Permitted Use
The Safe Browsing API is for non-commercial use only (meaning “not for sale or revenue generating purposes”). If you need a solution for commercial purposes, please refer to Web Risk.
Pricing
All Google Safe Browsing APIs are free of charge.
Quotas
Developers are allocated a default usage quota upon enabling the Safe Browsing API. Current allocation and usage can be viewed in the Google Developer Console. If you expect to use more than your currently allocated quota, you may request additional quota from the Developer Console's Quota interface. We review these requests and require a contact when applying for an increased quota to ensure that our service availability meets the needs of all users.
Appropriate URLs
Google Safe Browsing is designed to act on URLs that would be displayed in a browser's address bar. It is not designed to be used to check against subresources (such as a JavaScript or image referenced by an HTML file, or a WebSocket URL initiated by JavaScript). Such subresource URLs should not be checked against Google Safe Browsing.
If visiting a URL results in a redirect (such as HTTP 301), it is appropriate for the redirected URL to be checked against Google Safe Browsing. Client-side URL manipulation such as History.pushState does not result in new URLs to be checked against Google Safe Browsing.
User Warnings
If you use Google Safe Browsing to warn users about risks from particular web pages, the following guidelines apply.
These guidelines help protect both you and Google from misunderstandings by making clear that the page is not known with 100% certainty to be an unsafe web resource, and that the warnings merely identify possible risk.
- In your user visible warning, you must not lead users to believe that the page in question is, without a doubt, an unsafe web resource. When you refer to the page being identified or the potential risks it may pose to users, you must use warning qualify using terms such as: suspected, potentially, possible, likely, may be.
- Your warning must provide additional context to the user to learn more by reviewing Google's definition of various threats. The following links are suggested:
- Social Engineering: https://developers.google.com/search/docs/monitor-debug/security/social-engineering
- Malware and Unwanted Software: https://developers.google.com/search/docs/monitor-debug/security/malware
- Potentially Harmful Applications (Android-only): https://developers.google.com/android/play-protect/potentially-harmful-applications
- When you show warnings for pages identified as risky by the Safe Browsing Service, you must give attribution to Google by including the line "Advisory provided by Google" with a link to the Safe Browsing Advisory. If your product also shows warnings based on other sources, you must not include the Google attribution in warnings derived from non-Google data.
In your product documentation, you must provide a notice to let users know that the protection offered by Google Safe Browsing is not perfect. It must let them know that there is a chance of both false positives (safe sites flagged as risky) and false negatives (risky sites not flagged). We suggest using the following language:
Google works to provide the most accurate and up-to-date information about unsafe web resources. However, Google cannot guarantee that its information is comprehensive and error-free: some risky sites may not be identified, and some safe sites may be identified in error.