Skip to content

URL Filter — Notes#

Functional#

  • Check URLs against threat lists.
  • Push updates of bad-list deltas to clients.
  • Aggregate user reports.

Non-functional#

  • Sub-ms client-side lookup.
  • Privacy-preserving server queries.
  • 99.99% availability for updates.

Trade-offs#

  • Client list cache vs server-only lookup: cache saves latency + privacy.
  • Hash prefix preserves privacy; full URL not sent in steady state.

Refs#

  • Google Safe Browsing v4 spec.
  • Microsoft SmartScreen, PhishTank.
  • ByteByteGo "Design web safe browsing".