Reputation
Google Safe Browsing: how it flags sites and how to clear yours.
Published 2026-05-15 · Last updated 2026-05-15 · Vantyris editorial
Google Safe Browsing is the list every Chrome, Firefox, and Safari user is implicitly checking against, every time they click a link. If your domain ends up on it, browsers show a full-screen warning before they show your content, search results show 'This site may harm your computer', and Gmail starts dropping your transactional emails into spam. The list is global and authoritative, and getting off it is straightforward once you understand the steps.
What this means for your business
- Safe Browsing flags three classes of site: malware (drive-by downloads or hosted malware), phishing (impersonates another brand to steal credentials), and unwanted software (deceptive installers, browser hijackers). Most small-business listings are accidental — a CMS plugin got compromised and started serving malware to one in a thousand visitors.
- Listing typically happens hours or days after the compromise. Google's crawlers visit your site as a real browser would; if any page in any subdomain matches a malware or phishing pattern, the entire root domain can be flagged.
- Even after you've cleaned up the underlying issue, your domain stays on the list until Google re-crawls and verifies. That's typically 24-72 hours after you submit a review request — but only if you submitted one. Without a review request, the listing can persist for weeks.
How to fix
Use Google Search Console's Security Issues report to see what was flagged, fix the underlying compromise, then submit a review request. Re-crawl + clearance takes 24-72 hours typically.
- Confirm the listing via Safe Browsing diagnostic. Open transparencyreport.google.com/safe-browsing/search?url=yourdomain.com to confirm your domain is flagged and read what was detected (malware, phishing, unwanted software). If you don't have a Search Console property yet, add one and verify your domain first.
- Read Search Console's Security Issues report. Search Console → Security & Manual Actions → Security Issues. It lists specific URLs Google flagged and the threat type. This is your work list.
- Find and fix the underlying compromise. For malware: scan your CMS database for injected JavaScript or PHP. Look in plugin files for recent modifications. Common entry points: outdated plugins, weak admin passwords, exposed admin URLs. For phishing: check whether your site is hosting attacker pages (e.g., a hacker uploaded a fake login page in a subdirectory). For unwanted software: check what your site is offering as downloads.
- Verify the fix is complete. Use sucuri.net/scanner or virustotal.com to confirm the URLs no longer return malicious content. If they still do, repeat the previous step.
- Submit a review request. Search Console → Security Issues → Request Review. Explain what you found, what you fixed, and how you've prevented recurrence (updated plugins, rotated passwords, added a WAF, etc.). Honest answers; reviewers see through hand-waving.
- Wait for re-crawl. Typically 24-72 hours. You'll get an email when the listing clears. The browser warnings disappear within minutes of the listing being lifted.
Owner: Your web host's support team or your developer for the cleanup; you submit the review request from Search Console. · Time: 2-8 hours to clean up + 1-3 days to clear the listing.
Common gotchas
- Don't submit a review request before the underlying issue is fixed. Reviewers re-scan; if they still find malware, your listing extends and Google may rate-limit future review requests.
- If you can't find the compromise, the issue may be at your DNS or hosting layer (e.g., a subdomain you didn't realise existed serves malware). Vantyris's attack-surface scan finds shadow subdomains via Certificate Transparency.
- After you clear the listing, harden against recurrence: keep CMS + plugins on auto-update, rotate admin passwords, enable MFA on the hosting account, restrict the admin URL by IP if possible.
- Repeat listings are weighted heavily. A second listing in the same year extends review times and may damage your domain reputation longer-term.
How to verify the fix
Run a Vantyris verified scan; the Reputation category will show Safe Browsing as healthy once you're cleared. Or check transparencyreport.google.com/safe-browsing/search directly.
Cyber Essentials alignment
This finding informs the following UK NCSC Cyber Essentials control areas:
- A2. Secure configuration — devices and services hardened against the inherent default vulnerabilities.
- A3. Security update management — software supported, updated, and patched within 14 days for high-/critical-risk vulnerabilities.
- A5. Malware protection — internet-facing devices protected against malicious code.
Vantyris is not a CE certifying body. The mapping above is informational.
Common follow-up questions
Can a competitor get my domain flagged maliciously?
Mostly no. Safe Browsing relies on Google's own crawlers detecting actual malicious content. A competitor can't unilaterally trigger a flag, though they can submit reports that influence prioritisation if your site actually does have an issue.
Does Safe Browsing only check the homepage?
No. Google crawls every reachable URL on your domain (and your subdomains). A compromised /wp-content/plugins/old-plugin/exploit.php is enough to flag the entire root domain.
Will Safe Browsing affect my email deliverability?
Indirectly, yes. Gmail and other major providers cross-reference Safe Browsing for inbound mail with your domain in the body or signature. Listed domains see deliverability drop quickly.
What's the difference between Safe Browsing and Spamhaus?
Safe Browsing focuses on web-based threats (malware, phishing, unwanted downloads). Spamhaus and similar RBLs focus on email-sending behaviour (sending spam, hosting spam-payload URLs). Vantyris's Reputation category checks both because they catch different real-world failure modes.
References
- Google Safe Browsing transparency report Vendor
- Google: malware and unwanted software Vendor
- NCSC: handling a website compromise NCSC
Related explainers
- DNS-based blocklists: the silent reason your emails land in spam.
- What is DMARC, and why every business with a domain needs one.
Want Vantyris to scan your domain for this and 80 other findings?
Free teaser scan, no card. Verified scan from €10 with the full workspace around it: workflow, score trend, three PDF layouts, share links, monitoring.
Vantyris editorial team · methodology v1.0.0