Google Chrome - xperience-sites.com marked as dangerous

Incident Report for Xperience by Kentico

Postmortem

Users accessing Xperience by Kentico administration interfaces at *.xperience-sites.com/admin/* were shown a "Dangerous site" warning in browsers relying on Google Safe Browsing (e.g. Chrome, Safari, Firefox). Because all subdomains of xperience-sites.com share a single domain-level safety score, the flag affected every customer hosted on the domain.

Our investigation found no social engineering or deceptive content — as defined by Google's social engineering guidelines — on any customer site. A third-party dependency was injecting an advertisement into the browser console, which we identified as a likely contributor to the flag. We applied two mitigations: removing the console advertisement injected by the dependency, and updating the admin login page to clearly identify the instance as managed by Kentico. These changes are documented in our changelog.

Following both changes, the sites were removed from Google Safe Browsing's blocklist.

Posted Apr 02, 2026 - 16:37 CEST

Resolved

The issue has been resolved. All affected .xperience-sites.com domains are no longer flagged by Google Safe Browsing.

Posted Mar 28, 2026 - 19:52 CET

Monitoring

We have applied a mitigation that seems to have resolved the false-positive Google Safe Browsing blocks. We continue to monitor the situation and are working on a permanent long-term fix.

Posted Mar 27, 2026 - 16:43 CET

Update

Investigation is ongoing. We have applied several mitigations that may help resolve the flagging. As a reminder, any browser using Google Safe Browsing may be affected, while browsers with their own protection systems (e.g. Microsoft Edge) are working normally. We will continue to provide updates as the investigation progresses.

Posted Mar 27, 2026 - 13:17 CET

Identified

After further monitoring, we have determined that the initial mitigation was not fully effective. Some domains remain flagged by Google Safe Browsing. We are resuming our investigation and will provide further updates as new information becomes available.

Posted Mar 26, 2026 - 14:54 CET

Monitoring

The identified issue has been resolved, and most affected domains are no longer flagged. We are now moving to a monitoring phase to confirm the fix is fully propagated across all affected domains. We will continue to track the status and provide a final update once all domains are confirmed clear.

Posted Mar 26, 2026 - 08:59 CET

Update

We are continuing our investigation into the Google Safe Browsing flags on /admin/ paths across .xperience-sites.com domains. We have identified a promotional console message from a third-party dependency that may have contributed to the classification. We are evaluating additional mitigations and will provide further updates as available.

Posted Mar 25, 2026 - 16:05 CET

Update

We are continuing to investigate why Google Safe Browsing is flagging *.xperience-sites.com domains, initially reported in Google Chrome. Any browser using Google Safe Browsing (https://developers.google.com/safe-browsing/) may be affected. We have narrowed the incident to only /admin/* paths being affected. We are actively working on mitigation and will provide further updates as available.

Posted Mar 25, 2026 - 10:00 CET

Identified

Google Chrome is currently marking certain *.xperience-sites.com domains as potentially unsafe, resulting in a red warning screen for users.
This appears to be a false positive and is limited to Chrome—other browsers such as Microsoft Edge are not affected.
We have contacted Google and submitted a review request to correct the classification. Updates will follow as soon as they are available.

Posted Mar 24, 2026 - 08:57 CET

This incident affected: West Europe (Production sites), UK South (Production sites), East US (Production sites), Southeast Asia (Production sites), Australia East (Production sites), Canada Central (Production sites), East Asia (Hong Kong) (Production sites), Germany West Central (Production sites), Japan East (Production sites), North Europe (Ireland) (Production sites), UAE North (Production sites), East US 2 (Production sites), West US (Production sites), West US 2 (Production sites), Canada East (Production sites), Japan West (Production sites), North Central US (Production sites), Australia Southeast (Production sites), UK West (Production sites), and Switzerland North (Production sites).