What is Safe Browsing?
Safe Browsing is a Google service that enables applications to check URLs against Google's constantly updated lists of suspected phishing and malware pages.
With the Safe Browsing service you can:
- Warn users before they click on links in your site that may lead to malware-infected pages.
- Prevent users from posting links to known phishing pages from your site.
- Check a list of pages against Google's lists of suspected phishing and malware pages.
We provide two experimental APIs for the Safe Browsing service:
- Safe Browsing API v3
- Safe Browsing Lookup API
Note that the Safe Browsing API v2 is deprecated, and v1 has been discontinued.
Below are descriptions and a comparison of the two APIs.
Safe Browsing API v3new
The Safe Browsing API is an experimental API that enables applications to download an encrypted table for local, client-side lookups of URLs that you would like to check. In 2014, we published a new version (v3) of the Safe Browsing API, which adds features and efficiency improvements to the previous v2. The Safe Browsing API is used by several browsers, including Google Chrome and Mozilla Firefox. You can start using the Safe Browsing API v3 now.
Safe Browsing Lookup API
The Safe Browsing Lookup API is an experimental API that enables applications to send URLs to our Safe Browsing service and check their status (e.g. phishing, malware). You don't need to know how the Safe Browsing service is implemented, and the API is simple and easy to use. You can start using the Safe Browsing Lookup API now.
Choosing the Right API
Safe Browsing API v3 advantages:
- Privacy: API users exchange data with the server using hashed URLs, so the server never knows the actual URLs queried by the clients.
- Response time: API users maintain a local cache of the hashed URLs in our suspected phishing and malware lists; they do not need to query the server every time they want to check a URL.
The major drawback of the Safe Browsing API v3 is its implementation complexity.
Safe Browsing API v3 users need to:
- Be aware of the internal structures of how the server stores hashed URLs in the phishing and malware lists, and implement the hashing and suffix/prefix expressions.
- Periodically update their local cache of the hashed URLs. If there are updates, they also need to download the new lists of hashed URLs.
- Download and compare the full hash value of URLs that are hit in the local cache.
- Canonicalize the URLs.
Safe Browsing Lookup API advantage:
- Simple to implement: API users send a HTTP GET or POST request with the URLs, and the server responds with the state of the URLs.
Safe Browsing Lookup API drawbacks:
- Privacy: URLs are not hashed, so the server knows which URLs API users look up.
- Response time: Every lookup request is processed by the Safe Browsing server. We don't provide guarantees on lookup response time.
Conclusion: If you are not too concerned about the privacy of the queried URLs, and you can tolerate the latency induced by a network request, consider using the Safe Browsing Lookup API since it's much easier to implement. Otherwise, the Safe Browsing API v3 may be a better choice for you.