Google Chrome - xperience-sites.com marked as dangerous

Update timeline

1. identified Mar 24, 2026, 07:57 AM UTC

   Google Chrome is currently marking certain *.xperience-sites.com domains as potentially unsafe, resulting in a red warning screen for users. This appears to be a false positive and is limited to Chrome—other browsers such as Microsoft Edge are not affected. We have contacted Google and submitted a review request to correct the classification. Updates will follow as soon as they are available.

2. identified Mar 25, 2026, 09:00 AM UTC

   We are continuing to investigate why Google Safe Browsing is flagging *.xperience-sites.com domains, initially reported in Google Chrome. Any browser using Google Safe Browsing (https://developers.google.com/safe-browsing/) may be affected. We have narrowed the incident to only /admin/* paths being affected. We are actively working on mitigation and will provide further updates as available.

3. identified Mar 25, 2026, 03:05 PM UTC

   We are continuing our investigation into the Google Safe Browsing flags on /admin/ paths across .xperience-sites.com domains. We have identified a promotional console message from a third-party dependency that may have contributed to the classification. We are evaluating additional mitigations and will provide further updates as available.

4. monitoring Mar 26, 2026, 07:59 AM UTC

   The identified issue has been resolved, and most affected domains are no longer flagged. We are now moving to a monitoring phase to confirm the fix is fully propagated across all affected domains. We will continue to track the status and provide a final update once all domains are confirmed clear.

5. identified Mar 26, 2026, 01:54 PM UTC

   After further monitoring, we have determined that the initial mitigation was not fully effective. Some domains remain flagged by Google Safe Browsing. We are resuming our investigation and will provide further updates as new information becomes available.

6. identified Mar 27, 2026, 12:17 PM UTC

   Investigation is ongoing. We have applied several mitigations that may help resolve the flagging. As a reminder, any browser using Google Safe Browsing may be affected, while browsers with their own protection systems (e.g. Microsoft Edge) are working normally. We will continue to provide updates as the investigation progresses.

7. monitoring Mar 27, 2026, 03:43 PM UTC

   We have applied a mitigation that seems to have resolved the false-positive Google Safe Browsing blocks. We continue to monitor the situation and are working on a permanent long-term fix.

8. resolved Mar 28, 2026, 06:52 PM UTC

   The issue has been resolved. All affected .xperience-sites.com domains are no longer flagged by Google Safe Browsing.

9. postmortem Apr 02, 2026, 02:35 PM UTC

   Users accessing Xperience by Kentico administration interfaces at `*.xperience-sites.com/admin/*` were shown a "Dangerous site" warning in browsers relying on Google Safe Browsing \(e.g. Chrome, Safari, Firefox\). Because all subdomains of xperience-sites.com share a single domain-level safety score, the flag affected every customer hosted on the domain. Our investigation found no social engineering or deceptive content — as defined by [Google's social engineering guidelines](https://developers.google.com/search/docs/monitor-debug/security/social-engineering) — on any customer site. A third-party dependency was injecting an advertisement into the browser console, which we identified as a likely contributor to the flag. We applied two mitigations: removing the console advertisement injected by the dependency, and updating the admin login page to clearly identify the instance as managed by Kentico. These changes are documented in our [changelog](https://docs.kentico.com/documentation/changelog#saas-update-march-27-2026-march-27-2026). Following both changes, the sites were removed from Google Safe Browsing's blocklist.