Google Safe Browsing checks URLs against Google’s database of known malicious sites. When enabled, Content Guard Pro verifies detected URLs against this database for enhanced threat detection.
What is Google Safe Browsing? #
Google Safe Browsing is a service that:
- Maintains lists of unsafe web resources
- Identifies phishing, malware, and unwanted software sites
- Updates lists frequently (typically every 30 minutes)
- Used by Chrome, Firefox, and Safari browsers
Benefits of Integration #
When enabled, Content Guard Pro:
- Checks detected URLs against Safe Browsing database
- Increases confidence score for known threats (+50 points)
- Automatically elevates severity to Critical
- Provides reputation data in finding details
Getting an API Key #
Step 1: Create Google Cloud Project #
1. Go to Google Cloud Console
2. Click Select a Project → New Project
3. Name your project (e.g., “Content Guard Pro”)
4. Click Create
Step 2: Enable Safe Browsing API #
1. Go to APIs & Services → Library
2. Search for “Safe Browsing API”
3. Click Safe Browsing API
4. Click Enable
Step 3: Create API Key #
1. Go to APIs & Services → Credentials
2. Click Create Credentials → API Key
3. Copy the generated API key
4. (Optional) Click Edit API Key to add restrictions:
– Restrict to Safe Browsing API only
– Add IP restrictions if desired
Configuring in Content Guard Pro #
Enable Integration #
1. Go to Content Guard Pro → Settings
2. Find General Settings section
3. Check Google Safe Browsing
4. Enter your API Key
5. Click Save Changes
Testing the Connection #
1. After saving, click Test API Connections
2. Look for “Google Safe Browsing: ✓ Working”
3. If error, verify API key and project setup
API Usage and Limits #
Free Tier Limits #
| Limit | Amount |
| ——- | ——– |
| Requests per day | 10,000 |
| Requests per 100 seconds | 100 |
Content Guard Pro Usage #
- URLs checked only during scans
- Results cached to minimize API calls
- Typical usage: ~10-100 checks per scan
- Well within free tier for most sites
Monitoring Usage #
1. Go to Google Cloud Console
2. Navigate to APIs & Services → Dashboard
3. Click Safe Browsing API
4. View Traffic tab for usage statistics
How Checks Work #
During Scans #
1. Scanner detects URL in content
2. URL extracted and normalized
3. Cache checked for recent result
4. If not cached, API query made
5. Result stored in cache (24 hours)
6. Finding updated with reputation data
What’s Checked #
- External script sources
- External iframe sources
- External link destinations (href)
- Object/embed sources
- Redirect URLs
Cache Behavior #
| Scenario | Behavior |
| ———- | ———- |
| First check | API query, cache result |
| Within 24 hours | Use cached result |
| After 24 hours | New API query |
| Manual cache clear | Immediate new queries |
Interpreting Results #
Finding Details #
When Safe Browsing flags a URL:
Reputation: Google Safe Browsing
Threat Type: MALWARE
Platform: ANY_PLATFORM
Confidence Bonus: +50
Threat Types #
| Threat Type | Meaning |
| ————- | ——— |
| MALWARE | Hosts malware downloads |
| SOCIAL_ENGINEERING | Phishing or deceptive site |
| UNWANTED_SOFTWARE | Hosts unwanted software |
| POTENTIALLY_HARMFUL_APPLICATION | Mobile harmful app |
Clearing the Cache #
To force fresh API checks:
1. Go to Content Guard Pro → Settings
2. Click Clear Reputation Cache
3. Confirm the action
4. Next scan will query API for all URLs
Privacy Considerations #
What’s Sent to Google #
- Hashed URL prefixes (not full URLs)
- Your API key for authentication
- Your server’s IP address
What’s NOT Sent #
- Full URLs (only prefixes)
- Page content
- User data
- Other finding information
Privacy Mode #
Safe Browsing v4/v5 uses hash-based lookups:
1. URL is hashed locally
2. Hash prefix sent to Google
3. Google returns matching hash suffixes
4. Match determined locally
This protects URL privacy while enabling checks.
Troubleshooting #
“API Key Invalid” #
1. Verify key is copied correctly (no extra spaces)
2. Ensure Safe Browsing API is enabled in project
3. Check API key restrictions
4. Generate new key if needed
“Quota Exceeded” #
1. Wait until daily quota resets (midnight Pacific)
2. Enable caching (default)
3. Reduce scan frequency
4. Consider upgrading Google Cloud tier
“Connection Failed” #
1. Check server can make outbound HTTPS requests
2. Verify firewall allows Google API domains
3. Check for SSL certificate issues
4. Test from different network
Results Not Showing #
1. Verify integration is enabled and working
2. URLs must be external (not your domain)
3. Check cache isn’t returning old results
4. Clear cache and rescan
