integration into security products.

Getting started

To begin using the Google Safe Browsing API, you typically need to obtain an API key from the Google Cloud Console and then make requests to the API endpoints. Below is a Python example demonstrating how to use the Lookup API to check a URL. This example uses the requests library to make an HTTP POST request to the Safe Browsing API.

import requests
import json
import os

# Replace with your actual API key
API_KEY = os.environ.get("GOOGLE_SAFE_BROWSING_API_KEY")
if not API_KEY:
    raise ValueError("GOOGLE_SAFE_BROWSING_API_KEY environment variable not set.")

API_ENDPOINT = f"https://safebrowsing.googleapis.com/v4/threatMatches:find?key={API_KEY}"

def check_url_with_safe_browsing(url_to_check):
    payload = {
        "client": {
            "clientId": "your-company-name", # Replace with your client ID
            "clientVersion": "1.0.0" # Replace with your application version
        },
        "threatInfo": {
            "threatTypes": [
                "MALWARE",
                "PHISHING",
                "UNWANTED_SOFTWARE",
                "POTENTIALLY_HARMFUL_APPLICATION",
                "SOCIAL_ENGINEERING" # SOCIAL_ENGINEERING includes phishing
            ],
            "platformTypes": [
                "ANY_PLATFORM"
            ],
            "threatEntryTypes": [
                "URL"
            ],
            "threatEntries": [
                {
                    "url": url_to_check
                }
            ]
        }
    }

    headers = {
        "Content-Type": "application/json"
    }

    try:
        response = requests.post(API_ENDPOINT, headers=headers, data=json.dumps(payload))
        response.raise_for_status() # Raise an HTTPError for bad responses (4xx or 5xx)
        result = response.json()

        if result and "matches" in result:
            print(f"URL '{url_to_check}' is UNSAFE. Details: {json.dumps(result, indent=2)}")
            return True
        else:
            print(f"URL '{url_to_check}' is SAFE.")
            return False
    except requests.exceptions.HTTPError as errh:
        print(f"HTTP Error: {errh}")
    except requests.exceptions.ConnectionError as errc:
        print(f"Error Connecting: {errc}")
    except requests.exceptions.Timeout as errt:
        print(f"Timeout Error: {errt}")
    except requests.exceptions.RequestException as err:
        print(f"An unexpected error occurred: {err}")
    return False

# Example usage
unsafe_url = "http://malware.testing.google.test/testing/malware/" # Google's test phishing URL
safe_url = "https://www.google.com"

print("Checking unsafe URL:")
check_url_with_safe_browsing(unsafe_url)

print("\nChecking safe URL:")
check_url_with_safe_browsing(safe_url)

Before running this code, ensure you have the requests library installed (pip install requests) and set your Google API key as an environment variable named GOOGLE_SAFE_BROWSING_API_KEY. Further details on API setup and advanced usage are available in the Google Safe Browsing developer guide.

Google Safe Browsing API – Malware and Phishing Protection

Overview

Key features

Pricing

Common integrations

Alternatives

Getting started

Frequently asked questions

Reviews

Discussion

Written by

Overview

Key features

Pricing

Common integrations

Alternatives

Getting started

Related

Frequently asked questions

Reviews

Discussion

Written by