GitHub Pages site always shows browser phishing warning, even with clean HTML/CSS

[saniyamujawar04]

Select Topic Area

Bug

Body

Hello GitHub Support and Community,

I am experiencing a persistent problem with GitHub Pages where any site I host from my account shows a browser phishing / “Deceptive site ahead” warning, even when the repository contains only a basic “Hello World” HTML file.

Important context:

The exact same files work perfectly when hosted from my brother’s GitHub account (no warnings, loads fine on all devices).

On my account, any new Pages site — even from a brand-new repository — is flagged by browsers.

This problem happens on all devices and networks, so it’s not cache or local system related.

Steps to reproduce:

Create a new public repository with static HTML/CSS files.

Enable GitHub Pages from Settings → Pages, choosing main branch and /root.

Wait for deployment.

Visit the live site → browser shows phishing warning or Safe Browsing block.

Expected behavior:
The site should deploy normally and be accessible, just like it is when hosted from other accounts.

What I’ve already tried:

Created multiple new repositories.

Renamed branches to main.

Tried main branch with /root option.

Cleared browser cache.

Disabled any custom domain.

Tested on different devices and networks.

Created a completely new GitHub account — same issue occurs.

Example repository link:
https://github.com/saniyamujawar04/Netflix-clone

Example Pages site link:
https://saniyamujawar04.github.io/Netflix-clone/

Hypothesis:
It seems like my GitHub Pages subdomain or account may be stuck in some Safe Browsing blocklist from a past flag (possibly before I owned the account). I need help confirming this and requesting a review to clear the warning.

Attachment:
Netflix.zip — site files for testing.

This is urgent because I need the site for my portfolio and submission. Any guidance on how to get this unflagged would be greatly appreciated.
Netflix.zip

[github-actions[bot]]

💬 Your Product Feedback Has Been Submitted 🎉

Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users.

Here's what you can expect moving forward ⏩

• Your input will be carefully reviewed and cataloged by members of our product teams. 
  • Due to the high volume of submissions, we may not always be able to provide individual responses.
  • Rest assured, your feedback will help chart our course for product improvements.
• Other users may engage with your post, sharing their own perspectives or experiences. 
• GitHub staff may reach out for further clarification or insight. 
  • We may 'Answer' your discussion if there is a current solution, workaround, or roadmap/changelog post related to the feedback.

Where to look to see what's shipping 👀

• Read the Changelog for real-time updates on the latest GitHub features, enhancements, and calls for feedback.
• Explore our Product Roadmap, which details upcoming major releases and initiatives.

What you can do in the meantime 💻

• Upvote and comment on other user feedback Discussions that resonate with you.
• Add more information at any point! Useful details include: use cases, relevant labels, desired outcomes, and any accompanying screenshots.

As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities.

Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐

[LockMan04]

It looks like the entire subdomain saniyamujawar04.github.io is already blocked by Google Safe Browsing, so even a clean HTML file will trigger the red phishing warning 😑.

How to fix it

1. Verify the domain

• Go to Google Search Console → Add property → enter https://saniyamujawar04.github.io.
• Verify ownership using the meta tag or HTML file (add it to your Pages index.html).

2. Request a review

• In Search Console → Security issues → tick “I have fixed these issues” → Request a review.
• Explain that this is a personal portfolio, contains no fake logins, and collects no user data.

3. Use an alternate domain temporarily

• While waiting for removal (can take days to weeks), host the site on Vercel, Netlify, or GitHub Pages from another account that’s not blocked.

[Amitgajare2]

If your site is hosted on a github.io subdomain (e.g. username.github.io/project), some browsers or corporate networks may block all subdomains if any were flagged in the past.

Use HTTPS
GitHub Pages automatically supports HTTPS for both github.io and custom domains — ensure it’s enabled in Repo → Settings → Pages.

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

[shahkochaki]

Hey there,

I’ve seen this kind of issue a few times — it’s usually not related to your repository contents but rather to how your GitHub Pages subdomain has been classified by Google Safe Browsing or another browser reputation service.

Even though your repository is clean, if that specific subdomain (e.g., saniyamujawar04.github.io) was previously used for a flagged or spammy site, the reputation can persist across rebuilds. GitHub itself doesn’t directly control these browser warnings — they come from third-party security databases.

Here’s what I recommend doing step by step:

Check your domain’s status on Google Safe Browsing using this link:
https://transparencyreport.google.com/safe-browsing/search

Enter your full Pages URL (e.g., https://saniyamujawar04.github.io/Netflix-clone/).

If it shows any warnings, click “Request a review.”
You’ll need to be signed in with a Google account — the review process usually takes 24–48 hours.

Meanwhile, also open a ticket with GitHub Support (choose “GitHub Pages → Report abuse or false positive”) and explain that your subdomain is being flagged incorrectly. Provide your example repo and the transparency report screenshot.

Once the block is lifted, you may want to rebuild your Pages site (disable Pages → wait a few minutes → enable again). That regenerates the DNS and CDN cache, which helps propagate the clean status faster.

If it helps: I’ve handled two similar cases in the past year, and in both, the review from Google cleared the warning within a couple of days after verification.

In short:
Your code is fine — this is a reputation issue tied to the GitHub Pages subdomain, not your repo content. Request a Safe Browsing review and contact GitHub Support; both actions combined usually resolve it quickly.

[Yajat047]

Possible Cause:
It might be related to the repository or site name — “Netflix-clone” — since the word Netflix is a registered trademark and often associated with phishing or impersonation attempts.

Browsers and Safe Browsing systems sometimes flag URLs containing well-known brand names combined with “clone” or similar terms, even if the content is harmless.

Try renaming the repository and site to something neutral (e.g., video-stream-app or movie-ui-demo) and redeploy the GitHub Pages site to see if that resolves the issue.

If the warning disappears after renaming, that would confirm the URL keyword was triggering the block rather than the account or hosting itself.